Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Constantly being Redircted and computer locks up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 21st, 2010, 1:24 am

Forgot my update sorry!

The computer seems to be running GREAT:-) YEAH !!!!!!
No more redirecting since I ran TDSSKiller and with your help it seems as though my computer is running a little faster and DEFINITELY is shutting down a lot quicker when I want to turn it off. When I would Run my CCleaner ( which I do every evening before turning my computer off )It used to say Mozilla firefox was still running even though I had closed it and sometimes it would not clean those files? NOT doing that any longer either, YEAH !!!!!! It has also stopped running like crazy as though I was downloading huge files( when I was not ) it is nice and quiet now if that makes sense to you !

I hope I followed your instructions properly for this last set of instructions. again THANK YOU SOOOO MUCH for your HELP. I will await to hear if all looks good or not.

PS: Thanks for the info on registry cleaners. I really don't know how that UNIBLUE got on my computer... I never used it or even knew it was there? Since running CCleaner daily for the last 2 yrs, I have not had problems with a slow computer!
When I was deleting iS3 there was another file MRENDIS3.VXD it said it was a virtual device driver You didn't want me to delete that also did you? It wasn't listed so I did not.
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm
Advertisement
Register to Remove

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 22nd, 2010, 7:26 pm

Very good. You're welcome. I'm glad I could help. :)

You can leave Verizon Toolbar in Add/Remove programs. It's completely safe to keep. The toolbar has been disabled.

Regarding iS3 and the MRENDIS3.VXD file, please check your Recycle Bin to verify that only the folders in question are deleted. If not you can restore any files you need.


Random Access Memory Advice:

Total RAM: 503 MB
Though Microsoft claims XP will run with this amount of system memory installed, it will run far better far better with 1-2 GB which are pretty cheap nowadays.

If you wish to upgrade the installed memory in your system, Crucial have a small scanner (CrucialScan.exe) which is perfectly safe to download and run. It will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.


AVG

AVG Anti Virus with 512 MB memory or less might be a problem. You can try the more lightweight Avast or Avira if you experience any problems.

Note: Never run more than one anti virus on a computer, it will seriously impact system performance and can lead to conflicts between the programs.


Reset Options in CCleaner for Regular Use:

Start CCleaner.

  • Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History".
  • In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Check Only delete files in Windows Temp folders older than 24 hours.
  • Optional: Click on the Options block on the left, then choose Settings. Check Run CCleaner when computer starts.
  • Close CCleaner

If you need settings for Firefox, Opera, Java or other programs, take a look at the Applications tab and choose your desired settings. Feel free to ask if you need help.


Update Windows and Internet Explorer

Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site to get the critical updates.


Upgrade Firefox

Download the latest Firefox from this link:
http://www.mozilla.com/en-US/firefox/upgrade.html
Double click the program to upgrade your Firefox installation and follow the prompts. You can delete the downloaded files when the process is finished.


Update Adobe Reader

Download and re-install Adobe Reader from http://www.adobe.com/products/acrobat/readstep2.html
UNcheck the box which says Also install McAfee® Security Scan Plus. Uncheck any option to download/install any toolbars.


Delete the following tools/files

  • RSIT
  • TDSSKiller
  • SystemLook.exe
  • fix.reg
    You can just delete the files.


Your computer now appears to be malware free. The logs are clean. Good job!

Please follow these simple steps in order to keep your computer clean and secure.


Create a new and delete old system restore points:

Now you should Set a New Restore Point to prevent possible reinfection from an old one . Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  1. Go to Start > Programs > Accessories > System Tools and click System Restore.
  2. Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  3. Then go to Start > Run and type:
    Code: Select all
    cleanmgr
  4. Click OK and new window will open.
  5. Choose drive C and click ok.
  6. Click the More Options Tab.
  7. Click Clean Up in the System Restore section to remove all previous restore points except the newly created one. New window will open and click OK to remove all previous restore points except the recent one.

Note: Do this only ONCE, do not reset regularly.


Keep your system updated:

Enable automatic updates for Windows XP to get the latest patches from Microsoft to fix bugs and security holes.

  • Go to Start > Control Panel > Automatic Updates and select one of these options:
    1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
    3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.


Keep your non-Microsoft applications updated as well:

Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it and install the suggested updates at least once a week.


Secure your computer further:

I recommend you to download and install the following programs (if not already present), and updating of them on a regular basis.

  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool and learn how to use it in the tutorial at Bleeping Computer..

