0

My google searches are getting redirected to other searche engines and blank pages but it doesn't happen all the time it just depends on what I'm searching for. I'm not sure if I have the google redirect virus since I don't alway get redirected but when I do I can never get to where I want.
I have used AVG, Malwarebytes' Anti-Malware, ESET online scanner, SUPERAntiSpyware to solve the problem but none of them could pick anything up.

Thank you in advance.

2
Contributors
31
Replies
33
Views
6 Years
Discussion Span
Last Post by saveme123
0

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 20:26:06
Windows 5.1.2600 Service Pack 3
Running: s5h2jiu2.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\agdoypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet@5 7077

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-31 19:51:20
Windows 5.1.2600 Service Pack 3
Running: s5h2jiu2.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\agdoypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Susan at 21:22:59.06 on 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.164 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Susan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\susan\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\susan\applic~1\mozilla\firefox\profiles\cabiiu5e.default\
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ca&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-2 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-2 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-2 54752]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 20:26:56 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 20:26:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 20:23:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 21:23:37.64 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2009 10:32:17 PM
System Uptime: 31/08/2010 8:31:26 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8I915PL-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3014/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 173.33 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP159: 17/08/2010 6:36:32 PM - System Checkpoint
RP160: 17/08/2010 11:28:40 PM - Restore Operation
RP161: 18/08/2010 11:54:34 AM - Software Distribution Service 3.0
RP162: 19/08/2010 12:17:07 PM - Software Distribution Service 3.0
RP163: 20/08/2010 1:56:52 PM - System Checkpoint
RP164: 21/08/2010 2:27:54 PM - System Checkpoint
RP165: 22/08/2010 7:46:22 PM - System Checkpoint
RP166: 23/08/2010 9:29:49 PM - System Checkpoint
RP167: 24/08/2010 11:24:14 PM - System Checkpoint
RP168: 26/08/2010 3:34:40 PM - System Checkpoint
RP169: 27/08/2010 12:21:07 PM - LimeWireWin
RP170: 27/08/2010 12:22:23 PM - LimeWireWin-05/08/10
RP171: 27/08/2010 12:23:04 PM - Restore Operation
RP172: 28/08/2010 1:37:22 PM - System Checkpoint
RP173: 30/08/2010 12:58:25 PM - System Checkpoint
RP174: 30/08/2010 1:12:07 PM - Software Distribution Service 3.0
RP175: 31/08/2010 4:10:47 PM - Installed HiJackThis
RP176: 31/08/2010 8:16:41 PM - Removed HiJackThis

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advertising Center
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
BufferChm
c3100_Help
Chinese (Traditional) Language Support
Cooking Academy 2
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Fax_CDA
Homework Essentials Plus
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Kid's Typing Skills
LimeWire 5.5.13
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
NewCopy_CDA
NJStar Chinese Pen
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Paint.NET v3.5.5
Pando Media Booster
PanoStandAlone
ProductContextNPI
QuickTime
Readme
Realtek AC'97 Audio
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
SolutionCenter
Status
Toolbox
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
WebReg
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR archiver
Zylom Games Player Plugin

==== End Of File ===========================

0

Hi and welcome to the Daniweb forums :).

==========

Can I see the MBA_M log too please.

=========

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

ComboFix 10-08-31.01 - Susan 31/08/2010 22:55:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.565 [GMT -4:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tlmlqafv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gfvguc


