Hello, first time user for this program. Problem I'm having is the computer is running slower and now I'm getting redirects whenever I use google - it sends me to search-daily.com or something else unwanted. Would like to resolve this.

Thank you.

Update HJT....

Please download HijackThis to your desktop.. http://www.trendsecure.com/portal/en...HJTInstall.exe
Alternate link
http://download.bleepingcomputer.com...HJTInstall.exe
This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Upon install, HijackThis should open for you.
Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

==============================


This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

Sorry about the mixup with HJT as I was working three logs and got the wrong one posted to you....

Okay, here's the another log file from HJT, same version though as before, 2.02.


And here's the other log for ComboFix:

ComboFix 07-12-21.4 - Default 2007-12-23 1:56:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.535 [GMT -5:00]
Running from: C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\5HVZYS29\ComboFix[1].exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dpwsockf.dll
C:\WINDOWS\system32\dpwsockxs.dll
C:\WINDOWS\system32\drivers\ffdphjvq.dat
C:\WINDOWS\Tasks.\At1.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NVMOZSVY
-------\LEGACY_RGJXVKRJ
-------\nvmozsvy
-------\rgjxvkrj

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.
2007-12-22 01:59 . 2007-12-22 02:01 5,443,338 --a------ C:\WINDOWS\system32\SBSP.dat
2007-12-22 01:58 . 2007-12-22 02:01 318 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-21 17:57 . 2007-12-21 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-20 18:46 . 2007-12-20 18:46 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-20 18:36 . 2007-12-20 18:36 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Sunbelt Software
2007-12-20 18:36 . 2007-12-20 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-20 18:34 . 2007-12-20 18:34 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-20 09:44 . 2007-12-20 09:44 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-20 09:44 . 2007-12-20 09:44 741,632 --a------ C:\WINDOWS\system32\ivtwbtdd.dat
2007-12-20 09:44 . 2007-12-20 09:44 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-20 09:44 . 2007-12-20 09:44 42,240 --a------ C:\WINDOWS\system32\qitqzgqw.dat
2007-12-20 09:44 . 2007-12-20 09:44 36,096 --a------ C:\WINDOWS\system32\wrevymfh.dat
2007-12-20 09:44 . 2007-12-20 09:44 35,072 --a------ C:\WINDOWS\system32\kxpovvfh.dat
2007-12-17 02:07 . 2007-12-22 18:20 120,576 --a------ C:\WINDOWS\system32\wjimsegq.dat
2007-12-17 02:00 . 2007-12-22 01:59 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-17 02:00 . 2007-06-03 10:17 17,408 --a------ C:\WINDOWS\system32\qdtfbvvl.exe
2007-11-29 11:34 . 2007-11-29 11:34 <DIR> d-------- C:\Documents and Settings\Jane\Application Data\FastStone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 08:19 --------- d-----w C:\Program Files\vmntoolbar
2007-11-07 00:25 --------- d-----w C:\Documents and Settings\Jane\Application Data\VMNTOOLBAR
2004-05-14 21:47 24,896 -c--a-w C:\Documents and Settings\Default\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"TimeLeft"="C:\Program Files\TimeLeft\timeleft.exe" []
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51]
"AIM"="C:\Program Files\AIM95\aim.exe" [2004-09-01 11:26]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16]
"qdtfbvvl"="C:\WINDOWS\system32\qdtfbvvl.exe" [2007-06-03 10:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-03-20 21:23 C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-02-20 21:01]
"HydarVisionDesktopManager"="" []
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.ex e" [2001-07-09 10:50]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 03:20]
"POINTER"="point32.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-03-18 06:00]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-10 14:07]
"WildTangent CDA"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-28 23:27]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 13:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-15 22:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 13:17]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 13:20]
"qdtfbvvl"="C:\WINDOWS\system32\qdtfbvvl.exe" [2007-06-03 10:17]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 13:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.ex e" [2005-05-04 13:45]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-01-19 10:26:47]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 13:25:56]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-12-20 18:46]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV53 2AV.SYS [2003-09-15 22:41]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapif s.sys []
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Default\LOCALS~1\Tem p\cdrmkaun.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys [2002-03-13 05:19]
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 04:04:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 02:09:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-23 2:11:27 - machine was rebooted
.
2007-12-20 15:01:28 --- E O F ---




Thanks for any help you can offer.

You should find a difference after this....


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {5628BA7C-A3E7-46BB-AEB6-F7FA3CA22F14} - c:\windows\system32\dpwsockf.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {897A07CB-B6BD-48C4-835E-FB97AAEE84E7} - C:\WINDOWS\system32\dpwsockxs.dllCF82} - (no file)
O20 - Winlogon Notify: khffebc - khffebc.dll (file missing)
O4 - HKLM\..\Run: [qdtfbvvl] C:\WINDOWS\system32\qdtfbvvl.exe
O4 - HKCU\..\Run: [TimeLeft] C:\Program Files\TimeLeft\timeleft.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O20 - Winlogon Notify: ptmtwxah - C:\WINDOWS\SYSTEM32\dpwsockf.dll

=====================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*