Google Hi-jacker - Asked for Scans included

[Tubs.needs.help]

Recently my fiances computer has been redirecting her google,yahoo, an other seraches to a searchclick8.com or uniquesearch.com website. Ive ran malwarbytes,avg,adaware, an other things like this in regular an safe mode cant find anything that stops it, any help would be appreciated






DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 11:07:47.41 on Fri 11/20/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.350 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {E2566E08-70C4-46E8-B2DE-964649B53256} = 77.74.48.113
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-14 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-17 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-17 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-13 24652]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-11-14 00:02:50 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-14 00:02:50 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-13 23:56:41 0 d-sha-r- C:\cmdcons
2009-11-13 23:55:42 98816 ----a-w- c:\windows\sed.exe
2009-11-13 23:55:42 77312 ----a-w- c:\windows\MBR.exe
2009-11-13 23:55:42 260608 ----a-w- c:\windows\PEV.exe
2009-11-13 23:55:42 161792 ----a-w- c:\windows\SWREG.exe
2009-11-13 23:49:37 0 d-----w- c:\program files\Trend Micro
2009-11-10 01:59:28 0 d-----w- c:\windows\pss
2009-11-09 16:58:22 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-09 15:47:19 0 ----a-w- c:\windows\Fjazuveruqap.bin
2009-11-09 15:47:18 120 ----a-w- c:\windows\Dtaruneseyomebuf.dat
2009-11-09 15:43:59 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-09 15:43:22 0 --sha-w- C:\-392678739
2009-11-08 21:58:25 0 d-----w- c:\docume~1\owner\applic~1\FrostWire
2009-11-08 21:58:02 0 d-----w- c:\program files\FrostWire

==================== Find3M ====================

2009-09-26 13:29:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-26 13:29:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-24 02:10:33 16385 ----a-w- c:\program files\common files\xojabyf.dll
2008-07-14 18:31:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071420080715\index.dat

============= FINISH: 11:08:02.52 ===============

Here's a HJT maybe this could help some too.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:57 PM, on 11/20/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://secure.footprint.net/kingsis...meLauncher.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2566E08-70C4-46E8-B2DE-964649B53256}: NameServer = 77.74.48.113
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5831 bytes

[Tubs.needs.help]

Still getting search engine redirects. Had a fake anti virus pop up that wouldnt allow the use of the taskmanager an caused pop ups, got rid of that but the redirects are still happening. Help plz

[Glaswegian]

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

[Tubs.needs.help]

ComboFix 09-11-25.03 - Owner 11/25/2009 17:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\tmp2.tmp

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-14 00:02 . 2007-12-01 05:26 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-14 00:02 . 2007-12-01 05:26 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-13 23:49 . 2009-11-13 23:49 -------- d-----w- c:\program files\Trend Micro
2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}
2009-11-09 16:58 . 2009-11-09 16:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-09 15:47 . 2009-11-13 11:15 0 ----a-w- c:\windows\Fjazuveruqap.bin
2009-11-09 15:47 . 2009-11-13 23:19 120 ----a-w- c:\windows\Dtaruneseyomebuf.dat
2009-11-09 15:43 . 2009-11-10 00:57 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-09 15:43 . 2009-11-10 01:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mcujtn
2009-11-08 22:06 . 2009-11-08 22:06 0 ----a-w- c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-11-08 21:58 . 2009-11-25 23:55 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2009-11-08 21:58 . 2009-11-10 01:51 -------- d-----w- c:\program files\FrostWire
2009-11-02 05:23 . 2009-11-02 05:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 10:49 . 2009-05-01 21:07 -------- d-----w- c:\program files\Steam
2009-11-24 22:55 . 2008-07-15 15:49 -------- d-----w- c:\program files\World of Warcraft
2009-11-20 17:05 . 2008-07-15 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 23:55 . 2008-07-14 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-10 01:51 . 2009-09-01 00:52 -------- d-----w- c:\program files\PopCap Games
2009-11-10 01:51 . 2009-08-04 22:49 -------- d-----w- c:\program files\AIM
2009-11-10 01:51 . 2008-11-25 04:49 -------- d-----w- c:\program files\DivX
2009-10-03 04:57 . 2008-08-25 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Ventrilo
2009-09-29 00:22 . 2009-09-29 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-28 02:29 . 2009-07-10 21:15 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2009-09-28 02:25 . 2009-09-28 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-26 13:29 . 2008-07-14 16:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-26 13:29 . 2008-07-14 16:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-26 13:29 . 2008-07-14 16:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-24 02:10 . 2009-07-24 02:10 16385 ----a-w- c:\program files\Common Files\xojabyf.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_00.05.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-25 10:48 . 2009-11-25 10:48 16384 c:\windows\Temp\Perflib_Perfdata_298.dat
+ 2008-10-16 19:09 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-11-14 00:07 . 2009-08-07 01:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-14 00:07 . 2009-08-07 01:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-02-28 12:00 . 2009-08-07 01:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-02-28 12:00 . 2009-08-07 01:24 96480 c:\windows\system32\cdm.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 209632 c:\windows\system32\wuweb.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 327896 c:\windows\system32\wucltui.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 575704 c:\windows\system32\wuapi.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-10 1217808]
"NCsoft Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-10-16 38184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-12-01 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-31 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-26 13:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\bluegnombe\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2008 10:50 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2008 10:50 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/17/2008 8:49 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/17/2008 8:49 AM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/13/2008 11:36 PM 24652]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe steam://uninstall/240



