Google&Yahoo Search Redirection & Fail Updates Installation

SherryWhite · Joined: Jul 05, 2009 Posts: 3

Lately, my computer has been acting weird. More than one person use it so I have no clue as when it started. However recently I noticed that both Yahoo & Google Redirects me to other links such as ads or other search pages. I notice that it has been a common problem lately too.. Also Automatic Window Updates won't install and has been a problem before Google&Yahoo issue. It will download but will not install. And when i go to check the download history it just says that all the downloads had been cancelled. Also when I try to download again it shows Download size as 0.
If anyone can give me any help I would much appreciate it.

Here's my Hijackthis.

C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=Q4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6164 bytes

Did a Malware scan after i posted this.. so here this is.

Malwarebytes' Anti-Malware 1.37
Database version: 2225
Windows 5.1.2600 Service Pack 3

7/4/2009 10:41:35 PM
mbam-log-2009-07-04 (22-41-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 142265
Time elapsed: 40 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Welcome to Lockergnome.

Please make sure you post your entire log next time including the headers.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

SherryWhite · Joined: Jul 05, 2009 Posts: 3

Okay thanks for the help. Here is the Combofix log...

ComboFix 09-07-08.04 - HP_Owner 07/07/2009 19:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.130 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-06 20:12 . 2009-07-06 20:12 488960 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-06 20:12 . 2009-07-06 20:12 319488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-07-06 02:10 . 2009-05-19 08:35 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
2009-07-06 02:10 . 2009-05-19 08:36 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-07-06 02:10 . 2009-05-19 08:36 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-07-06 02:10 . 2009-05-19 08:36 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-07-06 02:10 . 2009-05-19 08:35 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
2009-07-06 02:04 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-07-05 04:39 . 2009-07-05 04:39 -------- d-----w- c:\program files\Trend Micro
2009-07-04 23:52 . 2009-07-08 02:02 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\audiere.dll
2009-06-26 06:23 . 2009-06-26 07:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TeamViewer
2009-06-26 06:23 . 2009-06-26 06:23 -------- d-----w- c:\documents and settings\HP_Owner\temp
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-11 22:01 . 2009-06-11 22:03 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Auslogics
2009-06-11 21:59 . 2009-06-11 21:59 -------- d-----w- c:\program files\Auslogics
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-11 02:14 . 2009-06-11 02:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Uniblue
2009-06-09 20:03 . 2009-06-09 20:03 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\pywintypes25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 01:12 . 2009-06-04 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-07 10:04 . 2009-04-04 01:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVU
2009-07-06 02:33 . 2009-04-04 01:26 -------- d-----w- c:\program files\AIM6
2009-07-06 02:33 . 2009-04-04 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-06 02:09 . 2009-07-06 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-07-02 03:45 . 2009-04-03 21:58 33368 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 21:28 . 2009-04-04 01:46 80967 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\Uninstall.exe
2009-06-29 03:32 . 2009-04-04 01:45 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVUClient
2009-06-29 03:32 . 2009-05-20 22:57 16149640 ----a-w- c:\documents and settings\HP_Owner\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-06-25 20:20 . 2009-06-04 01:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 20:20 . 2009-06-04 01:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 20:20 . 2009-06-04 01:25 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 08:32 . 2009-04-27 00:13 1360960 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-11 02:44 . 2009-05-07 01:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SanDisk
2009-06-09 20:14 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-06-04 01:25 . 2009-06-04 01:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-04 01:23 . 2009-06-04 01:23 -------- d-----w- c:\program files\AVG
2009-06-03 23:51 . 2009-06-03 23:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-06-03 23:51 . 2009-06-03 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 23:51 . 2009-06-03 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-26 20:20 . 2009-06-03 23:51 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 20:19 . 2009-06-03 23:51 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-21 18:33 . 2009-04-03 07:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 08:36 . 2009-07-06 02:09 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-07-06 02:09 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-07-06 02:09 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-07-06 02:09 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-07-06 02:09 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-14 05:31 . 2009-05-14 05:31 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-05-14 05:30 . 2009-05-14 05:30 -------- d-----w- c:\program files\MSECACHE
2009-05-02 21:22 . 2009-05-02 20:54 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-02 21:09 . 2009-05-02 21:09 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-04-19 21:10 . 2009-04-04 23:53 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-04-17 12:26 . 2004-09-07 00:22 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-09-07 00:21 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot.TakeThisOut@2009-07-08_01.51.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 02:11 . 2009-07-08 02:11 16384 c:\windows\Temp\Perflib_Perfdata_344.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 20:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/3/2009 6:25 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/3/2009 6:25 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/3/2009 6:24 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/3/2009 6:23 PM 298776]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zmkk7iso.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-08 19:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 02:19
ComboFix2.txt 2009-07-08 01:59

Pre-Run: 23,871,324,160 bytes free
Post-Run: 23,856,881,664 bytes free

187 --- E O F --- 2009-07-07 10:04

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Uninstall Viewpoint via the Add/Remove Programs panel.

Delete this folder if found:

c:\documents and settings\All Users\Application Data\Viewpoint

What other issues (if any) are still remaining now?

SherryWhite · Joined: Jul 05, 2009 Posts: 3

Everything else is good. I'm still having issues with Automatic Updates. It downloads but will not install the updates.

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Try posting the Windows Update issue in the Windows board. They will followup on this issue with you and help you resolve the problem. This is most likely not malware related.