BleepingComputer.com: Websites are being redirected

THis is what I'm getting when I go into IE no add ons...and I'm getting prompting if I want to manage add ons
Internet Explorer is currently running without add-ons

All Internet Explorer add-ons, such as ActiveX controls or toolbars, are turned off. Some webpages might not display correctly.
To continue to your home page, click the Home button.
To browse using add-ons, close Internet Explorer and then start it again.
Check for the latest Windows updates.

How do browser add-ons affect my browsing experience?

Quote

That's what we want for testing purposes.
Some add-ons MAY be causing redirections, so I want you to find out, if you run IE with add-ons disabled, redirection is still there.

MiniToolBox by Farbar
Ran by Jenna (administrator) on 02-07-2011 at 21:23:48
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : zucchij

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter #3

Physical Address. . . . . . . . . : 00-19-7E-9F-5F-EB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.74.166

68.87.68.166

Lease Obtained. . . . . . . . . . : Saturday, July 02, 2011 9:18:54 PM

Lease Expires . . . . . . . . . . : Sunday, July 03, 2011 9:18:54 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-1B-24-60-A5-F0

Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

Name: google.com
Addresses: 74.125.93.106, 74.125.93.103, 74.125.93.147, 74.125.93.104
74.125.93.99, 74.125.93.105



Pinging google.com [74.125.115.147] with 32 bytes of data:



Reply from 74.125.115.147: bytes=32 time=48ms TTL=51

Reply from 74.125.115.147: bytes=32 time=48ms TTL=51



Ping statistics for 74.125.115.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 48ms, Average = 48ms

Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=45ms TTL=51

Reply from 67.195.160.76: bytes=32 time=43ms TTL=51



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 45ms, Average = 44ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 7e 9f 5f eb ...... Atheros AR5007EG Wireless Network Adapter #3 - Packet Scheduler Miniport
0x3 ...00 1b 24 60 a5 f0 ...... Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 192.168.1.102 3 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/02/2011 08:09:01 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.5.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (06/30/2011 01:20:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/29/2011 01:40:27 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/29/2011 01:40:15 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/29/2011 01:39:56 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/29/2011 01:34:30 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/26/2011 10:11:14 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/26/2011 10:10:42 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module audiodev32.dll, version 1.0.1.52, stamp 42b68745, debug? 0, fault address 0x000367a7.

Error: (06/26/2011 07:10:30 PM) (Source: Application Error) (User: )
Description: Faulting application jaucheck.exe, version 2.0.2.4, faulting module jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.
Processing media-specific event for [jaucheck.exe!ws!]

Error: (06/22/2011 00:11:39 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.


System errors:
=============
Error: (06/30/2011 10:10:39 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/30/2011 10:29:00 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (06/30/2011 10:29:00 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/30/2011 10:27:54 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (06/30/2011 10:27:54 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/30/2011 10:27:40 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/30/2011 10:27:40 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/30/2011 10:26:14 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/30/2011 10:26:14 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/30/2011 10:24:57 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (12/12/2010 04:52:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160208 seconds with 1500 seconds of active time. This session ended with a crash.


========================= End of Event log errors =========================

Ok, looks good without add ons
I didn't get any redirections

Very well then.

I want you to go back to my reply #15, download and install Firefox and see if it's free of redirections as well.
It's always a good idea to have more than one browser installed, if only for troubleshooting purposes like in your case.

We'll go back to your IE situation as soon, as I know how Firefox does.

Firefox seems good as well

Very well

Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.

Restart IE and check for redirections.

No redirections so far!

Very well

Couple more steps...


1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

This post has been edited by Broni: 02 July 2011 - 10:23 PM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
Japanese Fonts Support For Adobe Reader 8
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Looks good

...and Eset....

C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\5y2u10xe.default\extensions\{aba4645a-e1eb-4482-8bd1-de8987e5dfb6}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\5y2u10xe.default\extensions\{aba4645a-e1eb-4482-8bd1-de8987e5dfb6}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Documents and Settings\Jenna\My Documents\setup.exe a variant of Win32/Adware.ErrorRepair application
C:\WINDOWS\system32\audiodev32.dll a variant of Win32/Kryptik.PQF trojan
C:\WINDOWS\system32\MP43DMOD32.dll Win32/TrojanDownloader.Agent.PDY trojan

Please, re-run Eset and let it fix all issues.

When done...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

Thank you so much for your help!

You're very welcome