Browser Redirected

[Broni]

Does it happen, when you try to download, or when you try to run it?

[bonnyblubell]

As in i 'run' it to download it but never got any prompts for a place to rename the file or install recovery console or update the program. It never disconnects me from the internet and I never get a combofix.exe to double click on (that is why I searched for the file, so I could run it from there, but there was no file like that on my pc).

Hope this helps.

[Broni]

You're doing something wrong.

Click on a link from my post #12 and DO NOT click on "Run", but click on "Save" as the instructions say.
Save it to the DESKTOP.

[bonnyblubell]

ok, thanks...will do.

[bonnyblubell]

when I click on that link it send me to

http://www.adrive.com/public/c9369b1...3f00d23ee.html

a place called adrive.com...is that correct?

[Broni]

Yes.

[bonnyblubell]

ComboFix 10-01-29.09 - Dell 01/30/2010 20:19:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1722 [GMT -6:00]
Running from: c:\documents and settings\Dell\Desktop\8crt7e5e.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-746137067-299502267-1801674531-1003
C:\s
c:\windows\system32\15724.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-30 05:20 . 2010-01-30 05:20 52224 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 05:20 . 2010-01-30 05:20 117760 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-30 05:19 . 2010-01-30 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-30 05:18 . 2010-01-30 05:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-30 05:18 . 2010-01-30 05:18 -------- d-----w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com
2010-01-30 05:16 . 2010-01-30 05:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 04:32 . 2010-01-30 04:32 -------- d-----w- c:\program files\Trend Micro
2010-01-30 04:08 . 2010-01-30 04:08 -------- d-sh--w- c:\documents and settings\Dell\IECompatCache
2010-01-29 23:30 . 2010-01-31 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 23:30 . 2010-01-30 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 23:28 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-26 23:28 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-26 23:28 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-26 23:28 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-26 23:28 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-26 23:28 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-26 23:28 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-26 23:28 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-26 23:28 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\program files\Alwil Software
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-26 23:16 . 2010-01-26 23:17 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Google
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Threat Expert
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-26 23:13 . 2010-01-27 00:44 -------- d-----w- c:\program files\Google
2010-01-26 23:05 . 2010-01-27 01:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 14:50 . 2010-01-14 14:50 -------- d-----w- c:\program files\Overland
2010-01-13 00:25 . 2010-01-13 00:36 19817 ----a-w- c:\windows\HPHins02.dat
2010-01-13 00:25 . 2005-07-08 04:55 4284 ------w- c:\windows\hphmdl02.dat
2010-01-13 00:25 . 2005-07-08 04:55 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2010-01-13 00:25 . 2005-07-08 04:55 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-01-13 00:25 . 2005-07-08 04:55 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-01-13 00:25 . 2005-07-08 04:55 491520 ----a-w- c:\windows\system32\hphmon05.exe
2010-01-13 00:25 . 2005-07-08 04:55 364544 ----a-w- c:\windows\system32\hphped05.exe
2010-01-13 00:25 . 2005-07-08 04:55 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2010-01-13 00:25 . 2005-07-08 04:55 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2010-01-13 00:25 . 2005-07-08 04:55 135224 ----a-w- c:\windows\system32\hpzlnt09.dll
2010-01-13 00:25 . 2005-07-08 04:55 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-01-13 00:25 . 2005-07-08 04:55 6478 ----a-w- c:\windows\system32\hphmon05.dat
2010-01-13 00:14 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 23:26 . 2009-04-03 07:11 13104 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 02:52 . 2009-06-22 23:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-23 01:13 . 2009-04-02 22:47 95168 ----a-w- c:\windows\system32\nvModes.dat
2010-01-13 00:34 . 2010-01-13 00:34 45056 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-01-13 00:34 . 2010-01-13 00:28 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-13 00:34 . 2010-01-13 00:34 -------- d-----w- c:\program files\HP
2009-12-21 19:14 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2008-04-14 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-25 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2009-02-25 405504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 5:28 PM 163280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 5:28 PM 19024]
S0 cerc6;cerc6; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2010-01-13 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-30 20:26:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 02:26

Pre-Run: 151,627,694,080 bytes free
Post-Run: 151,666,425,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CF528495EDF85AA85EEE3E4A0B49F603


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:10 PM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1250459804343
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6773 bytes

[Broni]

There you go...you did it

How is redirection issue?

[bonnyblubell]

and yayyyyy...tried to different recipe sites and it went straight to them...so looks like everythng is a-okay!

Thank you so much for all your efforts and patience!

Have recommended you to my son-in-law...he got a new job at the church office taking care of computers...and he is going to need it!

I pray many blessings on you!

Best Regards,
Bonnie

[bonnyblubell]

avast, spybot, malwarebytes, and superantispywareagent?!

[Broni]

OK, OK, you're very welcome, but we need to perform couple more steps.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

===============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
• Archives
• Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

[Broni]

I also recommend, you uninstall Spybot. It's a tool of the past.

[bonnyblubell]

I had Facebook open and before I could finish the steps you sent, all of a sudden it happened again...got the fake alert that wouldn't cancel...and I don't understand how they are getting through Avast and Spybot...and why my computer?

What should I do...everything all over again???

[Broni]

Download fresh copy of Combofix and run it again.

[bonnyblubell]

Should I go ahead and try the TFC and Kaspersky?


ComboFix 10-01-30.04 - Dell 01/30/2010 23:47:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1593 [GMT -6:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 04:35 . 2010-01-31 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\program files\Yahoo!
2010-01-31 04:35 . 2010-01-31 04:35 -------- d-----w- c:\program files\CCleaner
2010-01-31 04:17 . 2010-01-31 04:17 -------- d-----w- C:\8crt7e5e290858
2010-01-31 02:14 . 2010-01-31 02:26 -------- d-----w- C:\8crt7e5e
2010-01-30 05:20 . 2010-01-30 05:20 52224 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 05:20 . 2010-01-30 05:20 117760 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-30 05:19 . 2010-01-30 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-30 05:18 . 2010-01-30 05:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-30 05:18 . 2010-01-30 05:18 -------- d-----w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com
2010-01-30 05:16 . 2010-01-30 05:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 04:32 . 2010-01-30 04:32 -------- d-----w- c:\program files\Trend Micro
2010-01-30 04:08 . 2010-01-30 04:08 -------- d-sh--w- c:\documents and settings\Dell\IECompatCache
2010-01-29 23:30 . 2010-01-31 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 23:30 . 2010-01-31 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 02:09 . 2010-01-27 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 23:28 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-26 23:28 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-26 23:28 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-26 23:28 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-26 23:28 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-26 23:28 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-26 23:28 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-26 23:28 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-26 23:28 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\program files\Alwil Software
2010-01-26 23:28 . 2010-01-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-26 23:16 . 2010-01-26 23:17 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Google
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Threat Expert
2010-01-26 23:16 . 2010-01-26 23:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-26 23:13 . 2010-01-27 00:44 -------- d-----w- c:\program files\Google
2010-01-26 23:05 . 2010-01-27 01:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 14:50 . 2010-01-14 14:50 -------- d-----w- c:\program files\Overland
2010-01-13 00:25 . 2010-01-13 00:36 19817 ----a-w- c:\windows\HPHins02.dat
2010-01-13 00:25 . 2005-07-08 04:55 4284 ------w- c:\windows\hphmdl02.dat
2010-01-13 00:25 . 2005-07-08 04:55 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2010-01-13 00:25 . 2005-07-08 04:55 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-01-13 00:25 . 2005-07-08 04:55 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-01-13 00:25 . 2005-07-08 04:55 491520 ----a-w- c:\windows\system32\hphmon05.exe
2010-01-13 00:25 . 2005-07-08 04:55 364544 ----a-w- c:\windows\system32\hphped05.exe
2010-01-13 00:25 . 2005-07-08 04:55 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2010-01-13 00:25 . 2005-07-08 04:55 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2010-01-13 00:25 . 2005-07-08 04:55 135224 ----a-w- c:\windows\system32\hpzlnt09.dll
2010-01-13 00:25 . 2005-07-08 04:55 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-01-13 00:25 . 2005-07-08 04:55 6478 ----a-w- c:\windows\system32\hphmon05.dat
2010-01-13 00:14 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-13 00:14 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 23:26 . 2009-04-03 07:11 13104 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 02:52 . 2009-06-22 23:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-23 01:13 . 2009-04-02 22:47 95168 ----a-w- c:\windows\system32\nvModes.dat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:15 PM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"