  • Install Winpatrol
    Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software
    Note: This program may conflict with SUPERAntiSpyware's residential protection. So please don't use both.

  • Hosts File
    Install the following hosts file for the added protection: MVPS Hosts, you will find more information regarding hosts files there. A simple explanation of what a Hosts file does is here.

    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window.

  • Malwarebytes Anti-Malware
    Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week. Winpatrol + Malwarebytes Anti Malware can be used instead of SUPERAntiSpyware.

  • NoScript
    Use the NoScript addon for Firefox to avoid malicious scripting attacks.

  • Install and use a firewall with outbound protection.

    Looking over your log it seems you don't use any third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

    If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

    I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:


    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here

    Note: You should only have one firewall installed at a time. Having more than one firewall program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


    It is absolutely essential that you keep Java, Adobe and all of your security programs up to date


    Read these articles to learn more about how to protect yourself while on the internet:



Please post back one more time to confirm that you have read this post or feel free to ask if you have any questions.

Safe surfing! :)
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 23rd, 2010, 10:10 pm

Hi vict0r,

I was in the process of following your instructions and my computer started acting funny and taking forever to complete the task It would stop at 97% for example... anyway I ran a quick Malwarebytes scan and it found 1 infection here is the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4212

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/23/2010 9:53:37 PM
mbam-log-2010-06-23 (21-53-37).txt

Scan type: Quick scan
Objects scanned: 142299
Time elapsed: 12 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Is this a PROBLEM ??? Does it have anything to do with the problem we just fixed??? should I take any further action or is Quarantining & deleting enough. Once I hear back from you I will continue with the previous list of things you gave me. I just thought I better alert you to this before I continue to delete programs I may still need :-(

Thanks soooo much ,
Janene
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 24th, 2010, 5:34 am

RSIT (Random's System Information Tool)[/color] [/b]

You may still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this folder , then...
  2. Double click on RSIT.exe to run it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post the contents of "log.txt" and "info.txt" in separate replies.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 24th, 2010, 8:08 am

Logfile of random's system information tool 1.07 (written by random/random)
Run by Editor at 2010-06-24 08:02:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (53%) free of 38 GB
Total RAM: 503 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:02:54 AM, on 6/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\iSold It\MSDE\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Editor\Application Data\mjusbsp\magicJack.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Editor\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Editor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Editor\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settin ... Config.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1469291437
O16 - DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} (Image Uploader 3.0 Control) - http://homepagenow.com/coho/res/js/uplo ... loader.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9109 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1F3D3DA1-F494-46AD-9723-A193117DE601}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-13 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-03 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2006-01-04 219648]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-06 524800]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2010-03-17 1565696]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2007-02-08 74672]
"lxczbmgr.exe"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2007-02-08 74672]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-13 2065248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"cdloader"=C:\Documents and Settings\Editor\Application Data\mjusbsp\cdloader2.exe [2010-02-26 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-12 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\lxczcoms.exe"="C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Documents and Settings\Editor\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe"="C:\Documents and Settings\Editor\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\Editor\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Editor\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe


======List of files/folders created in the last 1 months======

2010-06-24 08:02:05 ----D---- C:\rsit
2010-06-23 13:45:12 ----HDC---- C:\WINDOWS\ie8
2010-06-20 22:27:41 ----D---- C:\WINDOWS\ERDNT
2010-06-20 22:17:51 ----D---- C:\Program Files\ERUNT
2010-06-18 09:55:00 ----SHD---- C:\Config.Msi
2010-06-15 23:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-15 23:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-15 22:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-15 22:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-15 22:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-15 22:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-15 10:37:02 ----A---- C:\TDSSKiller.2.3.2.0_15.06.2010_10.37.02_log.txt
2010-06-12 14:27:09 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-06-12 14:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 17:48:12 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-10 23:48:30 ----D---- C:\Documents and Settings\Editor\Application Data\Google
2010-06-10 18:37:10 ----A---- C:\WINDOWS\system32\svchost.exe.exp.log
2010-06-10 12:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2010-06-10 12:10:16 ----D---- C:\Documents and Settings\Editor\Application Data\Malwarebytes
2010-06-10 12:09:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-10 12:09:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-31 21:29:33 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-31 21:29:33 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-31 21:29:33 ----A---- C:\WINDOWS\system32\java.exe
2010-05-31 21:29:33 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-26 10:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-24 08:02:30 ----D---- C:\Program Files\Trend Micro
2010-06-24 07:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 07:53:59 ----D---- C:\WINDOWS\Temp
2010-06-24 07:48:56 ----D---- C:\Documents and Settings\Editor\Application Data\mjusbsp
2010-06-24 07:48:06 ----D---- C:\WINDOWS
2010-06-24 07:48:03 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2010-06-24 00:11:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-23 21:36:52 ----D---- C:\WINDOWS\Debug
2010-06-23 16:43:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-23 16:37:30 ----RSD---- C:\WINDOWS\assembly
2010-06-23 16:36:37 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 15:42:21 ----D---- C:\WINDOWS\system32
2010-06-23 14:22:50 ----SHD---- C:\WINDOWS\Installer
2010-06-23 14:22:23 ----D---- C:\WINDOWS\Prefetch
2010-06-23 14:19:58 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 14:18:59 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:16:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-23 14:14:40 ----HD---- C:\WINDOWS\inf
2010-06-23 14:14:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-06-23 14:14:32 ----D---- C:\WINDOWS\ie8updates
2010-06-23 14:05:19 ----D---- C:\WINDOWS\network diagnostic
2010-06-23 14:03:36 ----SD---- C:\WINDOWS\Tasks
2010-06-23 13:52:01 ----D---- C:\WINDOWS\system32\en-us
2010-06-23 13:52:01 ----D---- C:\WINDOWS\Media
2010-06-23 13:52:01 ----D---- C:\Program Files\Internet Explorer
2010-06-23 13:52:00 ----D---- C:\WINDOWS\Help
2010-06-23 13:48:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-20 23:59:30 ----D---- C:\Program Files\Common Files
2010-06-20 22:17:51 ----RD---- C:\Program Files
2010-06-20 22:00:25 ----A---- C:\WINDOWS\Lexstat.ini
2010-06-19 19:12:00 ----D---- C:\WINDOWS\system32\FxsTmp
2010-06-18 22:26:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-18 09:55:04 ----D---- C:\Program Files\SUPERAntiSpyware
2010-06-18 09:49:33 ----D---- C:\Program Files\Coupons
2010-06-18 09:48:50 ----D---- C:\Program Files\Yahoo!
2010-06-18 09:45:14 ----D---- C:\Program Files\MSN
2010-06-18 09:42:18 ----D---- C:\Program Files\Java
2010-06-15 23:57:25 ----D---- C:\temp
2010-06-15 10:45:31 ----D---- C:\WINDOWS\system32\drivers
2010-06-14 01:10:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-06-13 21:01:50 ----SD---- C:\Documents and Settings\Editor\Application Data\Microsoft
2010-06-13 14:16:09 ----D---- C:\WINDOWS\system32\config
2010-06-12 14:22:44 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-06-12 09:23:18 ----D---- C:\Program Files\CCleaner
2010-06-11 09:53:15 ----D---- C:\Program Files\Google
2010-06-11 09:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-06-03 22:45:48 ----D---- C:\Program Files\IncrediMail
2010-05-28 15:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-13 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-13 242896]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-03 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-03 96858]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NielGfx;Nielsen USB GFX; C:\WINDOWS\system32\drivers\nielgfx.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-06-12 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-12 308064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 537520]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-03-17 319488]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\iSold It\MSDE\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\iSold It\MSDE\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 24th, 2010, 8:46 am

info.txt logfile of random's system information tool 1.06 2010-06-24 08:03:02

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Agere Systems PCI Soft Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Black Ice TIFF Printer Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E03E938-BA63-40A3-A505-57864FFDB871}\Setup.exe" -l0x9
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Photo Explosion Special Edition-->MsiExec.exe /X{DD040AAA-F295-492B-AD91-C8DC24488273}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Broadband Toolbar-->C:\Program Files\vol_toolbar\uninstall.exe
Verizon Help and Support Tool-->C:\Program Files\Verizon\Uninstall.exe
Verizon Servicepoint 1.5.12-->"C:\Program Files\Verizon\VSP\unins000.exe"
Vz In Home Agent-->MsiExec.exe /I{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: PHOTOOR087
Event Code: 240
Message: A request to suspend power was denied by magicJack.exe.

Record Number: 76340
Source Name: Win32k
Time Written: 20100529105804.000000-240
Event Type: warning
User:

Computer Name: PHOTOOR087
Event Code: 240
Message: A request to suspend power was denied by magicJack.exe.

