Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect

Unread postby lbragg » March 3rd, 2011, 1:43 pm

Hi,

I have been working on my parents' computer for a while now. I can not seem to remove the malware that is redirecting their computer to ad sites. I have tried numerous malware removal programs, but nothing seems to work. Their computer keeps coming up clean. Is there anything else I can do or do I need to just reinstall the entire computer? Here are my DDs Logs.

Thanks in advance for your time and help. I really appreciated it.

-Laurie

DDS (Ver_10-12-12.02) - NTFSx86
Run by Deborah Bragg at 12:30:32.54 on Thu 03/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.106 [GMT -5:00]

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00ED-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00CA-0D24-347CA8A3377C}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00C8-0D24-347CA8A3377C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Deborah Bragg\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [System Mechanic Popup Stopper] "c:\program files\iolo\system mechanic 5\PopupStopper.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Ulead Photo Express Calendar Checker] "c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe"
mRun: [avgnt] "c:\program files\antivir personaledition classic\avgnt.exe" /min
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [MessengerPlusUninstall] c:\windows\system32\cmd.exe /c "c:\docume~1\debora~1\locals~1\temp\MsgPlusUninst.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Popup Stopper - Add to Black List - c:\documents and settings\deborah bragg\AddToPSBlackList.htm
IE: Popup Stopper - Add to White List - c:\documents and settings\deborah bragg\AddToPSWhiteList.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/St ... b55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://xiaolongpao.spaces.live.com//Pho ... nPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZP ... b55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8469595734
DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/install ... nstall.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/defaul ... uncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zp ... b79352.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/Rite ... Online.cab
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... 102118.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zp ... b56649.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebin ... WebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/St ... b55579.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/defaul ... uncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\system~1\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\system~1\URLSTO~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debora~1\applic~1\mozilla\firefox\profiles\xap39epb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {D748E6A4-25BF-4370-8772-B1DE20780F60} - c:\documents and settings\deborah bragg\local settings\application data\{D748E6A4-25BF-4370-8772-B1DE20780F60}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-3-2 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-3-2 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-3 301528]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl23e1d06a;MpKsl23e1d06a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a8082990-406f-41cd-a329-823b2650c2e4}\MpKsl23e1d06a.sys [2011-3-3 28752]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-3-2 2855440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-3 42184]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-3-2 73728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-3 371544]
S1 avgio;avgio;\??\c:\program files\antivir personaledition classic\avgio.sys --> c:\program files\antivir personaledition classic\avgio.sys [?]
S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\antivir personaledition classic\sched.exe --> c:\program files\antivir personaledition classic\sched.exe [?]
S2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\antivir personaledition classic\avguard.exe --> c:\program files\antivir personaledition classic\avguard.exe [?]
S3 avgntflt;avgntflt;\??\c:\program files\antivir personaledition classic\avgntflt.sys --> c:\program files\antivir personaledition classic\avgntflt.sys [?]
S3 SGUARD;SGUARD;c:\windows\system32\drivers\SGuard.sys [2005-7-17 17857]

=============== Created Last 30 ================

2011-03-03 14:01:31 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-03 14:01:00 40648 ----a-w- c:\windows\avastSS.scr
2011-03-03 14:00:50 -------- d-----w- c:\program files\AVAST Software
2011-03-03 14:00:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-03 13:57:24 -------- d-----w- c:\docume~1\debora~1\applic~1\EurekaLog
2011-03-03 06:56:57 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a8082990-406f-41cd-a329-823b2650c2e4}\MpKsl23e1d06a.sys
2011-03-03 06:56:22 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a8082990-406f-41cd-a329-823b2650c2e4}\mpengine.dll
2011-03-02 20:19:29 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-03-02 20:01:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2011-02-12 17:27:31 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-02-12 17:27:19 -------- d-----w- c:\program files\Microsoft Security Client

==================== Find3M ====================

2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-01 01:17:48 1129122 -c--a-w- c:\program files\mkwACT097b1.exe
2004-08-01 01:15:36 1434149 -c--a-w- c:\program files\mkw-mfc42.exe
2004-07-31 14:59:03 9035144 -c--a-w- c:\program files\winamp504_strata.exe
2004-07-31 10:33:04 610442 -c--a-w- c:\program files\wsh23b32.EXE
2004-07-31 05:05:40 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-07-31 05:03:47 6811656 -c--a-w- c:\program files\psa201se_us.exe