((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 20:10 . 2010-08-31 20:10 -------- d-----w- c:\program files\Trend Micro
2010-08-31 20:10 . 2010-08-31 20:10 1402880 ----a-w- C:\HiJackThis.msi
2010-08-29 20:01 . 2010-08-29 20:23 -------- d-----w- c:\documents and settings\Susan\Application Data\ScanSpyware
2010-08-29 19:15 . 2010-08-29 19:15 -------- d-----w- c:\documents and settings\Susan\Local Settings\Application Data\Threat Expert
2010-08-29 19:03 . 2010-08-29 19:03 -------- d-----w- C:\!KillBox
2010-08-29 18:38 . 2010-08-29 18:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-29 18:26 . 2010-08-29 20:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-27 16:23 . 2010-08-27 16:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-25 23:15 . 2010-08-25 23:15 -------- d-----w- c:\documents and settings\Susan\Application Data\Malwarebytes
2010-08-25 23:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 23:15 . 2010-08-25 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 23:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 23:15 . 2010-08-25 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 22:37 . 2010-08-23 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-19 03:15 . 2010-08-19 03:15 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2010-08-18 18:26 . 2010-08-18 18:26 -------- d-sh--w- c:\documents and settings\Susan\IECompatCache
2010-08-18 18:25 . 2010-08-18 18:25 -------- d-sh--w- c:\documents and settings\Susan\PrivacIE
2010-08-18 18:24 . 2010-08-18 18:24 -------- d-sh--w- c:\documents and settings\Susan\IETldCache
2010-08-18 16:10 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-18 16:10 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-18 16:10 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-18 16:10 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-18 16:10 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-18 16:09 . 2010-06-24 21:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-18 16:09 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-18 16:09 . 2010-08-18 16:12 -------- d-----w- c:\windows\ie8updates
2010-08-18 16:08 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-18 16:03 . 2010-08-18 16:08 -------- dc-h--w- c:\windows\ie8
2010-08-17 22:15 . 2010-08-17 22:15 -------- d-----w- c:\program files\Common Files\Java
2010-08-17 21:58 . 2010-08-17 21:58 55296 --sha-r- c:\windows\system32\hticonsy.dll
2010-08-15 06:30 . 2010-08-15 06:30 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b3ed070-n\msvcp71.dll
2010-08-15 06:30 . 2010-08-15 06:30 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b3ed070-n\jmc.dll
2010-08-15 06:30 . 2010-08-15 06:30 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b3ed070-n\msvcr71.dll
2010-08-15 06:30 . 2010-08-15 06:30 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45c3d336-n\decora-sse.dll
2010-08-15 06:30 . 2010-08-15 06:30 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45c3d336-n\decora-d3d.dll
2010-08-04 19:25 . 2010-08-04 19:25 503808 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2989c14a-n\msvcp71.dll
2010-08-04 19:25 . 2010-08-04 19:25 499712 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2989c14a-n\jmc.dll
2010-08-04 19:25 . 2010-08-04 19:25 348160 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2989c14a-n\msvcr71.dll
2010-08-04 19:25 . 2010-08-04 19:25 61440 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44f806a9-n\decora-sse.dll
2010-08-04 19:25 . 2010-08-04 19:25 12800 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44f806a9-n\decora-d3d.dll
2010-08-03 14:46 . 2010-08-03 14:46 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple
2010-08-03 14:45 . 2010-08-03 14:46 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 00:54 . 2009-12-08 00:47 0 ----a-w- c:\documents and settings\Susan\Local Settings\Application Data\prvlcl.dat
2010-09-01 00:54 . 2010-06-23 23:46 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-08-31 21:43 . 2009-12-12 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 18:25 . 2009-12-02 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-17 22:15 . 2009-12-02 20:56 -------- d-----w- c:\program files\Java
2010-08-12 19:39 . 2009-12-02 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-30 22:14 . 2010-07-29 22:16 -------- d-----w- c:\program files\Kids Typing Skills
2010-07-27 21:16 . 2010-07-27 21:16 -------- d-----w- c:\documents and settings\Susan\Application Data\PlayFirst
2010-07-27 21:16 . 2010-07-27 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-07-27 21:16 . 2010-07-27 21:15 -------- d-----w- c:\program files\Chocolatier 2 - Secret Ingredients
2010-07-17 09:00 . 2010-06-20 19:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 20:26 . 2009-12-02 20:59 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 20:26 . 2010-07-15 20:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 20:23 . 2009-12-02 21:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 03:37 . 2010-06-21 03:37 503808 -c--a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4dbdffa0-n\msvcp71.dll
2010-06-21 03:37 . 2010-06-21 03:37 499712 -c--a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4dbdffa0-n\jmc.dll
2010-06-21 03:37 . 2010-06-21 03:37 348160 -c--a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4dbdffa0-n\msvcr71.dll
2010-06-21 03:37 . 2010-06-21 03:37 61440 -c--a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20736b9a-n\decora-sse.dll
2010-06-21 03:37 . 2010-06-21 03:37 12800 -c--a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20736b9a-n\decora-d3d.dll
2010-06-20 19:52 . 2010-06-20 19:52 503808 -c--a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67c4d5f6-n\msvcp71.dll
2010-06-20 19:52 . 2010-06-20 19:52 499712 -c--a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67c4d5f6-n\jmc.dll
2010-06-20 19:52 . 2010-06-20 19:52 348160 -c--a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67c4d5f6-n\msvcr71.dll
2010-06-20 19:52 . 2010-06-20 19:52 61440 -c--a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2ee8f7f2-n\decora-sse.dll
2010-06-20 19:52 . 2010-06-20 19:52 12800 -c--a-w- c:\documents and settings\Susan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2ee8f7f2-n\decora-d3d.dll
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-12-01 03:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-27 2937528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"nwiz"="nwiz.exe" [2005-07-08 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-08 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 20:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58337:TCP"= 58337:TCP: Pando Media Booster
"58337:UDP"= 58337:UDP: Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/12/2009 5:00 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/12/2009 4:59 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/07/2010 4:23 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 4:26 PM 308136]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-03 03:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\cabiiu5e.default\
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ca&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-NJStar Chinese Pen - j:\njstar chinese pen\uninst.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-08-31 23:03:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 03:03

