Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Redirect

Unread postby bruce19760401 » February 11th, 2010, 12:16 am

I seem to be ok now. Perhaps something was corrupted in my system files, and a repair of windows from the CD replaced one of the files that was causing the problem, and I'm back up and running. Thanks for your help along the way.
Active Member
Posts: 14
Joined: January 30th, 2010, 12:55 pm
Register to Remove

Re: Google Redirect

Unread postby km2357 » February 11th, 2010, 1:32 am

Good to hear that your computer is back up and running. :)

As a check to make sure everything is looking good, I'd like you to run DDS again and post the DDS and Attach logs in your next post/reply for me to look over.

Thanks. :)
User avatar
MRU Master
MRU Master
Posts: 3004
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google Redirect

Unread postby bruce19760401 » February 11th, 2010, 1:50 am

Attached are the requested logs. Thanks for looking again to be sure all is ok.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Bruce at 0:47:35.54 on Thu 02/11/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1430 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.ca/
uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: cnet.com\download
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/ze ... engems.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSIns ... _load.html
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/de ... nodeal.cab
DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} - hxxp://www.worldwinner.com/games/v44/wa ... offame.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/sk ... illgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/sh ... Loader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/mo ... eylist.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/so ... rerush.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/tr ... ursuit.cab
DPF: {5685BC20-FBE6-11D2-885F-00A0243C2C64} - hxxps://pay.adp.ca/payatwork/Common/SpectrumRDC.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/be ... eweled.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2548001234
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.evansmartin.com/NELX.cab
DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} - hxxps://pay.adp.ca/payatwork/Common/iemenu.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/be ... dtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A7A61128-0EAA-11D1-B22F-0000C08C00C4} - hxxps://pay.adp.ca/payatwork/Common/Ssdw3b32.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} - hxxp://www.worldwinner.com/games/v46/gr ... trivia.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/mo ... nopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/ti ... lecity.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/di ... erdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/my ... terypi.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/fa ... lyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-9 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-9 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-9 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-9 285392]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-10-9 20504]

