Browser Redirected

[Broni]

You posted only part of Combofix log. Please, repost.

[bonnyblubell]

tried to run them and they both choked...TFC would restart but never finish and would have to crash the pc to get it to stop...Kaspersky gave me a notice about the version of Java needed...guess I dont have it? And the accept button was not hot...will wait to hear from you further.

Night!

[Broni]

You posted only part of Combofix log. Please, repost.

...

[bonnyblubell]

ComboFix 10-01-30.04 - Dell 01/30/2010 23:47:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1593 [GMT -6:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 04:35 . 2010-01-31 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\program files\Yahoo!
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\program files\CCleaner
2010-01-31 04:17 . 2010-01-31 04:17 -------- d-----w- C:\8crt7e5e290858
2010-01-31 02:14 . 2010-01-31 02:26 -------- d-----w- C:\8crt7e5e
2010-01-30 05:20 . 2010-01-30 05:20 52224 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 05:20 . 2010-01-30 05:20 117760 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-30 05:19 . 2010-01-30 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-30 05:18 . 2010-01-30 05:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-30 05:18 . 2010-01-30 05:18 -------- d-----w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com
2010-01-30 05:16 . 2010-01-30 05:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 04:32 . 2010-01-30 04:32 -------- d-----w- c:\program files\Trend Micro
2010-01-30 04:08 . 2010-01-30 04:08 -------- d-sh--w- c:\documents and settings\Dell\IECompatCache
2010-01-29 23:30 . 2010-01-31 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 23:30 . 2010-01-31 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 23:28 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-26 23:28 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-26 23:28 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-26 23:28 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-26 23:28 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-26 23:28 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-26 23:28 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-26 23:28 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-26 23:28 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\program files\Alwil Software
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-26 23:16 . 2010-01-26 23:17 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Google
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Threat Expert
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-26 23:13 . 2010-01-27 00:44 -------- d-----w- c:\program files\Google
2010-01-26 23:05 . 2010-01-27 01:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 14:50 . 2010-01-14 14:50 -------- d-----w- c:\program files\Overland
2010-01-13 00:25 . 2010-01-13 00:36 19817 ----a-w- c:\windows\HPHins02.dat
2010-01-13 00:25 . 2005-07-08 04:55 4284 ------w- c:\windows\hphmdl02.dat
2010-01-13 00:25 . 2005-07-08 04:55 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2010-01-13 00:25 . 2005-07-08 04:55 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-01-13 00:25 . 2005-07-08 04:55 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-01-13 00:25 . 2005-07-08 04:55 491520 ----a-w- c:\windows\system32\hphmon05.exe
2010-01-13 00:25 . 2005-07-08 04:55 364544 ----a-w- c:\windows\system32\hphped05.exe
2010-01-13 00:25 . 2005-07-08 04:55 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2010-01-13 00:25 . 2005-07-08 04:55 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2010-01-13 00:25 . 2005-07-08 04:55 135224 ----a-w- c:\windows\system32\hpzlnt09.dll
2010-01-13 00:25 . 2005-07-08 04:55 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-01-13 00:25 . 2005-07-08 04:55 6478 ----a-w- c:\windows\system32\hphmon05.dat
2010-01-13 00:14 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 23:26 . 2009-04-03 07:11 13104 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 02:52 . 2009-06-22 23:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-23 01:13 . 2009-04-02 22:47 95168 ----a-w- c:\windows\system32\nvModes.dat
2010-01-13 00:34 . 2010-01-13 00:34 45056 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-01-13 00:34 . 2010-01-13 00:28 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-13 00:34 . 2010-01-13 00:34 -------- d-----w- c:\program files\HP
2009-12-21 19:14 . 2008-04-14 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2008-04-14 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-25 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2009-02-25 405504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 5:28 PM 163280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 5:28 PM 19024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S0 cerc6;cerc6; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2010-01-13 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-30 23:51:16
ComboFix-quarantined-files.txt 2010-01-31 05:51
ComboFix2.txt 2010-01-31 02:26

Pre-Run: 151,720,841,216 bytes free
Post-Run: 151,691,476,992 bytes free

- - End Of File - - 13D35AF5C5E49F1B538218AACB445A04

[Broni]

Nothing interesting there...

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

=================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
• Archives
• Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

[bonnyblubell]

Have run the TVC cleaner, but it keeps choking on restart and I have to crash the computer to get it started again...should I continue to Kaspersky?

[Broni]

Try this before running Kaspersky....

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

[bonnyblubell]

I ran the ATF, but keeping getting a logical error message during the download of Kaspersky...what should I do?

[Broni]

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[bonnyblubell]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=98c9d7fe150356449d1868726ea46d65
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-01 05:16:03
# local_time=2010-01-31 11:16:03 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777175 100 0 368993 368993 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=30583
# found=0
# cleaned=0
# scan_time=1084


Do I need to do anything else? Sure appreciate you guys!

[Broni]

Good
Please post fresh HJT log for final look.

[bonnyblubell]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:17 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1250459804343
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7823 bytes

[Broni]

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

nothing malicious to remove

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
- O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
- O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
- O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
- O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
- O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
- O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
- O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
- O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you have paid version]
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you have paid version]

5. Click on Fix checked button.

6. Restart computer.


When done....


Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

[bonnyblubell]

Broni:

Thank you so much for all your help. I've run all the programs you suggested and everything seems fine, i.e, no more browser redirects and no fake alerts on my laptop. YAYYYYYYY! I was going to ask you about the passwords, so thanks for the heads up on that. One question...when I did the clean image, I got a pic of Mr. Clean...was that all that was supposed to happen? lol

My sincerest appreciations. You rock!

[Broni]

Good news
Happy surfing