Pre-Run: 186,078,003,200 bytes free
Post-Run: 185,993,625,600 bytes free

- - End Of File - - 9A8B656EB756EE7F7B5B1F9E61DC51D4

Edited by saveme123: n/a

0

==========

Can I see the MBA_M log too please.

=========

Got that log?

How are things now?

Edited by crunchie: n/a

0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4479

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/08/2010 9:22:13 PM
mbam-log-2010-08-31 (21-22-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 182398
Time elapsed: 45 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{107983A9-1B64-44EE-92DD-A5AF1323D4CF}\RP175\A0062245.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Edited by saveme123: n/a

0

I'm not getting redirected anymore but my computer is really slow.

0

Please update MBA_M and do another scan and remove what is found. Post the log if anything was found.

==

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=51dde9a5dcc04f46b0fec723b7705961
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-02 08:26:19
# local_time=2010-09-02 04:26:19 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 84865 84865 0 0
# compatibility_mode=1024 16777191 100 0 23586340 23586340 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=51695
# found=0
# cleaned=0
# scan_time=2466

0

Alright and now I keep getting a screen that says "Please select the operating system to start" I never got that before until now.

0

I can't delete the "cmdcons" file. A box appears saying cannot delete 1394BUS. SY_: Acess is denied. Make sure disk is not full or write-protected and that the file is not in use.

0

I can't get it to run properly it asks me if I want to load it manually.

0

I runs but not properly the view settings is grey and I can't click it.

0

Do you have your XP CD? If so, do the following:

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

0

I don't think I have the CD. When I try to run EasyBCD a box appears saying "The boot configuration data store could not be opened. The system could not find the files specified. Would you like to manually load BCD registry for EasyBCD to manage?" then there a yes or no.

0

Try this:

Restart your computer, click Start, click My Computer, and then double-click the hard disk on which you installed the Recovery Console.
On the Tools menu, click Folder Options, and then click the View tab.
Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
At the root folder, delete the Cmdcons folder and the Cmldr file.
At the root folder, right-click the Boot.ini file, and then click Properties.
Click to clear the Read-only check box, and then click OK.
WARNING: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Be sure to delete only the entry for the Recovery Console. Also, it is recommended that you change the attribute for the Boot.ini file back to a read-only state after you complete this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:

C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

http://www.theeldergeek.com/recovery_console.htm

0

I'm still getting the error deleting file or folder thing saying cannot delete 1394BUS.SY_:Access is denied.

0

You may just have to put up with the different start menu options.
Only other thing you could do would be to go into the advanced options of My Computer and under Startup & Recovery, reduce the time to display the list of operating systems to a minimal period.

0

Can I try deleting the Cmdcons folder by dragging it onto the desktop.

0

I finally got the file to delete and I followed all the instruction but I'm still getting that startup screen.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.