cerlynkua

Hello. Lately whenever I use google search (my primary search engine and my home page) the links that come up get redirected. Sometimes the links will be correct, but 9 times out of 10 they will be redirected to some other site, normally another search engine. Here are the logs requested in the new instructions sticky. Thank you for your time and help.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Owner at 17:31:32.98 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [RunNarrator] Narrator.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-17 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-17 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-17 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-17 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-17 298776]

=============== Created Last 30 ================

2009-06-21 12:53 3,255 a------- c:\windows\system32\wbem\Outlook_01c9f290d5d69b96.mof
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-05 12:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-05-22 19:19 <DIR> --d----- c:\docume~1\compaq~1.you\applic~1\Desktopicon
2009-05-22 19:19 <DIR> --d----- c:\program files\Unlocker

==================== Find3M ====================

2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-05 12:22 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-05-18 20:07 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 20:07 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-05-18 20:07 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-05-18 20:07 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-05-18 20:07 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-05-18 20:07 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-05-18 20:07 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-05-18 20:07 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-05-18 20:07 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-05-17 19:23 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-05-17 19:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-17 19:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-17 18:20 1,809 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ER100AA-ABA SR1625NX NA540_YC_0Pres_QMXF546_E54NAheRED4_48_IAmberine_SASUSTek Computer INC._V1.03_B3.13_T051115_WXH2_L409_M1023_J160_7AMD_8Athlon 64_91.99_#070722_N10EC8139_Z10573052_G10DE0140.MRK
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-31 19:20 72,584 a------- c:\windows\zllsputility.exe

============= FINISH: 17:33:39.25 ===============

Attached Files

Attach.zip (4.2 KB, 3 views)

Angelfire777

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

cerlynkua

Thank you for your reply. While running combofix I got a message saying it had detected the presence of rookit activity and needed to shut down, and write down a few file names. I will include these in case this information is needed.
C:\WINDOWS\system32\drivers\SKYNETmenexvim.sys
C:\WINDOWS\system32\SKYNETpucxnbmu.dll
C:\WINDOWS\system32\SKYNETdjbgtqwy.dat
C:\WINDOWS\system32\SKYNETkvxownsw.dll
C:\WINDOWS\system32\SKYNETmivilugn.dat

Here is my combofix log.

ComboFix 09-06-21.01 - Compaq_Owner 06/22/2009 2:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.701 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Desktop\cfix.exe.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc10.mp3
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc11.mp3
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc3.exe
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc4.exe
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc8.mp3
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\Dc9.mid
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\desktop.ini
c:\recycler\S-1-5-21-2432359512-2603690609-2964277887-1009\INFO2
c:\windows\system32\drivers\SKYNETmehexvim.sys
c:\windows\system32\SKYNETdjbgtqwy.dat
c:\windows\system32\SKYNETkvxownsw.dll
c:\windows\system32\SKYNETmivilugn.dat
c:\windows\system32\SKYNETpucxnbmu.dll
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETmrrfqxoy


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-20 23:03 . 2009-06-20 23:03 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SystemRequirementsLab
2009-06-20 23:03 . 2009-06-20 23:03 290816 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-20 23:03 . 2009-06-20 23:03 290816 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-20 23:03 . 2009-06-20 23:03 290816 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-20 23:03 . 2009-06-20 23:03 290816 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-19 16:48 . 2009-06-16 17:26 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-13 17:02 . 2009-06-02 17:38 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-05 16:28 . 2009-06-05 16:22 826344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-05 16:28 . 2009-06-05 16:22 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-05 16:28 . 2009-06-05 16:22 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-05 16:28 . 2009-06-05 16:21 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-05 16:27 . 2009-06-13 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-05 16:27 . 2009-06-05 16:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-29 10:51 . 2009-05-29 10:51 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Local Settings\Application Data\NCSoft
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 23:04 . 2008-09-10 23:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-16 17:27 . 2009-05-17 23:09 77416 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 17:26 . 2009-05-17 23:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-14 18:28 . 2007-09-09 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 17:46 . 2005-11-10 08:48 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 10:03 . 2009-05-17 22:27 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2007-10-12 14:11 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2007-10-12 14:11 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2007-10-12 14:11 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2007-10-12 14:11 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2007-10-12 14:11 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2007-10-12 14:11 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-05 16:22 . 2009-05-17 23:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 16:20 . 2009-05-18 15:16 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-04 20:39 . 2009-05-17 22:25 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-04 20:02 . 2008-10-16 14:31 -------- d-----w- c:\program files\World of Warcraft
2009-05-29 18:33 . 2005-11-10 08:41 -------- d-----w- c:\program files\Real
2009-05-25 00:00 . 2009-05-19 23:34 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Ventrilo
2009-05-22 23:20 . 2009-05-22 23:19 -------- d-----w- c:\program files\Unlocker
2009-05-22 23:19 . 2009-05-22 23:19 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Desktopicon
2009-05-22 01:23 . 2009-05-17 22:23 152576 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 00:19 . 2009-05-21 00:19 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sonic
2009-05-21 00:19 . 2009-05-21 00:19 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Leadertech
2009-05-19 22:13 . 2007-08-30 04:12 -------- d-----w- c:\program files\Electronic Arts
2009-05-19 00:07 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-19 00:07 . 2009-05-19 00:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-05-19 00:07 . 2009-05-19 00:07 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-05-19 00:07 . 2009-05-19 00:07 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-05-19 00:07 . 2009-05-19 00:07 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-05-19 00:07 . 2009-05-19 00:07 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-05-19 00:07 . 2009-05-19 00:07 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-05-19 00:07 . 2009-05-19 00:07 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-05-19 00:07 . 2009-05-19 00:07 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-05-18 23:34 . 2009-05-17 23:23 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AVGTOOLBAR
2009-05-18 23:32 . 2005-11-10 08:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-18 23:30 . 2009-05-18 23:30 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2009-05-18 19:55 . 2009-05-18 19:55 -------- d-----w- c:\program files\Curse
2009-05-18 00:10 . 2005-11-10 08:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 00:10 . 2009-05-18 00:10 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-18 00:09 . 2009-05-18 00:09 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2009-05-17 23:23 . 2009-05-17 23:23 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-17 23:23 . 2009-05-17 23:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-17 23:23 . 2009-05-17 23:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-17 23:22 . 2009-05-17 23:22 -------- d-----w- c:\program files\AVG
2009-05-17 23:22 . 2009-05-17 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-17 23:19 . 2005-11-10 08:53 -------- d-----w- c:\program files\Quicken
2009-05-17 23:17 . 2005-11-10 09:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-17 23:16 . 2005-11-10 09:06 -------- d-----w- c:\program files\Symantec
2009-05-17 23:15 . 2005-11-10 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-17 23:12 . 2005-11-10 09:01 -------- d-----w- c:\program files\Easy Internet signup
2009-05-17 22:21 . 2009-05-17 22:21 7406 ----a-r- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe
2009-05-17 22:21 . 2009-05-17 22:21 1078 ----a-r- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe
2009-05-17 22:20 . 2009-05-17 22:20 1809 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER100AA-ABA SR1625NX NA540_YC_0Pres_QMXF546_E54NAheRED4_48_IAmberine_SASUSTek Computer INC._V1.03_B3.13_T051115_WXH2_L409_M1023_J160_7AMD_8Athlon 64_91.99_#070722_N10EC8139_Z10573052_G10DE0140.MRK
2009-05-16 21:45 . 2009-05-16 21:45 75411 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_05_16_15_51_38_small.dmp.zip
2009-05-16 19:51 . 2009-05-16 21:39 403456 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-05-16 18:45 . 2009-05-16 19:50 1441280 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-05-16 18:22 . 2009-05-16 18:22 -------- d-----w- c:\program files\Zone Labs
2009-05-07 15:32 . 2007-07-22 18:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2007-07-22 18:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 04:04 . 2007-08-19 04:58 -------- d-----w- c:\program files\Trillian
2009-04-26 04:02 . 2007-07-24 03:03 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-04-24 01:31 . 2007-08-13 15:19 -------- d-----w- c:\program files\Guild Wars
2009-04-17 12:26 . 2007-07-22 18:35 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-07-22 18:34 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-31 23:20 . 2009-05-16 18:22 72584 ----a-w- c:\windows\zllsputility.exe
2006-10-29 16:23 . 2007-07-22 19:52 32 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-10 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-05 1948440]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-01-24 544768]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-17 23:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/17/2009 7:23 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2009 7:23 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2009 7:23 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/17/2009 7:22 PM 298776]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 02:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-22 2:22
ComboFix-quarantined-files.txt 2009-06-22 06:22

Pre-Run: 48,421,933,056 bytes free
Post-Run: 49,729,589,248 bytes free

204 --- E O F --- 2009-06-14 18:28

Angelfire777

Hi,


*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14".
• Click the "Download" button to the right.
• For Platform, select "Windows"
• For language, select your language
• Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  • J2SE Runtime Environment 5.0
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

cerlynkua

Thanks for the info on Java. I have been trying to download the newest version for a few days and always get an error on it. Here is the log report from Kaspersky.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 23, 2009 08:23:51
Records in database: 2382361
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 92211
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:19:05


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETkvxownsw.dll.vir Infected: Trojan.Win32.Small.bzc 1

The selected area was scanned.

Angelfire777

Did you manage to install it now? If not, can you tell me the exact error that you receive?

cerlynkua

Yes, I was able to install Java after following your advice.

Angelfire777

Your scan looks good. One is somewhat a false positive and the other entry was picked up from Combofix's quarantine.

How's it running?

cerlynkua

It's working perfectly. Just checked out some link in google search and they all went to the intended site. Thank you very much for you help!

Angelfire777

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.