Record Number: 76241
Source Name: Win32k
Time Written: 20100527164645.000000-240
Event Type: warning
User:

Computer Name: PHOTOOR087
Event Code: 240
Message: A request to suspend power was denied by magicJack.exe.

Record Number: 76240
Source Name: Win32k
Time Written: 20100527153739.000000-240
Event Type: warning
User:

Computer Name: PHOTOOR087
Event Code: 7000
Message: The SASDIFSV service failed to start due to the following error:
Cannot create a file when that file already exists.


Record Number: 76016
Source Name: Service Control Manager
Time Written: 20100522213135.000000-240
Event Type: error
User:

Computer Name: PHOTOOR087
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 75898
Source Name: Tcpip
Time Written: 20100520115144.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: PHOTOOR087
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 29
Source Name: Userenv
Time Written: 20100609191746.000000-240
Event Type: warning
User: JANENESMACHINE\Editor

Computer Name: PHOTOOR087
Event Code: 1002
Message: Hanging application IncMail.exe, version 5.8.6.4332, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 28
Source Name: Application Hang
Time Written: 20100609191549.000000-240
Event Type: error
User:

Computer Name: PHOTOOR087
Event Code: 1002
Message: Hanging application IncMail.exe, version 5.8.6.4332, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 27
Source Name: Application Hang
Time Written: 20100609191548.000000-240
Event Type: error
User:

Computer Name: PHOTOOR087
Event Code: 1000
Message: Faulting application fm3032.exe, version 0.1.35.8, faulting module fm3032.exe, version 0.1.35.8, fault address 0x0001d7d0.

Record Number: 21
Source Name: Application Error
Time Written: 20100609185439.000000-240
Event Type: error
User:

Computer Name: PHOTOOR087
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 15
Source Name: MSSQLServer
Time Written: 20100609185255.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"CW_UPDATE"=Y
-----------------EOF-----------------
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 24th, 2010, 9:10 am

Good morning vict0r,

I don't know if this means anything to you but I had only got to UPDATE WINDOWS AND INTERNET EXPLORER in your instructions, and after I downloaded IE 8 and rebooted the computer all this started.
Maybe just coincidence but thought I would mention it in case it is not.
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 24th, 2010, 8:23 pm

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear the infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before you continue with the instructions below.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.


Disable AVG

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.


Download and Run ComboFix

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please ensure you read the following guide carefully and install the Recovery Console when prompted.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Click here to visit BleepingComputer's ComboFix page for download links, and a guide for running the tool.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.


You can now enable AVG


To post in next reply:
ComboFix log
Update on how the computer is running
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 25th, 2010, 1:02 am

Here is the log.
The computer seems to be running better again :-)
Will await your further instructions
Thank you soooo much

ComboFix 10-06-24.01 - Editor 06/25/2010 0:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.210 [GMT -4:00]
Running from: c:\documents and settings\Editor\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Editor\GoToAssistDownloadHelper.exe
c:\documents and settings\Editor\My Documents\backup.reg
C:\Thumbs.db
c:\windows\MailSwitch.ocx
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-21 02:17 . 2010-06-21 02:18 -------- d-----w- c:\program files\ERUNT
2010-06-15 22:50 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 22:40 . 2010-06-15 22:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-14 01:01 . 2010-06-14 01:01 388096 ----a-r- c:\documents and settings\Editor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 21:52 . 2010-06-02 15:37 50176 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-13 21:52 . 2010-06-02 15:37 80896 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2010-06-12 19:07 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-06-12 18:27 . 2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-12 18:27 . 2010-06-13 14:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-12 18:26 . 2010-06-12 18:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-12 18:26 . 2010-06-13 14:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-12 18:26 . 2010-06-25 04:04 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-12 18:26 . 2010-06-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 21:48 . 2010-06-11 21:51 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 03:53 . 2010-06-11 03:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-11 03:48 . 2010-06-11 03:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-10 16:55 . 2010-06-10 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-10 16:10 . 2010-06-10 16:10 -------- d-----w- c:\documents and settings\Editor\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 23:08 . 2010-06-09 23:08 20480 ---ha-w- C:\SZKGFS.dat
2010-06-08 20:12 . 2010-06-08 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 01:29 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:31 . 2010-05-27 21:31 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcp71.dll
2010-05-27 21:31 . 2010-05-27 21:31 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\jmc.dll
2010-05-27 21:31 . 2010-05-27 21:31 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcr71.dll
2010-05-27 21:31 . 2010-05-27 21:31 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-sse.dll
2010-05-27 21:31 . 2010-05-27 21:31 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 19:07 . 2010-01-01 05:49 -------- d-----w- c:\documents and settings\Editor\Application Data\mjusbsp
2010-06-24 12:02 . 2005-06-30 15:41 -------- d-----w- c:\program files\Trend Micro
2010-06-24 01:19 . 2010-01-25 01:39 0 ----a-w- c:\documents and settings\Editor\Local Settings\Application Data\prvlcl.dat
2010-06-18 13:55 . 2008-03-05 03:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-18 13:49 . 2008-10-24 22:46 -------- d-----w- c:\program files\Coupons
2010-06-18 13:48 . 2008-03-05 03:10 -------- d-----w- c:\program files\Yahoo!
2010-06-18 13:42 . 2007-05-04 17:22 -------- d-----w- c:\program files\Java
2010-06-15 14:45 . 2004-08-04 08:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-14 05:10 . 2010-02-25 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-12 18:22 . 2009-11-03 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-12 13:23 . 2008-03-05 03:10 -------- d-----w- c:\program files\CCleaner
2010-06-11 13:53 . 2007-01-06 19:29 -------- d-----w- c:\program files\Google
2010-06-10 00:08 . 2010-06-09 23:26 2840 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-08 20:08 . 2010-05-23 16:23 63488 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-08 20:08 . 2009-03-24 19:49 117760 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 02:45 . 2008-11-14 03:12 -------- d-----w- c:\program files\IncrediMail
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-05 13:22 . 2010-04-05 13:22 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcp71.dll
2010-04-05 13:22 . 2010-04-05 13:22 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\jmc.dll
2010-04-05 13:22 . 2010-04-05 13:22 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcr71.dll
2010-04-05 13:22 . 2010-04-05 13:22 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-sse.dll
2010-04-05 13:22 . 2010-04-05 13:22 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-d3d.dll
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Editor\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-13 2065248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Editor\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:TCP"= 5060:TCP:MJ1
"5060:UDP"= 5060:UDP:MJ1
"5070:UDP"= 5070:UDP:MJ2
"10000:UDP"= 10000:UDP:MJ3
"20000:UDP"= 20000:UDP:MJ4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2010 2:26 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2010 2:27 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/12/2010 2:24 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/12/2010 2:24 PM 308064]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/12/2010 2:26 PM 430152]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{1F3D3DA1-F494-46AD-9723-A193117DE601}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: infopia.com\app
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settin ... Config.CAB
DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} - hxxp://homepagenow.com/coho/res/js/uplo ... loader.cab
FF - ProfilePath - c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 00:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
Completion time: 2010-06-25 00:45:32
ComboFix-quarantined-files.txt 2010-06-25 04:45

Pre-Run: 20,868,984,832 bytes free
Post-Run: 21,094,862,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 28D420D3F6448EA645F6CD8006C2A6EE
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 25th, 2010, 10:22 pm

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\SZKGFS.dat
c:\windows\system32\drivers\kgpcpy.cfg

DDS::
uStart Page = about:blank
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
Trusted Zone: infopia.com\app

FileLook::
c:\windows\system32\drivers\cdrom.sys

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]



Save this as "CFScript.txt", and as Type: All Files (*.*) on your desktop.


Image


Refer to the picture above, then close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt.


Please post:
  • the ComboFix log
  • a fresh HijackThis log
  • an update to the performance of your computer.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 27th, 2010, 1:07 am

sorry it took me so long to respond, I had an unexpected death in the family.
Here is the combofix log I hope I did it correctly.

ComboFix 10-06-24.01 - Editor 06/27/2010 0:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.185 [GMT -4:00]
Running from: c:\documents and settings\Editor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Editor\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Created a new restore point

FILE ::
"C:\SZKGFS.dat"
"c:\windows\system32\drivers\kgpcpy.cfg"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SZKGFS.dat
c:\windows\system32\drivers\kgpcpy.cfg