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 18:00
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2009-11-25 18:02
ComboFix-quarantined-files.txt 2009-11-26 00:02
ComboFix2.txt 2009-11-14 00:09

Pre-Run: 12,941,664,256 bytes free
Post-Run: 12,921,720,832 bytes free

- - End Of File - - 837164E4CD313079320133D70EEF0C7D



An thx for replyin :D

[Glaswegian]

Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Please go to: VirusTotal

• In the middle of the page you'll find a "Browse" button.
  
  
  
  Click the "Browse" button and browse to this file in RED:
  
  c:\windows\system32\wininit.dll
  
  
• Click "Open".
• Then click the "Send File" button at the bottom of the VirusTotal page.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.

Combofix

Open notepad and copy/paste the text in the box below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/433676-google-hi-jacker-asked-scans-included.html

Collect::[4]
c:\windows\Fjazuveruqap.bin
c:\windows\Dtaruneseyomebuf.dat
c:\Program Files\Common Files\xojabyf.dll

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}
c:\documents and settings\Owner\Local Settings\Application Data\mcujtn
c:\program files\Viewpoint

Driver::
Viewpoint Manager Service

Save this as CFScript.txt




Referring to the picture above, drag CFScript.txt into ComboFix.exe.

When finished, it shall produce a log for you. Post that log in your next reply.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. Using the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.


Please let me know how your system is running now.

[Tubs.needs.help]

Combofix restarted my comp an I didnt save the first report... But here the cbf log

but, no redirects so far :D :D :D Seems to have done the trick but I don't understand the logs. i'll chech back to see if I need to do more


