bseymour

Yes. I'm still getting redirected to ad pages on search sites.

Here is my Avira log. Avira AntiVir Personal Report file date: 26 August 2009 09:07 Scanning for 1662910 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PROFESSI-520E2F Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 13:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:21:42 ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 08:06:00 ANTIVIR3.VDF : 7.1.5.166 161792 Bytes 26/08/2009 08:06:00 Engineversion : 8.2.1.7 AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 13:31:50 AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26/08/2009 08:06:05 AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 09:59:39 AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 09:59:39 AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 13:31:50 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 09:59:39 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 26/08/2009 08:06:04 AEHELP.DLL : 8.1.6.0 233846 Bytes 26/08/2009 08:06:01 AEGEN.DLL : 8.1.1.59 356725 Bytes 26/08/2009 08:06:01 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 14:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 09:59:39 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 10:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 10:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 26 August 2009 09:07 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESQULserv.sys\modules [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESQULserv.sys\start [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESQULserv.sys\type [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESQULserv.sys\imagepath [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESQULserv.sys\group [iNFO] The registry entry is invisible. '8136' objects were checked, '5' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'TaskSwitchXP.exe' - '1' Module(s) have been scanned Scan process 'LClock.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'WMP54GSv1_1.exe' - '1' Module(s) have been scanned Scan process 'WLService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '55' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Administrator\Desktop\mw3n4_all_bie.exe [DETECTION] Is the TR/Renaz.46560 Trojan C:\My Stuff\Magic DVD Ripper v5.3\keygen.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\My Stuff\Music\Coldplay - Viva La Vida\04 Coldplay - 42.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit C:\My Stuff\SFCIII\Starfleet Command 3.part03.rar [0] Archive type: RAR --> tex.uha [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\My Stuff\SFCIII\Starfleet Command 3.part08.rar [0] Archive type: RAR --> Assets\Models\Akira\akira.x [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\My Stuff\SFCIII\Starfleet Command 3.part10.rar [0] Archive type: RAR --> Assets\Sound\SFCSounds.zip [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINNT\system32\msihost.exe [DETECTION] Is the TR/FraudPack.SE Trojan C:\WINNT\Temp\000018f6 [DETECTION] Is the TR/Spy.54272.31 Trojan Beginning disinfection: C:\Documents and Settings\Administrator\Desktop\mw3n4_all_bie.exe [DETECTION] Is the TR/Renaz.46560 Trojan [NOTE] The file was moved to '4ac7f493.qua'! C:\My Stuff\Magic DVD Ripper v5.3\keygen.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4b0df481.qua'! C:\My Stuff\Music\Coldplay - Viva La Vida\04 Coldplay - 42.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4ab4f450.qua'! C:\WINNT\system32\msihost.exe [DETECTION] Is the TR/FraudPack.SE Trojan [NOTE] The file was moved to '4afdf48f.qua'! C:\WINNT\Temp\000018f6 [DETECTION] Is the TR/Spy.54272.31 Trojan [NOTE] The file was moved to '4ac4f44c.qua'! End of the scan: 26 August 2009 09:36 Used time: 28:52 Minute(s) The scan has been done completely. 8092 Scanned directories 173774 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 173768 Files not concerned 1036 Archives were scanned 7 Warnings 6 Notes 8136 Objects were scanned with rootkit scan 5 Hidden objects were found Thanks again!

Hi I got some kind of malware bundle a few days ago, and I thought Malwarebytes (which is a great program, btw) had taken care of everything. However, whenever I use firefox or IE, they are both quite slow. When I use a search engine (Google or Bing), I usually (but not always) get redirected to some kind of ad site. I also have random pop-up ads and the false "Windows Internet Security" warning (seen here http://i25.tinypic.com/eryctw.jpg). I've run Malwarebytes and Hijackthis, and have posted the logs below. When I dealt with the original malware, I was unable to open Malwarebytes, but fixed this by renaming its app file to xyz.exe or somthing like that. Thanks for any help you can give Malwarebytes Log Malwarebytes' Anti-Malware 1.40 Database version: 2697 Windows 5.1.2600 Service Pack 3 8/25/2009 10:38:55 PM mbam-log-2009-08-25 (22-38-55).txt Scan type: Full Scan (C:\|) Objects scanned: 171555 Time elapsed: 20 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijackthis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:35 PM, on 8/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\WINNT\Explorer.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\xxx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKLM\..\Run: [DMS Multi User] C:\Program Files\Digital Media Studio\dms_sus.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1c9dec0ce19aee) (gupdate1c9dec0ce19aee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\WINNT\system32\msihost.exe (file missing) O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 7215 bytes Thanks again!