.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-25 06:30 . 2010-06-25 06:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-25 06:24 . 2010-06-25 06:24 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-25 06:01 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-06-25 06:01 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-06-25 05:59 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\program files\Agnitum
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-06-25 05:39 . 2010-06-25 05:39 -------- d-----w- c:\documents and settings\Editor\Application Data\WinPatrol
2010-06-25 05:38 . 2010-06-25 05:38 -------- d-----w- c:\program files\BillP Studios
2010-06-25 05:36 . 2010-06-25 05:36 -------- d-----w- c:\program files\SpywareBlaster
2010-06-25 05:36 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-06-24 19:06 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Editor\Application Data\mjusbsp\in00000\setup.exe
2010-06-24 19:06 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Editor\Application Data\mjusbsp\ar00000\install.exe
2010-06-24 19:06 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Editor\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-06-24 12:02 . 2010-06-24 12:03 -------- d-----w- C:\rsit
2010-06-23 17:45 . 2010-06-23 17:46 -------- dc-h--w- c:\windows\ie8
2010-06-21 02:17 . 2010-06-21 02:18 -------- d-----w- c:\program files\ERUNT
2010-06-15 22:50 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 22:40 . 2010-06-15 22:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-14 01:01 . 2010-06-14 01:01 388096 ----a-r- c:\documents and settings\Editor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 21:52 . 2010-06-02 15:37 50176 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-13 21:52 . 2010-06-02 15:37 80896 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2010-06-12 19:07 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-06-12 18:27 . 2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-12 18:27 . 2010-06-13 14:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-12 18:26 . 2010-06-12 18:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-12 18:26 . 2010-06-13 14:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-12 18:26 . 2010-06-27 03:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-12 18:26 . 2010-06-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 21:48 . 2010-06-11 21:51 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 03:53 . 2010-06-11 03:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-11 03:48 . 2010-06-11 03:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-10 16:55 . 2010-06-10 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-10 16:10 . 2010-06-10 16:10 -------- d-----w- c:\documents and settings\Editor\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 20:12 . 2010-06-08 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 01:29 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 04:19 . 2010-01-25 01:39 0 ----a-w- c:\documents and settings\Editor\Local Settings\Application Data\prvlcl.dat
2010-06-27 03:52 . 2009-09-17 02:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-27 03:34 . 2010-02-25 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-24 19:07 . 2010-01-01 05:49 -------- d-----w- c:\documents and settings\Editor\Application Data\mjusbsp
2010-06-24 12:02 . 2005-06-30 15:41 -------- d-----w- c:\program files\Trend Micro
2010-06-18 13:55 . 2008-03-05 03:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-18 13:49 . 2008-10-24 22:46 -------- d-----w- c:\program files\Coupons
2010-06-18 13:48 . 2008-03-05 03:10 -------- d-----w- c:\program files\Yahoo!
2010-06-18 13:42 . 2007-05-04 17:22 -------- d-----w- c:\program files\Java
2010-06-15 14:45 . 2004-08-04 08:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-12 18:22 . 2009-11-03 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-12 13:23 . 2008-03-05 03:10 -------- d-----w- c:\program files\CCleaner
2010-06-11 13:53 . 2007-01-06 19:29 -------- d-----w- c:\program files\Google
2010-06-08 20:08 . 2010-05-23 16:23 63488 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-08 20:08 . 2009-03-24 19:49 117760 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 02:45 . 2008-11-14 03:12 -------- d-----w- c:\program files\IncrediMail
2010-05-27 21:31 . 2010-05-27 21:31 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcp71.dll
2010-05-27 21:31 . 2010-05-27 21:31 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\jmc.dll
2010-05-27 21:31 . 2010-05-27 21:31 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcr71.dll
2010-05-27 21:31 . 2010-05-27 21:31 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-sse.dll
2010-05-27 21:31 . 2010-05-27 21:31 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-05 13:22 . 2010-04-05 13:22 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcp71.dll
2010-04-05 13:22 . 2010-04-05 13:22 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\jmc.dll
2010-04-05 13:22 . 2010-04-05 13:22 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcr71.dll
2010-04-05 13:22 . 2010-04-05 13:22 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-sse.dll
2010-04-05 13:22 . 2010-04-05 13:22 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-d3d.dll
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\cdrom.sys ---
Company: Microsoft Corporation
File Description: SCSI CD-ROM Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: cdrom.sys
File size: 62976
Created time: 2004-08-04 08:00
Modified time: 2010-06-15 14:45
MD5: 1F4260CC5B42272D71F79E570A27A4FE
SHA1: A80D103EECFE831B93C01F092ABCDDAE90BCCD6F


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Editor\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-13 2065248]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Editor\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:TCP"= 5060:TCP:MJ1
"5060:UDP"= 5060:UDP:MJ1
"5070:UDP"= 5070:UDP:MJ2
"10000:UDP"= 10000:UDP:MJ3
"20000:UDP"= 20000:UDP:MJ4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2010 2:26 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2010 2:27 PM 242896]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/25/2010 2:01 AM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/25/2010 1:59 AM 1195008]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/12/2010 2:24 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/12/2010 2:24 PM 308064]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/25/2010 1:59 AM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/25/2010 2:01 AM 257432]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/12/2010 2:26 PM 430152]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{1F3D3DA1-F494-46AD-9723-A193117DE601}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settin ... Config.CAB
DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} - hxxp://homepagenow.com/coho/res/js/uplo ... loader.cab
FF - ProfilePath - c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\iSold It\MSDE\MSSQL\Binn\sqlservr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\PDF Complete\pdfsaver.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-27 00:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-27 04:56
ComboFix2.txt 2010-06-25 04:45

Pre-Run: 28,239,089,664 bytes free
Post-Run: 28,187,987,968 bytes free

- - End Of File - - 9AC33E5EFE2D5DBBF572115001802C17
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 27th, 2010, 1:08 am

sorry it took me so long to respond, I had an unexpected death in the family.
Here is the combofix log I hope I did it correctly.

ComboFix 10-06-24.01 - Editor 06/27/2010 0:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.185 [GMT -4:00]
Running from: c:\documents and settings\Editor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Editor\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Created a new restore point

FILE ::
"C:\SZKGFS.dat"
"c:\windows\system32\drivers\kgpcpy.cfg"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SZKGFS.dat
c:\windows\system32\drivers\kgpcpy.cfg

.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-25 06:30 . 2010-06-25 06:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-25 06:24 . 2010-06-25 06:24 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-25 06:01 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-06-25 06:01 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-06-25 05:59 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\program files\Agnitum
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-06-25 05:39 . 2010-06-25 05:39 -------- d-----w- c:\documents and settings\Editor\Application Data\WinPatrol
2010-06-25 05:38 . 2010-06-25 05:38 -------- d-----w- c:\program files\BillP Studios
2010-06-25 05:36 . 2010-06-25 05:36 -------- d-----w- c:\program files\SpywareBlaster
2010-06-25 05:36 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-06-24 19:06 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Editor\Application Data\mjusbsp\in00000\setup.exe
2010-06-24 19:06 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Editor\Application Data\mjusbsp\ar00000\install.exe
2010-06-24 19:06 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Editor\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-06-24 12:02 . 2010-06-24 12:03 -------- d-----w- C:\rsit
2010-06-23 17:45 . 2010-06-23 17:46 -------- dc-h--w- c:\windows\ie8
2010-06-21 02:17 . 2010-06-21 02:18 -------- d-----w- c:\program files\ERUNT
2010-06-15 22:50 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 22:40 . 2010-06-15 22:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-14 01:01 . 2010-06-14 01:01 388096 ----a-r- c:\documents and settings\Editor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 21:52 . 2010-06-02 15:37 50176 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-13 21:52 . 2010-06-02 15:37 80896 ----a-w- c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2010-06-12 19:07 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-06-12 18:27 . 2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-12 18:27 . 2010-06-13 14:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-12 18:26 . 2010-06-12 18:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-12 18:26 . 2010-06-13 14:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-12 18:26 . 2010-06-27 03:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-12 18:26 . 2010-06-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 21:48 . 2010-06-11 21:51 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 03:53 . 2010-06-11 03:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-11 03:48 . 2010-06-11 03:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-10 16:55 . 2010-06-10 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-10 16:10 . 2010-06-10 16:10 -------- d-----w- c:\documents and settings\Editor\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 16:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 16:09 . 2010-06-10 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 20:12 . 2010-06-08 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 01:29 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 04:19 . 2010-01-25 01:39 0 ----a-w- c:\documents and settings\Editor\Local Settings\Application Data\prvlcl.dat
2010-06-27 03:52 . 2009-09-17 02:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-27 03:34 . 2010-02-25 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-24 19:07 . 2010-01-01 05:49 -------- d-----w- c:\documents and settings\Editor\Application Data\mjusbsp
2010-06-24 12:02 . 2005-06-30 15:41 -------- d-----w- c:\program files\Trend Micro
2010-06-18 13:55 . 2008-03-05 03:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-18 13:49 . 2008-10-24 22:46 -------- d-----w- c:\program files\Coupons
2010-06-18 13:48 . 2008-03-05 03:10 -------- d-----w- c:\program files\Yahoo!
2010-06-18 13:42 . 2007-05-04 17:22 -------- d-----w- c:\program files\Java
2010-06-15 14:45 . 2004-08-04 08:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-12 18:22 . 2009-11-03 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-12 13:23 . 2008-03-05 03:10 -------- d-----w- c:\program files\CCleaner
2010-06-11 13:53 . 2007-01-06 19:29 -------- d-----w- c:\program files\Google
2010-06-08 20:08 . 2010-05-23 16:23 63488 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-08 20:08 . 2009-03-24 19:49 117760 ----a-w- c:\documents and settings\Editor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 02:45 . 2008-11-14 03:12 -------- d-----w- c:\program files\IncrediMail
2010-05-27 21:31 . 2010-05-27 21:31 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcp71.dll
2010-05-27 21:31 . 2010-05-27 21:31 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\jmc.dll
2010-05-27 21:31 . 2010-05-27 21:31 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-37db7b6f-n\msvcr71.dll
2010-05-27 21:31 . 2010-05-27 21:31 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-sse.dll
2010-05-27 21:31 . 2010-05-27 21:31 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfecb78-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-05 13:22 . 2010-04-05 13:22 503808 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcp71.dll
2010-04-05 13:22 . 2010-04-05 13:22 499712 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\jmc.dll
2010-04-05 13:22 . 2010-04-05 13:22 348160 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2465c452-n\msvcr71.dll
2010-04-05 13:22 . 2010-04-05 13:22 61440 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-sse.dll
2010-04-05 13:22 . 2010-04-05 13:22 12800 ----a-w- c:\documents and settings\Editor\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-691cf349-n\decora-d3d.dll
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\cdrom.sys ---
Company: Microsoft Corporation
File Description: SCSI CD-ROM Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: cdrom.sys
File size: 62976
Created time: 2004-08-04 08:00
Modified time: 2010-06-15 14:45
MD5: 1F4260CC5B42272D71F79E570A27A4FE
SHA1: A80D103EECFE831B93C01F092ABCDDAE90BCCD6F


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Editor\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-13 2065248]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-12 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Editor\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:TCP"= 5060:TCP:MJ1
"5060:UDP"= 5060:UDP:MJ1
"5070:UDP"= 5070:UDP:MJ2
"10000:UDP"= 10000:UDP:MJ3
"20000:UDP"= 20000:UDP:MJ4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2010 2:26 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2010 2:27 PM 242896]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/25/2010 2:01 AM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/25/2010 1:59 AM 1195008]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/12/2010 2:24 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/12/2010 2:24 PM 308064]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/25/2010 1:59 AM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/25/2010 2:01 AM 257432]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/12/2010 2:26 PM 430152]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{1F3D3DA1-F494-46AD-9723-A193117DE601}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settin ... Config.CAB
DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} - hxxp://homepagenow.com/coho/res/js/uplo ... loader.cab
FF - ProfilePath - c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\documents and settings\Editor\Application Data\Mozilla\Firefox\Profiles\mndu95af.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\iSold It\MSDE\MSSQL\Binn\sqlservr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\PDF Complete\pdfsaver.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-27 00:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-27 04:56
ComboFix2.txt 2010-06-25 04:45

Pre-Run: 28,239,089,664 bytes free
Post-Run: 28,187,987,968 bytes free

- - End Of File - - 9AC33E5EFE2D5DBBF572115001802C17
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby JMD » June 27th, 2010, 1:13 am

Here is my fresh HiJackthis log
Update : computer seems to be running fine again

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:10:11 AM, on 6/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\iSold It\MSDE\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Editor\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settin ... Config.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1469291437
O16 - DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} (Image Uploader 3.0 Control) - http://homepagenow.com/coho/res/js/uplo ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9232 bytes
JMD
Regular Member
 
Posts: 32
Joined: June 13th, 2010, 9:21 pm

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 28th, 2010, 7:41 am

I'm sorry about the delay. I haven't forgotten you and I will post the next set of instructions as soon as possible.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Constantly being Redircted and computer locks up

Unread postby vict0r » June 28th, 2010, 8:23 am

I'm sorry to hear about your loss.


SystemLook

Download SystemLook to your desktop if you have deleted it:
Link 1 | Link 2

  • Double-click SystemLook.exe to run the tool.
  • Copy the contents of the following codebox into the main textfield:
    Code: Select all
    :regfind
    Mywebsearch

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
The log can also be found as a text document on your Desktop named SystemLook.txt
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware