Virus keeps redirecting my machine to other sites

The machine was infected by some viruses, I scanned it with AVG on another machine, but now when I try to get an update for AVG or go to the AVG web site I.E. gets redirected to other sites.  I ran a Hijack This and got the resulting output.  Can someone take a look at it and see what I need to delete.  I'm not sure what to keep and what to get rid of

Thanks
hijackthis.log
c7c4c7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IndiGenusCommented:
Hi,
This line indicates a smitfraud infection:
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

I would also advise you run a scan with MalwareBytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rpggamergirlCommented:
These entries below is the obvious active nasties belonging to smitfraud infection, Smitfraudfix should be able to take care of it as IndiGenus already suggested, other option is MalwawreBytes and SDFix.

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\My Pass Generator\isamonitor.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

C:\Program Files\My Pass Generator <-- and make sure this folder is gone.
0
c7c4c7Author Commented:
rpqqamergirl, Smitfraudfix took care of those entries, but I am still having a problem with updates to things like avg and malwarebytes.  

When I tried to bring the machine up in safe mode I got a blue screen and had to run it in Normal mode.  It got some but not all of whatever the problem is.

When I try to ping everything gets redirected to 127.0.0.1.  When I look for the hosts file and LMhost they are nowhere to be found.  Something is probably redirecting everything for security updates away from the site.

Any ideas

Thx
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

rpggamergirlCommented:
Try and download HostsXpert and save it to your desktop:
http://www.funkytoad.com/download/HostsXpert.zip
Extract the zip file to your desktop
Open the folder and double-click on HostsXpert.
Click on "Restore Microsoft's Hosts File".

Also run Combofix.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
c7c4c7Author Commented:
The problem seems to have been corrected by using both SmitFraudFix and MalWareBytes.  The host files turned out to be where they were suppose to be, not sure why the search didn't turn them up.

I'm not having anymore problems with Browser redirection or failure to load the updates for AVG of MalwareBytes

Thanks for the help
0
c7c4c7Author Commented:
Thanks again for the help
0
IndiGenusCommented:
Great, glad it worked out.

Regards,
Dave
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.