ComboFix 09-11-25.03 - Owner 11/26/2009 23:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1531 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\program files\Common Files\xojabyf.dll
file zipped: c:\windows\Dtaruneseyomebuf.dat
file zipped: c:\windows\Fjazuveruqap.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}
c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\install.rdf
c:\documents and settings\Owner\Local Settings\Application Data\mcujtn
c:\program files\Common Files\xojabyf.dll
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\Dtaruneseyomebuf.dat
c:\windows\Fjazuveruqap.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-26 15:04 . 2009-11-06 14:00 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-26 15:04 . 2009-11-03 14:00 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-26 15:04 . 2009-11-03 14:00 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-14 00:02 . 2007-12-01 05:26 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-14 00:02 . 2007-12-01 05:26 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-13 23:49 . 2009-11-13 23:49 -------- d-----w- c:\program files\Trend Micro
2009-11-09 16:58 . 2009-11-09 16:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-09 15:43 . 2009-11-10 00:57 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-08 22:06 . 2009-11-26 07:34 4506256 ----a-w- c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-11-08 21:58 . 2009-11-27 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2009-11-08 21:58 . 2009-11-10 01:51 -------- d-----w- c:\program files\FrostWire
2009-11-02 05:23 . 2009-11-02 05:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 05:26 . 2009-05-01 21:07 -------- d-----w- c:\program files\Steam
2009-11-24 22:55 . 2008-07-15 15:49 -------- d-----w- c:\program files\World of Warcraft
2009-11-20 17:05 . 2008-07-15 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 23:55 . 2008-07-14 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-10 01:51 . 2009-09-01 00:52 -------- d-----w- c:\program files\PopCap Games
2009-11-10 01:51 . 2009-08-04 22:49 -------- d-----w- c:\program files\AIM
2009-11-10 01:51 . 2008-11-25 04:49 -------- d-----w- c:\program files\DivX
2009-10-03 04:57 . 2008-08-25 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Ventrilo
2009-09-29 00:22 . 2009-09-29 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-26 13:29 . 2008-07-14 16:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-26 13:29 . 2008-07-14 16:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-26 13:29 . 2008-07-14 16:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_00.05.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 05:26 . 2009-11-27 05:26 16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
+ 2008-10-16 19:09 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-11-14 00:07 . 2009-08-07 01:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-14 00:07 . 2009-08-07 01:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-02-28 12:00 . 2009-08-07 01:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-02-28 12:00 . 2009-08-07 01:24 96480 c:\windows\system32\cdm.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 209632 c:\windows\system32\wuweb.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 327896 c:\windows\system32\wucltui.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 575704 c:\windows\system32\wuapi.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-15 05:17 . 2009-08-07 01:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-07-15 05:17 . 2009-08-07 01:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-10 1217808]
"NCsoft Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-10-16 38184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-12-01 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-31 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-26 13:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\bluegnombe\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2008 10:50 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2008 10:50 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/17/2008 8:49 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/17/2008 8:49 AM 297752]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 23:27
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1116)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-26 23:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-27 05:30
ComboFix2.txt 2009-11-26 00:02
ComboFix3.txt 2009-11-14 00:09

Pre-Run: 12,857,286,656 bytes free
Post-Run: 12,821,536,768 bytes free

- - End Of File - - 17FBF8C7C6F1674B3723D8D7C416D89B

[Glaswegian]

Hi again

I really need to see the virus total results. Please run the scan again and post back with the report. You may receive a message saying that the file has already been scanned – confirm to scan it again.


I don’t see the zipped files at the receiving point – can you check for this file

C:\Qoobox\ComboFix-quarantined-files.txt

and post the contents please?


Online Scan

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimise scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


Please post back with the Kaspersky Log.

[Tubs.needs.help]

Think this is what you wanted.


Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.11.27 -
AhnLab-V3 5.0.0.2 2009.11.27 -
AntiVir 7.9.1.79 2009.11.27 -
Antiy-AVL 2.0.3.7 2009.11.27 -
Authentium 5.2.0.5 2009.11.27 -
Avast 4.8.1351.0 2009.11.27 -
AVG 8.5.0.426 2009.11.27 -
BitDefender 7.2 2009.11.27 -
CAT-QuickHeal 10.00 2009.11.27 -
ClamAV 0.94.1 2009.11.27 -
Comodo 3060 2009.11.27 -
DrWeb 5.0.0.12182 2009.11.27 -
eSafe 7.0.17.0 2009.11.26 -
eTrust-Vet 35.1.7146 2009.11.27 -
F-Prot 4.5.1.85 2009.11.27 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.27 -
GData 19 2009.11.27 -
Ikarus T3.1.1.74.0 2009.11.27 -
Jiangmin 11.0.800 2009.11.27 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.27 -
McAfee 5815 2009.11.27 -
McAfee+Artemis 5815 2009.11.27 -
McAfee-GW-Edition 6.8.5 2009.11.27 -
Microsoft 1.5302 2009.11.27 -
NOD32 4643 2009.11.27 -
Norman 6.03.02 2009.11.27 TdssConf.D
nProtect 2009.1.8.0 2009.11.27 -
Panda 10.0.2.2 2009.11.27 -
PCTools 7.0.3.5 2009.11.27 -
Prevx 3.0 2009.11.27 -
Rising 22.23.04.09 2009.11.27 -
Sophos 4.48.0 2009.11.27 -
Sunbelt 3.2.1858.2 2009.11.27 -
Symantec 1.4.4.12 2009.11.27 -
TheHacker 6.5.0.2.080 2009.11.27 -
TrendMicro 9.100.0.1001 2009.11.27 -
VBA32 3.12.12.0 2009.11.27 -
ViRobot 2009.11.27.2058 2009.11.27 -
VirusBuster 5.0.21.0 2009.11.27 -
Additional information
File size: 826 bytes
MD5...: ed055dad1bbdfebd083f74ad2176da7c
SHA1..: 31138c505e2f1f210bbabff4a655d85985a1b896
SHA256: 7860f33644d4dff0a7b05271b8519bf4ca710bf7821a0dbfbd7b79b8bddb8460
ssdeep: 12:73r1ClhJN29wK9rb//VXGlzNvJzZyUB4ElLpqO0xjfhMyxAlBHBWmL5TKmX4l
fEe:Xmk9Nf/96B9lBFppC9MbltdKmX/Pu

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned




Here's the quarantine folder.


2009-11-27 05:29:49 . 2009-11-27 05:29:49 778 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ViewpointMediaPlayer.reg.dat
2009-11-27 05:22:26 . 2009-11-27 05:22:26 3,340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Viewpoint Manager Service.reg.dat
2009-11-27 05:22:26 . 2009-11-27 05:22:26 1,242 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VIEWPOINT_MANAGER_SERVICE.reg.dat
2009-11-27 05:17:05 . 2009-11-27 05:17:05 17,488 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-11-26_23.17.03.zip
2009-11-26 00:01:58 . 2009-11-26 00:01:58 1,196 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 240.reg.dat
2009-11-26 00:01:58 . 2009-11-26 00:01:58 828 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NVIDIA Drivers.reg.dat
2009-11-14 00:08:59 . 2009-11-14 00:08:59 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-bodipahav-{a1dbbf40-3776-4590-85dc-d9ae406ec6d0}.reg.dat
2009-11-14 00:08:58 . 2009-11-14 00:08:58 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{a1dbbf40-3776-4590-85dc-d9ae406ec6d0}.reg.dat
2009-11-14 00:08:54 . 2009-11-14 00:08:54 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-karitoseko.reg.dat
2009-11-14 00:08:54 . 2009-11-14 00:08:54 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-vupogofar.reg.dat
2009-11-14 00:08:53 . 2009-11-14 00:08:53 188 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ftmyamfb.reg.dat
2009-11-14 00:08:52 . 2009-11-14 00:08:52 153 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Sfusamiwokoj.reg.dat
2009-11-14 00:08:52 . 2009-11-14 00:08:52 102 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PlayNC Launcher.reg.dat
2009-11-14 00:08:50 . 2009-11-14 00:08:50 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2009-11-14 00:08:50 . 2009-11-14 00:08:50 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{ef121e8d-e08d-453a-8bdc-1afd95c9668e}.reg.dat
2009-11-14 00:01:11 . 2009-11-27 05:21:41 7,779 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-13 23:55:36 . 2009-11-27 05:16:02 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-12 03:50:15 . 2009-11-12 03:50:15 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tekunigo.dll.vir
2009-11-11 03:49:56 . 2009-11-11 03:49:56 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\todusubi.dll.vir
2009-11-11 03:49:56 . 2009-11-11 03:49:56 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fotujohi.exe.vir
2009-11-10 15:49:40 . 2009-11-12 00:00:00 294 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\ezqucqpj.job.vir
2009-11-10 03:49:32 . 2009-11-10 03:49:32 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\valoreha.dll.vir
2009-11-10 00:54:28 . 2009-11-10 00:56:39 2,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\chrome\content\_cfg.js.vir
2009-11-10 00:54:28 . 2009-11-10 00:56:39 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\install.rdf.vir
2009-11-10 00:54:28 . 2009-11-10 00:54:28 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\{19A3DDB8-9E92-4F4F-AB7B-CFBA6DC2067F}\chrome.manifest.vir
2009-11-09 15:47:19 . 2009-11-13 11:15:09 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Fjazuveruqap.bin.vir
2009-11-09 15:47:18 . 2009-11-13 23:19:07 120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Dtaruneseyomebuf.dat.vir
2009-11-07 11:36:59 . 2009-11-09 15:30:26 51,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Shared\lib.sig.vir
2009-07-24 03:05:05 . 2009-07-24 03:05:05 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\th823567.dat.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 16,969 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Temporary Internet Files\iwumohe.vbs.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 13,560 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\kila.reg.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 17,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\exaz.inf.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 15,467 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xawerima.inf.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 14,394 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\exajexyhig.bat.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 16,484 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Temporary Internet Files\fuxic._sy.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 19,189 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\leduty.vbs.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 12,458 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\jise.inf.vir
2009-07-24 02:10:33 . 2009-07-24 02:10:33 16,385 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\xojabyf.dll.vir
2009-07-24 02:02:01 . 2009-07-24 06:32:48 204 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\prxid93ps.dat.vir
2009-01-17 02:15:11 . 2009-11-12 03:55:45 5,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2009-01-17 02:15:11 . 2009-11-12 03:50:19 6,614 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2008-10-14 05:36:54 . 2007-01-04 21:38:08 24,652 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\ViewpointService.exe.vir
2008-10-14 05:36:54 . 2008-02-07 00:53:53 73,797 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\VistaBoot.sdll.vir
2008-10-14 05:36:54 . 2006-10-09 18:27:14 179 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini.vir
2008-10-14 05:36:54 . 2008-02-07 00:57:07 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe.vir
2008-10-14 05:36:54 . 2006-10-11 19:15:55 774,210 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:16:22 725,070 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:21:50 770,115 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:22:56 249,923 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:22:26 413,766 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:19:48 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:18:37 725,057 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:10:39 204,868 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll.vir
2008-10-14 05:36:54 . 2006-10-11 19:10:04 122,948 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll.vir
2008-10-14 05:36:54 . 2007-03-13 15:25:13 1,282,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll.vir
2008-10-14 05:36:54 . 2007-03-13 15:25:44 217,158 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll.vir
2008-10-14 05:36:54 . 2007-04-16 17:07:12 180,293 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll.vir
2008-10-14 05:36:54 . 2006-10-09 18:26:35 266 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt.vir
2008-10-14 05:36:53 . 2006-10-09 18:34:17 88 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini.vir
2008-10-14 05:36:53 . 2008-02-07 00:58:48 262,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll.vir
2005-04-21 14:59:06 . 2005-04-21 14:59:06 131,072 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir
2005-04-18 18:45:34 . 2005-04-18 18:45:34 242 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.inf.vir






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, November 27, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3, v.3264 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, November 27, 2009 21:53:57
Records in database: 3302941
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 79298
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:13:54


File name / Threat / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\411c5bae-24e4382b Infected: Trojan-Downloader.Java.Agent.ab 1

Selected area has been scanned.

[Glaswegian]

Hi again

Thanks – good to see that file is clean.

How is your system running now?


Clear Java Cache
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

The files zipped by combofix are still on your system.

Please visit this site and follow the instructions for uploading the C:\Qoobox\Quarantine\[4]-Submit_2009-11-26_23.17.03.zip file.

[Tubs.needs.help]

Her comp is runnin better no redirects or random anti virus pop ups.. Thanks!

And I submitted that combofix file an such an deleted the java files.

[Glaswegian]

Hi again

Got those files – many thanks.

All your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /Uninstall



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.


Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008 Free Edition. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm



Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.

[Tubs.needs.help]

Alright I'll try some of those things out! An thanks again!