=============== Created Last 30 ================

2010-02-11 04:23:38 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-11 04:23:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-11 04:22:46 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-11 04:20:37 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-11 04:20:31 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-11 04:20:26 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-11 04:20:00 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-11 04:19:24 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-11 04:19:18 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-11 04:01:49 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-11 04:01:48 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-02-11 04:01:48 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-11 04:01:48 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-11 04:01:48 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-02-11 04:01:47 991232 -c----w- c:\windows\system32\dllcache\ieframe.dll.mui
2010-02-11 04:01:47 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-02-11 04:01:47 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-02-11 04:01:46 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-11 03:35:58 5971 -c----w- c:\windows\system32\dllcache\events.js
2010-02-11 03:35:56 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-02-11 03:35:55 999 -c----w- c:\windows\system32\dllcache\bktrh.gif
2010-02-11 03:35:55 9585 -c----w- c:\windows\system32\dllcache\controls.css
2010-02-11 03:35:55 8298 -c----w- c:\windows\system32\dllcache\contents.htm
2010-02-11 03:35:55 773 -c----w- c:\windows\system32\dllcache\cnth.gif
2010-02-11 03:35:55 773 -c----w- c:\windows\system32\dllcache\cnt.gif
2010-02-11 03:35:55 772 -c----w- c:\windows\system32\dllcache\cntd.gif
2010-02-11 03:35:55 760 -c----w- c:\windows\system32\dllcache\cloapph.gif
2010-02-11 03:35:55 717 -c----w- c:\windows\system32\dllcache\cloapp.gif
2010-02-11 03:35:55 6878 -c----w- c:\windows\system32\dllcache\controls.js
2010-02-11 03:35:55 381425 -c----w- c:\windows\system32\dllcache\copycd.wmv
2010-02-11 02:58:46 884736 ----a-w- c:\windows\system32\msimsg.dll
2010-02-11 02:58:46 78848 ----a-w- c:\windows\system32\msiexec.exe
2010-02-11 02:58:46 2843136 ----a-w- c:\windows\system32\msi.dll
2010-02-11 02:58:46 271360 ----a-w- c:\windows\system32\msihnd.dll
2010-02-11 02:58:46 15360 ----a-w- c:\windows\system32\msisip.dll
2010-02-11 02:47:59 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-02-11 02:46:56 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2010-02-11 02:44:46 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-11 02:44:41 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-11 02:44:41 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-11 02:44:41 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-11 02:44:41 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-11 02:44:41 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-11 02:44:23 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-11 02:30:58 266240 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-02-11 02:30:58 185776 ----a-w- c:\windows\system32\SRSTSHD.dll
2010-02-11 02:30:58 17408 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-02-11 02:30:58 167936 ----a-w- c:\windows\system32\SRSHP360.dll
2010-02-11 02:30:58 126976 ----a-w- c:\windows\system32\maxxaudioapo.dll
2010-02-11 02:19:10 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-11 02:19:10 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-11 02:19:10 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-11 02:19:10 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-11 02:18:49 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2010-02-11 02:18:49 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2010-02-11 02:18:49 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2010-02-11 02:18:49 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2010-02-11 02:18:48 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2010-02-11 02:18:48 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2010-02-11 02:18:48 1042903 -c--a-w- c:\windows\system32\dllcache\SP2.CAT
2010-02-11 02:18:45 13753 ----a-r- c:\windows\SETDD.tmp
2010-02-11 02:18:42 1086058 ----a-r- c:\windows\SETD1.tmp
2010-02-11 02:18:40 1042903 ----a-r- c:\windows\SETCE.tmp
2010-02-10 03:33:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-10 03:33:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-10 03:33:45 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-10 03:33:37 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-09 04:30:35 16 ----a-w- c:\documents and settings\bruce\.javafx_ping_sent
2010-02-09 04:30:33 0 ----a-w- c:\documents and settings\bruce\.javafx_eula_accepted
2010-02-09 02:49:10 0 d-sha-r- C:\cmdcons
2010-02-09 02:48:05 98816 ----a-w- c:\windows\sed.exe
2010-02-09 02:48:05 77312 ----a-w- c:\windows\MBR.exe
2010-02-09 02:48:05 261632 ----a-w- c:\windows\PEV.exe
2010-02-09 02:48:05 161792 ----a-w- c:\windows\SWREG.exe
2010-02-08 05:59:07 0 d-----w- C:\$AVG
2010-02-06 20:26:50 0 d-----w- c:\windows\system32\Adobe
2010-01-26 05:07:14 0 d-----w- c:\program files\Trend Micro
2010-01-26 03:57:34 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-26 03:49:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-26 03:48:34 0 d-----w- c:\program files\common files\iS3
2010-01-26 03:48:34 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-26 03:17:19 0 d-----w- c:\docume~1\bruce\applic~1\Malwarebytes
2010-01-26 03:17:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 03:17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 03:17:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 03:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 04:22:43 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-02-11 02:43:05 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 0:48:01.03 ===============


DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 2/10/2010 9:48:43 PM
System Uptime: 2/10/2010 11:38:31 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790FX-DS5
Processor: AMD Phenom(tm) 9550 Quad-Core Processor | Socket M2 | 2209/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 120.683 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 17.811 GiB free.
F: is FIXED (NTFS) - 298 GiB total, 16.651 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/10/2010 9:55:40 PM - System Checkpoint
RP2: 2/10/2010 9:58:22 PM - Software Distribution Service 3.0
RP3: 2/10/2010 10:18:16 PM - Software Distribution Service 3.0
RP4: 2/10/2010 10:37:44 PM - Software Distribution Service 3.0
RP5: 2/10/2010 11:04:11 PM - Installed Windows NLSDownlevelMapping.
RP6: 2/10/2010 11:04:34 PM - Installed Windows IDNMitigationAPIs.
RP7: 2/10/2010 11:05:46 PM - Installed Windows Internet Explorer 7.
RP8: 2/10/2010 11:06:10 PM - Software Distribution Service 3.0
RP9: 2/10/2010 11:26:43 PM - Software Distribution Service 3.0
RP10: 2/10/2010 11:37:05 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Decoder
ATI Display Driver
ATI Multimedia Center
ATI Multimedia Center 9.10
ATI Parental Control & Encoder
ATI Problem Report Wizard
ATI Remote Wonder
ATI Remote Wonder 3.03
AuthorScript Engine 1.0
AVG Free 9.0
Bell Internet Service Advisor 2.1.7
CCS64 V3.7
Compatibility Pack for the 2007 Office system
Destination Component
DVD Decrypter (Remove Only)
DVD2AVI 1.82
ffdshow [rev 3082] [2009-09-21]
Gigabyte Raid Configurer
GUIDE PLUS+(TM) for Windows® System - ATI
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
IBM OnDemand AFP Web Viewer
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 7
K-Lite Codec Pack 2.27 Full
LightScribe System Software
Logitech ImageStudio
Logitech Print Service
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
Nimo Codecs Pack v5.0 (Remove Only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SonicWALL SSL-VPN NetExtender
Spelling Dictionaries Support For Adobe Reader 9
The Sims
TitanTV Client components for ATI
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows XP Service Pack 3
Winmx Community 1
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

2/10/2010 9:57:02 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
2/10/2010 9:50:17 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
2/10/2010 9:45:22 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

==== End Of File ===========================
Active Member
Posts: 14
Joined: January 30th, 2010, 12:55 pm

Re: Google Redirect

Unread postby km2357 » February 11th, 2010, 3:22 pm

Both DDS Logs look good. :)

Have you stopped getting redirected since doing the repair install with the Windows CD?

We're almost done here, but I'd like for you to do a few more scans for me. :)

Step # 1 Remove old versions of Java

Older Java versions have vulnerabilities and need to be removed.

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

Java(TM) 6 Update 7

Reboot your Computer.

Step # 2 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.

Step # 3: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. Kaspersky Log
User avatar
MRU Master
MRU Master
Posts: 3004
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google Redirect

Unread postby bruce19760401 » February 12th, 2010, 7:33 pm

The redirects have stopped. Likely a file was replaced that may have been causing the problem, when I repaired windows (I know that at least solved my booting problem). I had to remove all versions of JAVA as the kaspersky program wouldn't recognize the version I had, and I then reinstalled version 6 update 18. The logs are below. If there is something I should delete as a result of the logs, please just let me know. Thanks again.

Malwarebytes' Anti-Malware 1.44
Database version: 3730
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/12/2010 9:29:46 AM
mbam-log-2010-02-12 (09-29-46).txt

Scan type: Quick Scan
Objects scanned: 116087
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Friday, February 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version:
Last database update: Friday, February 12, 2010 13:55:02
Records in database: 3487227

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:

Scan statistics:
Objects scanned: 75923
Threats found: 5
Infected objects found: 8
Suspicious objects found: 2
Scan duration: 01:29:03

File name / Threat / Threats count
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Password-protected-EXE 1
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Bagle.n 1
C:\Documents and Settings\Bruce\My Documents\mail.pst Suspicious: Password-protected-EXE 1
C:\Documents and Settings\Bruce\My Documents\mail.pst Infected: Email-Worm.Win32.Bagle.n 1
C:\Software\Software Old\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Software\Software Old\zas2501.exe Infected: not-a-virus:AdWare.Win32.NavExcel 4
C:\Software\Software Old\zas2501.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 1

Selected area has been scanned.
Active Member
Posts: 14
Joined: January 30th, 2010, 12:55 pm

Re: Google Redirect

Unread postby km2357 » February 13th, 2010, 1:36 pm

Delete the following file, if found:

C:\Software\Software Old\zas2501.exe

Open up Outlook and delete the e-mails you no longer need that are in the Inbox. Also, delete all e-mails that are in the Junk, Spam and/or Bulk Folder(s).
User avatar
MRU Master
MRU Master
Posts: 3004
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google Redirect

Unread postby bruce19760401 » February 13th, 2010, 4:21 pm

All done. I reran the kaspersky scan on the folders where the mail/outlook files were kept, and it didn't find anything this time. Thanks again.

Active Member
Posts: 14
Joined: January 30th, 2010, 12:55 pm

Re: Google Redirect

Unread postby km2357 » February 13th, 2010, 10:49 pm

Good to hear that Kaspersky didn't find anything. :)

If there are no more problems, then you are good to go. :)

You can delete the following off of your computer:

The two DDS Logs
The GMER Log

To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.

Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  • This will remove all restore points except the new one you just created.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.

Make your Internet Explorer more secure This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub frames across different domains to Prompt
  5. When all these settings have been made, click on the OK button.
  6. If it asks you if you want to save the settings, press the Yes button.
  7. Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miek ... ntion.html

If your computer is running slow, click here for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
User avatar
MRU Master
MRU Master
Posts: 3004
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google Redirect

Unread postby bruce19760401 » February 14th, 2010, 1:32 am

All done. Thanks.
Active Member
Posts: 14
Joined: January 30th, 2010, 12:55 pm

Re: Google Redirect

Unread postby km2357 » February 14th, 2010, 1:51 pm

You're welcome. I'm glad I was able to help you out. :)

Good luck and safe surfing!
User avatar
MRU Master
MRU Master
Posts: 3004
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google Redirect

Unread postby Dakeyras » February 14th, 2010, 4:04 pm

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
MRU Honors Graduate
MRU Honors Graduate
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Register to Remove


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware