Help remove a redirector

[Dewed]

I'm new at this. When I click on links from search engines, I'm being redirected to various odd sites. It doesn't happen every time, but often enough. I've tried Malwarebytes and Iobit scanner. Any help would really be appreciated. Thanks

 

This is a copy of my Iobit HijackScan

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\NlsSrv32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\RapidBIT\cidaemon.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [OE Prompter]

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}SdcUser.TgConfCtl.2 - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SwCtl.SwCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}POGOWEBLAUNCHER.PogoWebLauncherCtrl.1 - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}Microsoft.wlsc.wlscInstall.1 - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}SoftwareDistribution.WebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176856793765

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}npdivx.DivXBrowserPlugin.1 - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176856772999

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}ZylomGamesPlayer.ZylomGamesPlayerCtrlZylom.1 - http://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Java Plug-in 1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}AxisMediaControlEmb.AxisMediaControlEmb.1 - http://209.143.33.109/activex/AMC.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMService (MBAMService) - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McciCMService (McciCMService) - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: MSSQL$SONY_MEDIAMGR (MSSQL$SONY_MEDIAMGR) - Unknown - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NlsSrv32.exe

O23 - Service: NMSAccessU (NMSAccessU) - Unknown - C:\Documents and Settings\Administrator\Local Settings\Temp\{0A121CF5-B9FC-4481-9425-32B50DE1DEC3}\NMSAccessU.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR (SQLAgent$SONY_MEDIAMGR) - Unknown - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE

O23 - Service: Viewpoint Manager Service (Viewpoint Manager Service) - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

 

=================================

 

I know you've already ran MBAM but I would like to see the log.

 

Malwarebytes' Anti-Malware (MBAM)

 

If you already have Malwarebytes be sure to check for updates before scanning!

 

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

 

•Double-click mbam-setup.exe and follow the prompts to install the program.

 

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

 

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.

•Once the program has loaded, select Perform Quick Scan, then click Scan.

 

•When the scan is complete, click OK, then Show Results to view the results.

 

•Be sure that everything is checked, and click Remove Selected.

 

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

 

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

 

•Copy and Paste the contents of the report in your reply.

 

•Exit MBAM.

.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

=======================================

 

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

 

======================================

 

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Alternate link: Forospyware.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
  

 

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

[Dewed]

Thanks a lot for your reply. Here are the copies of the logs you requested.

 

Also, I don't know if it helps or not, but one the sites it redirects to a lot, is asklots.com

 

 

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

 

Database version: 4305

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

7/12/2010 9:25:19 AM

mbam-log-2010-07-12 (09-25-19).txt

 

Scan type: Quick scan

Objects scanned: 133739

Time elapsed: 16 minute(s), 9 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 20

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.3.3

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

 

 

ComboFix 10-07-11.05 - Administrator 07/12/2010 10:48:01.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.179 [GMT -4:00]

Running from: c:\documents and settings\Administrator\desktop\commy.exe

Command switches used :: /stepdel

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Data

c:\docume~1\ADMINI~1\LOCALS~1\Temp\install_flash_player.exe

c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Temp\tmp3.tmp

c:\windows\xpsp1hfm.log

 

.

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))

.

 

2010-07-11 02:33 . 2010-07-11 02:33 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-11 02:33 . 2010-07-11 02:33 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-11 02:32 . 2010-07-11 02:32 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-11 02:30 . 2010-07-11 02:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-10 01:12 . 2010-07-10 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-07-10 01:12 . 2010-07-10 01:12 -------- d-----w- c:\program files\IObit

2010-07-08 06:34 . 2010-07-08 06:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-08 06:19 . 2010-07-08 14:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\hqvcrgtsu

2010-06-29 18:33 . 2010-06-29 18:33 2605008 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-06-28 14:32 . 2010-07-12 12:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gmail Notifier

2010-06-28 14:32 . 2010-06-28 14:32 -------- d-----w- c:\program files\Gmail Notifier

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-12 13:49 . 2007-04-17 22:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Free Download Manager

2010-07-12 13:05 . 2007-04-17 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-07-12 03:11 . 2009-03-25 19:42 -------- d-----w- c:\program files\Windows Live Safety Center

2010-07-11 02:31 . 2009-08-28 18:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-07-08 06:39 . 2010-05-18 06:08 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-29 20:39 . 2007-05-11 18:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus

2010-06-05 20:28 . 2007-04-17 18:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP

2010-06-03 08:26 . 2008-08-28 15:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 08:26 . 2008-08-28 15:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-27 02:15 . 2007-04-28 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6

2010-05-22 20:43 . 2010-05-22 20:43 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-210d9e3a-n\msvcp71.dll

2010-05-22 20:43 . 2010-05-22 20:43 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-210d9e3a-n\jmc.dll

2010-05-22 20:43 . 2010-05-22 20:43 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-210d9e3a-n\msvcr71.dll

2010-05-22 20:43 . 2010-05-22 20:43 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39c762eb-n\decora-sse.dll

2010-05-22 20:43 . 2010-05-22 20:43 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39c762eb-n\decora-d3d.dll

2010-05-18 06:08 . 2010-05-18 06:08 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-05-17 22:57 . 2010-05-17 22:57 58504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-06 10:41 . 2004-01-08 19:23 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-03 20:10 . 2010-05-03 20:10 6123008 ----a-w- c:\documents and settings\Administrator\Application Data\Azureus\plugins\azemp\vuzeplayer.exe

2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 19:39 . 2009-02-10 13:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2009-02-10 13:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 14:52 . 2010-04-25 14:53 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 00:45 . 2009-10-14 17:33 47228 ---ha-w- c:\windows\system32\mlfcache.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 68856]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-14 08:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2005-08-05 19:08 67160 ----a-w- c:\progra~1\AIM\aim.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]

2003-06-02 18:25 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]

2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2003-08-06 05:04 114741 ----a-w- c:\windows\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-06-21 20:44 126976 ----a-w- c:\windows\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-06-21 20:48 155648 ----a-w- c:\windows\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 05:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2005-08-19 23:34 3084288 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"48313:TCP"= 48313:TCP:emule

"58124:UDP"= 58124:UDP:emule

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/28/2008 11:23 AM 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/28/2008 11:23 AM 242896]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/14/2010 4:41 AM 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 4:42 AM 308064]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7/9/2010 9:12 PM 312152]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/10/2009 9:22 AM 304464]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [5/12/2010 2:50 PM 61440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/10/2009 9:22 AM 20952]

S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [5/17/2009 5:16 AM 41984]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

.

Contents of the 'Scheduled Tasks' folder

 

2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{37D15766-0D3E-493F-9896-743C04FFE416}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://209.143.33.109/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-OE Prompter - (no file)

AddRemove-Firebird SQL Server US - c:\program files\MAGIX\Common\Database\unwise.exe

AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-12 10:56

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2000478354-362288127-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,0c,75,c3,21,10,e1,48,94,7e,3b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,0c,75,c3,21,10,e1,48,94,7e,3b,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,9b,d3,6f,50,7f,45,40,97,3b,57,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(640)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2010-07-12 11:03:47

ComboFix-quarantined-files.txt 2010-07-12 15:03

 

Pre-Run: 58,969,391,104 bytes free

Post-Run: 59,220,824,064 bytes free

 

- - End Of File - - 36891C96F09005C2BEC429EDDAB04F8F

[Dewed]

I noticed it says my Java is Out of date. But when I went to Control Panel > Java ... It says I have the latest version. It automatically updates every month.

 

 

EDIT:

You can download The most recent Java from: Java Runtime Environment 1.6.0.21 (32-bit). You have 1.6.0.20

Clean all the old clutter of Java with JavaRa after installing the newest version.

[Superdave]

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

4. Run CCleaner.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

 

=================================

 

P2P - I see you have P2P software installed on your machine. (eMule and Azureus) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

 

====================================

 

Re-running ComboFix to remove infections:

 

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
   
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:5577
   
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
   
  http://img19.imageshack.us/img19/5660/cfscriptb4.gif
   
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I do not need to see the log from this script.
  

 

===================================

 

Are you still getting re-directs?

[Dewed]

Thanks!

 

As far as I can tell I'm not getting re-directs anymore. But ComboFix didn't finish enough to make the log. It restarted the pc though. It said it could take 10 minutes, or maybe double for badly infected machines. I waited an hour for it to prepare the log.

 

btw, Can that script be used to fix probs in the future? or does it depend on the log from the first scan?

[Superdave]

btw, Can that script be used to fix probs in the future? or does it depend on the log from the first scan?

ComboFix is not a toy. It takes a person with experience to interpret the log and write a script. I would advise anyone not to try this on their computer or they could end with an expensive doorstop.

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[Dewed]

Here is the ESETScan Log

 

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\43120580-5bb5f135 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\63\43e0867f-1f55bf12 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6d125a3d Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2389389c Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-5b7ef1a5 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2f38b7ed Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\40591084-789f9d9a Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\5541aec4-51728da7 Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-43f8c598 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-518c9328 probably a variant of Win32/Agent trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-6340ba2b Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\53\42441975-4d108cfb Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\53\640c67b5-44422049 Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\8\3f5641c8-7bfa65f5 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined

C:\Program Files\VstPlugins\Predator.VSTi.v1.1.Incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Qoobox\32788R22FWJFW\ipsec.sys Win32/Olmarik.ZC trojan cleaned - quarantined

C:\System Volume Information\_restore{ECD739BA-EECF-435A-B52B-10BE9F4AED7F}\RP1275\A0138992.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{ECD739BA-EECF-435A-B52B-10BE9F4AED7F}\RP1275\A0138993.sys Win32/Olmarik.ZC trojan cleaned - quarantined

[Dewed]

I'm pretty sure all the malware is gone now. Thanks for all the help. That ESET Scan was pretty impressive.

[Superdave]

That looks good. ESET works from outside the box. It's not affected by any malware on your computer. If there are no other issues, it's time some clean-up.

 

As you can see from the ESET log there was one infection from C:\Program Files\VstPlugins\Predator.VSTi.v1.1.Incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent I would advise you not to use key-generators because they are a source of trouble. Read below.

 

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

 

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

 

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

 

==================================

 

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type commy /uninstall in the runbox

* Make sure there's a space between commy and /Uninstall

* Then hit Enter

 

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

 

==================================

 

Download OTC by OldTimer and save it to your desktop.

 

1. Double-click OTC to run it.

2. Click the CleanUp! button.

3. Select Yes when the "Begin cleanup Process?" prompt appears.

4. If you are prompted to Reboot during the cleanup, select Yes

5. OTC should delete itself once it finishes, if not delete it yourself.

 

==============================

 

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

============================

 

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

 

=================================

 

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

[Dewed]

I just wanted to mention ... "commy /uninstall" didn't work. I had to use "combofix /uninstall". I renamed it commy, like the directions said, when I installed it.

[Superdave]

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt