Login|Contact Us
Question and Answer

Computer

Ask a Computer Question, Get an Answer ASAP!

  • Ask A Question
  • Browse Answers
  • Meet The Experts
  • How JustAnswer Works

My browser keeps redirecting me to other sites. I have used

 

Customer Question

My browser keeps redirecting me to other sites. I have used all sorts of malware, spyware, anti-virus removal tools and nothing works. I've uninstalled and reinstalled Firefox and Opera and that doesn't solve the issue. I did find that I had a trojan called winupdate86 and adware called seekmo. From what all the removal tools tell me both programs are gone, but the browser still acts like it is hijacked.

 

Optional Information:
Computer OS: Windows XP
Browser: Firefox

Already Tried:
Same issue appears in Firefox, IE, and Opera. I have uninstalled Firefox and Opera twice and still have the same issue. To try to resolve the issue I have used AVG (which was running at the time of the infection and it is now removed), Avast (replaced AVG), Spybot, Advanced System Care, Malwarebytes Anti-Malware, Ad-Aware, and CCcleaner.

Submitted: 1258 days and 11 hours ago.
Category: Computer
Value: $18
Status: CLOSED
Picture
Expert:  Tech Specialist replied 1258 days and 11 hours ago.

Hello,

 

Have you tried a scan with combofix?

 

Also, what about internet explorer, is it also hijacked?

Customer replied 1258 days and 11 hours ago.

Hi Ansh,

I have not tried a scan with combofix.

Yes internet explorer is also hijacked.

I'm not at the computer right now. If you can tell me what I should do I will in about 6 hours when I am at the computer.

Picture
Expert:  Tech Specialist replied 1258 days and 11 hours ago.

First of all I suggest backup your important files before going for anything because these malware sometimes go to the worst extent.

 

Download and run combofix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

See if that works.

Customer replied 1258 days and 9 hours ago.

I ran combofix and it did not fix the problem. The browser is still hijacked. What should I try next?

Picture
Expert:  Tech Specialist replied 1258 days and 8 hours ago.

Can you tell me the browser is redirecting you to which site?

Customer replied 1258 days and 8 hours ago.

The addresses are long. I did a Google search for 'braves' and got the correct search results page but it also opened a new window with this as the address:

www.nynewsandreports.ts.com/googlejob/uniquegooglejob.html?subid=adn1?subid=adn1?src=google+com_113232

And opened a page with a news article about Google giring Americans to work from home.

When I click on the first search result on the search page (braves.mlb.com) it sends me to briefly to a page at ooxx.co then redirected to this page:

www.bizmore.com/info/index.html

The pages seem to be random as different clicks on the search links goto different sites. Also noticed that after 3 clicks on the search link and getting 3 random redirects it seems to start working normally and send you to the right place, even after closing IE and clearing caches/cookies.

Picture
Expert:  Tech Specialist replied 1258 days and 8 hours ago.

Download and install chrome browser: http://www.google.com/chrome

 

See if the same happening here. Let me know.

Customer replied 1258 days and 8 hours ago.

Yes, same result using Google Chrome the browser redirects to random sites.

Picture
Expert:  Tech Specialist replied 1258 days and 8 hours ago.

Wow. Much of a issue.

 

Restart the computer in safe mode and do a full scan using malwarebytes as well as combofix, give me the log of scan here.

Customer replied 1258 days and 4 hours ago.

ComboFix 09-11-29.06 - Owner 11/30/2009 17:25.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1XXX-XX-XXXX.635 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 19:47 . 2009-11-30 19:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-11-29 22:38 . 2009-11-29 22:38 -------- d-----w- c:\program files\Trend Micro
2009-11-29 22:33 . 2009-11-29 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-29 17:42 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-29 17:41 . 2009-11-29 17:41 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-29 17:41 . 2009-11-29 17:41 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-29 17:41 . 2009-11-29 17:41 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-29 17:41 . 2009-11-29 17:41 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-29 17:41 . 2009-11-29 17:41 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-29 17:41 . 2009-11-29 17:41 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-29 17:41 . 2009-11-29 17:41 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-29 17:41 . 2009-11-29 17:41 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-29 17:41 . 2009-11-29 17:41 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-29 17:41 . 2009-11-29 17:41 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-29 17:41 . 2009-11-29 17:41 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-29 17:39 . 2009-11-29 17:39(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-29 17:33 . 2009-11-29 17:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 17:33 . 2009-10-03 08:15(NNN) NNN-NNNN-c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-29 17:31 . 2009-11-29 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-29 17:31 . 2009-11-29 17:31 -------- d-----w- c:\program files\Lavasoft
2009-11-29 16:26 . 2009-11-29 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-11-29 15:45 . 2009-11-29 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Opera
2009-11-29 15:44 . 2009-11-30 00:17 -------- d-----w- c:\program files\Opera
2009-11-29 04:36 . 2009-11-29 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-29 04:24 . 2009-11-29 13:59 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2009-11-29 04:24 . 2009-11-29 14:00 -------- d-----w- c:\program files\CheckPoint
2009-11-29 04:24 . 2009-11-29 04:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-29 03:13 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-29 03:13 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-29 03:13 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-29 03:13 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-29 03:13 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-29 03:13 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-29 03:13 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-29 03:13 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-29 03:12 . 2009-11-24 23:54(NNN) NNN-NNNN----a-w- c:\windows\system32\aswBoot.exe
2009-11-29 03:12 . 2009-11-29 03:12 -------- d-----w- c:\program files\Alwil Software
2009-11-29 02:57 . 2009-11-29 13:48 -------- d-----w- c:\program files\Angle Interactive
2009-11-29 02:57 . 2009-11-29 02:57 -------- d-----w- C:\ProgramData
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-29 02:29 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 02:29 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 00:11 . 2009-11-29 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-11-28 23:25 . 2009-11-28 23:25 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-11-28 23:25 . 2009-11-29 16:26 -------- d-----w- c:\program files\IObit
2009-11-27 13:54 . 2009-11-28 22:03 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-11-27 01:18 . 2009-11-27 01:18 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2009-11-23 00:02 . 2009-11-23 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-21 15:00 . 2009-11-21 15:05 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:52 . 2003-08-08 17:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-30 01:43 . 2008-01-26 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 01:04 . 2008-01-26 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 00:18 . 2009-06-13 23:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-29 22:32 . 2005-01-10 02:44 -------- d-----w- c:\program files\Java
2009-11-29 22:20 . 2003-07-24 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 17:41 . 2009-11-29 17:40 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-29 17:40 . 2009-11-29 17:40 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-29 17:40 . 2009-11-29 17:40 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-29 17:40 . 2009-11-29 17:40 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-29 17:40 . 2009-11-29 17:40 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-29 17:40 . 2009-11-29 17:40 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-29 17:40 . 2009-11-29 17:40 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-29 17:40 . 2009-11-29 17:40 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-29 17:40 . 2009-11-29 17:40 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-29 17:40 . 2009-11-29 17:39 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-28 23:57 . 2003-07-26 08:57 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2009-11-21 15:02 . 2009-03-26 02:47 -------- d-----w- c:\program files\AVG
2009-09-11 14:18 . 2003-08-08 17:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:10 . 2005-01-28 03:00 1101 -c--a-w- c:\windows\checkip.dat
2009-09-05 04:08 . 2005-01-28 02:58 1251 -c--a-w- c:\windows\ipconfig.dat
2009-09-05 03:49 . 2005-01-10 02:43 79952 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 21:03 . 2003-08-08 17:57 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((( XXX@XXXXXX.XXX )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-08 17:56 . 2009-11-30 18:52 96512 c:\windows\system32\dllcache\atapi.sys
- 2003-07-24 08:30 . 2009-11-30 17:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-07-24 08:30 . 2009-11-30 17:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-07-24 08:30 . 2009-11-30 17:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20(NNN) NNN-NNNN
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05(NNN) NNN-NNNN
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03(NNN) NNN-NNNN
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-26 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10(NNN) NNN-NNNN
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14(NNN) NNN-NNNN

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=c:\windows\pss\TrayMin700.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/29/2009 12:42 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM(NNN) NNN-NNNN
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/28/2009 10:13 PM 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/28/2009 10:13 PM 20560]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [11/29/2009 11:26 AM 312592]
S2 mrtRate;mrtRate; [x]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2/6/2007 12:07 AM(NNN) NNN-NNNN
S3 PentaxUsb;PENTAX Optio 60 on USB;c:\windows\system32\drivers\CoachUsb.sys [1/29/2006 12:53 AM 50976]
S3 PentaxVc;PENTAX Optio 60 Video Capture;c:\windows\system32\drivers\CoachVc.sys [1/29/2006 12:53 AM 44256]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/31/2007 12:11 AM 541568]
S3 XIRLINK;eVision 123 digital camera;c:\windows\system32\drivers\ucdnt.sys [8/18/2005 9:37 PM 805808]
S4 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:40]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134907574-2749578613-2750616050-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 19:47]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134907574-2749578613-2750616050-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 19:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x869C7618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73f6852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-30 18:07
ComboFix-quarantined-files.txt 2009-11-30 23:06
ComboFix2.txt 2009-11-30 18:22

Pre-Run: 87,787,888,640 bytes free
Post-Run: 87,753,920,512 bytes free

- - End Of File - - A40FC49BD837AC2356FDFD03D593AAF7


Malwarebytes' Anti-Malware 1.41
Database version: 3253
Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/30/2009 5:10:20 PM
mbam-log-2009-11-30 (17-10-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 275429
Time elapsed: 1 hour(s), 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Picture
Expert:  Tech Specialist replied 1258 days and 4 hours ago.

Please post the log in a proper format. Its all clogged up.

Customer replied 1258 days and 4 hours ago.

I copied and pasted the log into this window and is formatted correctly. I do not know how else to send the information using this window. I can save it as a text file and email it.

Picture
Expert:  Tech Specialist replied 1258 days and 4 hours ago.

Paste it into this site: http://pastebin.com/

 

Send me the link.

Customer replied 1258 days and 4 hours ago.

http://pastebin.com/m6a125592

Picture
Expert:  Tech Specialist replied 1258 days and 4 hours ago.

No infections. You are still getting hijacked?

Customer replied 1258 days and 4 hours ago.

Yes all the time in all browsers - IE, Opera, and Google Chrome

Picture
Expert:  Tech Specialist replied 1258 days and 3 hours ago.

Sorry but I am out of options, I should open this up for other experts.

Customer replied 1258 days and 3 hours ago.

Ok thanks for trying

Picture
Expert:  Anthony Brewster replied 1258 days and 3 hours ago.

Hello, please shut down the computer and turn it off. Then power it back on and lets go into Safemode with Networking.

 

1) Turn on the computer

2) Start tapping/pressing F8 until you see Advanced Options Menu

3) Select Safemode with Networking and press enter

4) Press enter for OS/XP

5) Choose your account (not admin)

6) Click yes to continue in safemode

 

Now, please download and run SmitFradFix.

 

GUIDE

 

http://siri.geekstogo.com/SmitfraudFix.php

 

 

Download Link

 

http://tinyurl.com/smitfradfix <<<<<<< CLICK TO DOWNLOAD

 

 

1) Download SmitFradFix

2) Run SmitFradFix (Safemode Recommended)

3) Press 2 (and press enter)

4) Press Y (for clean registry) and press enter

5) Wait for the notepad with your log report.

 

AFTER THIS DO THIS.

 

1) Run SmitFradFix again

2) Press 5 (Search and Clean DNS HiJack) and press enter

3) When complete press Q for quit and press enter


Now restart your computer and test it out.


BEST OF LUCK!
GOD BLESS!

 

:)

Customer replied 1258 days and 2 hours ago.

Still no luck. I ran Smitfradfix and followed your directions exactly. The browser still opens up new tabs to weird websites and sometimes the websites try to download new trojans but the avast antivirus program I am running stops the trojans. Until yesterday everything was running smoothly. Somehow I picked up a trojan called winupdate.exe and it released all sorts of other malware all over my machine.

Picture
Expert:  Anthony Brewster replied 1258 days and 1 hours ago.

Thanks. Please try this.

 

 

1) Click Start

2) Click Control Panel

3) Click User Accounts

4) Click Create A New User (with admin rights)

 

Now after you have your new account created, restart the computer and log into the account and test your computer out to see if its working now.

 

If it is working now, go back to the control panel / user acconts, and delete the old account out (BUT KEEP FILES) and your data will transfer into a single folder and it will be placed on the new desktop.

 

 

:)

 

 

Customer replied 1258 days and 1 hours ago.

Created a new user account with admin rights and the I went into Internet Explorer and was redirected a few times to various sites so it appears the browser is still hijacked.

Picture
Expert:  Anthony Brewster replied 1258 days and 1 hours ago.

Thanks. Do this.

 

 

1) Click Start

2) Click Run

3) Type Drivers and press enter

4) Open the ETC folder

5) Look for hosts.

 

This is where is it located directly (C:\Windows\System32\drivers\etc)

 

 

For the HOSTS file, on the right hand side, what is the FILE SIZE? Its is 1KB or what?

 

 

Thanks!

Customer replied 1258 days and 1 hours ago.

Yes the hosts file is 1kb

Picture
Expert:  Anthony Brewster replied 1258 days and 1 hours ago.

Thanks. Then its not a virus or spyware causing this. If you are getting redirected this would have been a bigger file.

 

 

It sounds to me like the OS is corrupted or having registry issues. I would suggest CCLEANER but you have already done that. ComboFix is extremely poweful to remove anything and yet you got nothing.

 


So there is only 1 thing left to do.

 

 

1) Backup all of your important data

2) Re-Install Windows XP

3) Install Security Protection

4) Download Windows Updates

5) Done!

 

 

BEST OF LUCK!
GOD BLESS!

 

 

:)

Customer replied 1258 days and 1 hours ago.

I am not convinced that it is not a virus since my browser redirects me to sites that try to download trojans and all this started when the winupdate86.exe trojan appeared on my system on Saturday 11/28.

I noticed the browser only redirects me when I'm using a search feature and click a link. If I am in a website, such as Just Answer, the browser opens the correct page.40149.5207158218

Customer replied 1256 days and 15 hours ago.

My browser is redirecting to junk sites only when using search engines, otherwise it works.

 
Tweet

17 Tech Support Specialists are Online Right Now

Ask Your Question Now
Computer Questions Date Submitted
I spent hundreds of dollars this evening to clear virus' and 5/9/2013
I need help on the system. Keys shakig and jumpingc round? 5/9/2013
i have a computer with two different user on it need to get 5/9/2013
My old Dell Desk top had Windows XP when purchased years ago. 5/9/2013
Hi, my Acer Aspire X1301 Will not boot up. I get a black screen 5/9/2013
My computer has no soumd. How do I fix this 5/9/2013
i cannot get into my facebook can account because i changed 5/9/2013
I was using computer and all of a sudden it stoped and I can't 5/9/2013
New computer gift. No longer can get in without name & passsword. 5/8/2013
Approx 2 months ago I was trying to download some games onto 5/8/2013
RSS
Next 10 >
Ask A Tech Support Specialist
Type Your Computer Question Here...
characters left:

Top Computer Experts

See More Tech Support Specialists

In The News

Nbc
Washington Post
New York Times
Cnn
Learn More

How It Works

  • Ask an Expert
  • Get a Professional Answer
  • Ask Followup Questions
  • 100% Satisfaction Guarantee
Learn More
close
Find Expert answers related to your question.
Sign up using email
We will never post anything without your permission.
Already have an account? Sign in

Ask a Tech Support Specialist

Get a Professional Answer. 100% Satisfaction Guaranteed.
119 Tech Support Specialists are Online Now
Type Your Computer Question Here...
characters left:
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.
Truste
Contact Us | Terms of Service | Privacy & Security | About Us | Our Network
© 2003-2013 JustAnswer LLC
  • Pearl.com
  • JustAnswer UK
  • JustAnswer Germany
  • JustAnswer Spanish
  • JustAnswer Japan