============= FINISH: 12:31:26.61 ===============
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm
Advertisement
Register to Remove

Re: Google Redirect

Unread postby deltalima » March 3rd, 2011, 2:57 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby deltalima » March 3rd, 2011, 3:17 pm

Hi lbragg,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Avira AntiVir PersonalEdition
    Microsoft Security Essentials
    avast! Antivirus
    Emsisoft Anti-Malware
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please choose one to keep and remove all of the others.


I would recommend that you keep Avira AntiVir PersonalEdition

Reboot the coputer.

Now please run a new scan with DDS and copy the contents of both logs & post in your next reply

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with DDS.txt and Attach.txt from the DDS scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby lbragg » March 3rd, 2011, 3:57 pm

Thanks. Its my parents' home computer. They basically use it only to surf the web despite my mom's sewing programs and my dad's yearly home tax programs that are listed.

I did remove 2 out of four of the anti-virus programs, but I can not find Avira listed in the add and remove programs list. I can not find Avira on the Add & Remove list. Is it possible that the program was partially removed and the program is no longer installed?

I will run the new logs asap.

Thanks again.

Laurie
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby deltalima » March 3rd, 2011, 4:00 pm

Yes, run the scans and post the logs, that will show if Avira is still installed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby lbragg » March 3rd, 2011, 5:55 pm

That took longer than I expected. I had to post them as two separate posts.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Deborah Bragg at 15:08:37.17 on Thu 03/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.380 [GMT -5:00]

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00ED-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00CA-0D24-347CA8A3377C}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00C8-0D24-347CA8A3377C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deborah Bragg\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [System Mechanic Popup Stopper] "c:\program files\iolo\system mechanic 5\PopupStopper.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Ulead Photo Express Calendar Checker] "c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe"
mRun: [avgnt] "c:\program files\antivir personaledition classic\avgnt.exe" /min
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Popup Stopper - Add to Black List - c:\documents and settings\deborah bragg\AddToPSBlackList.htm
IE: Popup Stopper - Add to White List - c:\documents and settings\deborah bragg\AddToPSWhiteList.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/St ... b55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://xiaolongpao.spaces.live.com//Pho ... nPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZP ... b55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8469595734
DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/install ... nstall.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/defaul ... uncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zp ... b79352.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/Rite ... Online.cab
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... 102118.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zp ... b56649.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebin ... WebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/St ... b55579.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/defaul ... uncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\system~1\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\system~1\URLSTO~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debora~1\applic~1\mozilla\firefox\profiles\xap39epb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {D748E6A4-25BF-4370-8772-B1DE20780F60} - c:\documents and settings\deborah bragg\local settings\application data\{D748E6A4-25BF-4370-8772-B1DE20780F60}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-3 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-3 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-3 42184]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
S1 avgio;avgio;\??\c:\program files\antivir personaledition classic\avgio.sys --> c:\program files\antivir personaledition classic\avgio.sys [?]
S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\antivir personaledition classic\sched.exe --> c:\program files\antivir personaledition classic\sched.exe [?]
S2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\antivir personaledition classic\avguard.exe --> c:\program files\antivir personaledition classic\avguard.exe [?]
S3 avgntflt;avgntflt;\??\c:\program files\antivir personaledition classic\avgntflt.sys --> c:\program files\antivir personaledition classic\avgntflt.sys [?]
S3 SGUARD;SGUARD;c:\windows\system32\drivers\SGuard.sys [2005-7-17 17857]

=============== Created Last 30 ================

2011-03-03 14:01:31 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-03 14:01:00 40648 ----a-w- c:\windows\avastSS.scr
2011-03-03 14:00:50 -------- d-----w- c:\program files\AVAST Software
2011-03-03 14:00:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-03 13:57:24 -------- d-----w- c:\docume~1\debora~1\applic~1\EurekaLog
2011-03-02 20:19:29 -------- d-----w- c:\program files\Emsisoft Anti-Malware

==================== Find3M ====================

2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-01 01:17:48 1129122 -c--a-w- c:\program files\mkwACT097b1.exe
2004-08-01 01:15:36 1434149 -c--a-w- c:\program files\mkw-mfc42.exe
2004-07-31 14:59:03 9035144 -c--a-w- c:\program files\winamp504_strata.exe
2004-07-31 10:33:04 610442 -c--a-w- c:\program files\wsh23b32.EXE
2004-07-31 05:05:40 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-07-31 05:03:47 6811656 -c--a-w- c:\program files\psa201se_us.exe

============= FINISH: 15:10:30.76 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2004 8:32:47 AM
System Uptime: 3/3/2011 3:00:28 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 46.887 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2397: 1/18/2011 12:15:47 PM - Software Distribution Service 3.0
RP2398: 1/19/2011 1:44:00 AM - Software Distribution Service 3.0
RP2399: 1/19/2011 12:15:58 PM - Software Distribution Service 3.0
RP2400: 1/20/2011 1:44:33 AM - Software Distribution Service 3.0
RP2401: 1/20/2011 12:15:56 PM - Software Distribution Service 3.0
RP2402: 1/21/2011 1:45:15 AM - Software Distribution Service 3.0
RP2403: 1/21/2011 12:15:54 PM - Software Distribution Service 3.0
RP2404: 1/22/2011 1:44:40 AM - Software Distribution Service 3.0
RP2405: 1/22/2011 12:16:00 PM - Software Distribution Service 3.0
RP2406: 1/23/2011 1:44:44 AM - Software Distribution Service 3.0
RP2407: 1/23/2011 12:16:00 PM - Software Distribution Service 3.0
RP2408: 1/24/2011 1:43:48 AM - Software Distribution Service 3.0
RP2409: 1/24/2011 12:15:48 PM - Software Distribution Service 3.0
RP2410: 1/25/2011 1:43:54 AM - Software Distribution Service 3.0
RP2411: 1/25/2011 12:16:01 PM - Software Distribution Service 3.0
RP2412: 1/26/2011 1:43:47 AM - Software Distribution Service 3.0
RP2413: 1/26/2011 12:15:57 PM - Software Distribution Service 3.0
RP2414: 1/27/2011 1:43:47 AM - Software Distribution Service 3.0
RP2415: 1/27/2011 12:16:33 PM - Software Distribution Service 3.0
RP2416: 1/28/2011 1:44:12 AM - Software Distribution Service 3.0
RP2417: 1/28/2011 12:15:44 PM - Software Distribution Service 3.0
RP2418: 1/29/2011 1:44:59 AM - Software Distribution Service 3.0
RP2419: 1/29/2011 12:16:09 PM - Software Distribution Service 3.0
RP2420: 1/30/2011 1:44:24 AM - Software Distribution Service 3.0
RP2421: 1/31/2011 1:46:12 AM - Software Distribution Service 3.0
RP2422: 1/31/2011 12:04:15 PM - Software Distribution Service 3.0
RP2423: 2/1/2011 1:47:00 AM - Software Distribution Service 3.0
RP2424: 2/1/2011 12:04:17 PM - Software Distribution Service 3.0
RP2425: 2/2/2011 1:46:03 AM - Software Distribution Service 3.0
RP2426: 2/2/2011 12:03:42 PM - Software Distribution Service 3.0
RP2427: 2/3/2011 1:46:40 AM - Software Distribution Service 3.0
RP2428: 2/3/2011 12:04:05 PM - Software Distribution Service 3.0
RP2429: 2/4/2011 1:46:51 AM - Software Distribution Service 3.0
RP2430: 2/4/2011 12:04:16 PM - Software Distribution Service 3.0
RP2431: 2/5/2011 1:46:23 AM - Software Distribution Service 3.0
RP2432: 2/5/2011 12:04:01 PM - Software Distribution Service 3.0
RP2433: 2/6/2011 1:46:36 AM - Software Distribution Service 3.0
RP2434: 2/6/2011 12:04:02 PM - Software Distribution Service 3.0
RP2435: 2/7/2011 1:46:27 AM - Software Distribution Service 3.0
RP2436: 2/7/2011 12:03:54 PM - Software Distribution Service 3.0
RP2437: 2/8/2011 1:46:01 AM - Software Distribution Service 3.0
RP2438: 2/8/2011 12:03:53 PM - Software Distribution Service 3.0
RP2439: 2/9/2011 1:46:36 AM - Software Distribution Service 3.0
RP2440: 2/9/2011 3:00:20 AM - Software Distribution Service 3.0
RP2441: 2/10/2011 2:03:40 AM - Software Distribution Service 3.0
RP2442: 2/11/2011 2:02:51 AM - Software Distribution Service 3.0
RP2443: 2/12/2011 9:04:46 AM - Software Distribution Service 3.0
RP2444: 2/12/2011 12:26:57 PM - Software Distribution Service 3.0
RP2445: 2/13/2011 1:37:32 AM - Software Distribution Service 3.0
RP2446: 2/13/2011 12:34:18 PM - Software Distribution Service 3.0
RP2447: 2/14/2011 1:38:04 AM - Software Distribution Service 3.0
RP2448: 2/14/2011 9:20:38 AM - Removed Windows Live Messenger
RP2449: 2/14/2011 9:21:46 AM - Removed Windows Live Sign-in Assistant
RP2450: 2/14/2011 12:37:41 PM - Software Distribution Service 3.0
RP2451: 2/15/2011 1:38:36 AM - Software Distribution Service 3.0
RP2452: 2/15/2011 12:34:08 PM - Software Distribution Service 3.0
RP2453: 2/16/2011 1:38:45 AM - Software Distribution Service 3.0
RP2454: 2/16/2011 12:34:04 PM - Software Distribution Service 3.0
RP2455: 2/17/2011 1:37:52 AM - Software Distribution Service 3.0
RP2456: 2/17/2011 12:34:33 PM - Software Distribution Service 3.0
RP2457: 2/18/2011 1:38:33 AM - Software Distribution Service 3.0
RP2458: 2/18/2011 8:54:15 AM - Installed Java(TM) 6 Update 24
RP2459: 2/18/2011 12:34:43 PM - Software Distribution Service 3.0
RP2460: 2/19/2011 1:38:08 AM - Software Distribution Service 3.0
RP2461: 2/19/2011 12:34:36 PM - Software Distribution Service 3.0
RP2462: 2/20/2011 1:38:48 AM - Software Distribution Service 3.0
RP2463: 2/20/2011 12:34:35 PM - Software Distribution Service 3.0
RP2464: 2/21/2011 1:33:06 AM - Software Distribution Service 3.0
RP2465: 2/21/2011 7:12:11 PM - Software Distribution Service 3.0
RP2466: 2/22/2011 1:33:29 AM - Software Distribution Service 3.0
RP2467: 2/22/2011 7:12:05 PM - Software Distribution Service 3.0
RP2468: 2/23/2011 2:03:41 AM - Software Distribution Service 3.0
RP2469: 2/24/2011 1:57:45 AM - Software Distribution Service 3.0
RP2470: 2/24/2011 2:01:05 PM - Software Distribution Service 3.0
RP2471: 2/25/2011 1:55:52 AM - Software Distribution Service 3.0
RP2472: 2/25/2011 2:01:07 PM - Software Distribution Service 3.0
RP2473: 2/26/2011 2:01:47 PM - Software Distribution Service 3.0
RP2474: 2/27/2011 1:56:45 AM - Software Distribution Service 3.0
RP2475: 2/27/2011 2:01:57 PM - Software Distribution Service 3.0
RP2476: 2/28/2011 1:56:13 AM - Software Distribution Service 3.0
RP2477: 2/28/2011 2:02:06 PM - Software Distribution Service 3.0
RP2478: 3/1/2011 1:56:32 AM - Software Distribution Service 3.0
RP2479: 3/1/2011 2:02:03 PM - Software Distribution Service 3.0
RP2480: 3/2/2011 1:55:50 AM - Software Distribution Service 3.0
RP2481: 3/2/2011 2:03:20 PM - Software Distribution Service 3.0
RP2482: 3/2/2011 2:52:50 PM - Configured ELNKInst
RP2483: 3/2/2011 2:54:17 PM - Removed Print to Fax
RP2484: 3/2/2011 3:03:54 PM - Removed MSXML 4.0 SP2 (KB936181)
RP2485: 3/3/2011 1:56:16 AM - Software Distribution Service 3.0
RP2486: 3/3/2011 9:00:50 AM - avast! Free Antivirus Setup
RP2487: 3/3/2011 2:01:58 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader X (10.0.1)
aiofw
aioocr
aioprnt
aioscnnr
ArcSoft Software Suite
avast! Free Antivirus
Banctec Service Agreement
Broadcom Management Programs
Brother Embroidery Software 2.12
center
Click'N Design 3D
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell ResourceCD
Dell Solution Center
DellSupport
DIGOpt
DIGReqEx
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
ELNKInst
Hardlock Device Driver
Hardwood Solitaire III Lite
Help and Support Customization
Help_CTR
helptut
helpug
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iolo technologies' System Mechanic 5
Java Auto Updater
Java(TM) 6 Update 24
KODAK All-in-One Printer Software
ksdip
Lexmark X6100 Series
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Outlook Connector for MSN
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.14)
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAttorney Home And Business
netbrdg
PictureProject
QuickBooks Premier: Accountant Edition 2006
Quicken 2007
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PhotoPlus 6.0
SFR
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Tiger Woods PGA TOUR 2004
TurboTax ItsDeductible 2005
TurboTax Premier 2004
TurboTax Premier 2005
Ulead Photo Express 5 SE
Ulead VideoStudio 8.0 SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player (Remove Only)
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Womens Fitness
XVID Codec Installation
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/3/2011 3:02:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
3/3/2011 3:02:00 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
3/3/2011 3:02:00 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
3/3/2011 3:02:00 PM, error: Service Control Manager [7000] - The AntiVir PersonalEdition Classic Scheduler service failed to start due to the following error: The system cannot find the file specified.
3/3/2011 3:02:00 PM, error: Service Control Manager [7000] - The AntiVir PersonalEdition Classic Guard service failed to start due to the following error: The system cannot find the file specified.
3/2/2011 5:12:16 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 2:54:13 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wiafbdrv.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
2/26/2011 1:55:52 AM, error: Microsoft Antimalware [2001] -

==== End Of File ===========================
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby lbragg » March 3rd, 2011, 5:59 pm

It won't let me post the GMER results as it has too many characters. Do you want me to post it in two messages or can I submit this zip file?

Thanks,

Laurie
You do not have the required permissions to view the files attached to this post.
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby deltalima » March 3rd, 2011, 6:20 pm

Hi lbragg,

I did remove 2 out of four of the anti-virus programs, but I can not find Avira listed in the add and remove programs list.


It looks like just Avast is running now so we should be ok to continue.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby lbragg » March 3rd, 2011, 8:11 pm

The program found no malware.

2011/03/03 19:07:15.0875 3540 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/03 19:07:16.0031 3540 ================================================================================
2011/03/03 19:07:16.0031 3540 SystemInfo:
2011/03/03 19:07:16.0031 3540
2011/03/03 19:07:16.0031 3540 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/03 19:07:16.0031 3540 Product type: Workstation
2011/03/03 19:07:16.0031 3540 ComputerName: D4LHFQ41
2011/03/03 19:07:16.0031 3540 UserName: Deborah Bragg
2011/03/03 19:07:16.0031 3540 Windows directory: C:\WINDOWS
2011/03/03 19:07:16.0031 3540 System windows directory: C:\WINDOWS
2011/03/03 19:07:16.0031 3540 Processor architecture: Intel x86
2011/03/03 19:07:16.0031 3540 Number of processors: 1
2011/03/03 19:07:16.0031 3540 Page size: 0x1000
2011/03/03 19:07:16.0031 3540 Boot type: Normal boot
2011/03/03 19:07:16.0031 3540 ================================================================================
2011/03/03 19:07:16.0687 3540 Initialize success
2011/03/03 19:07:20.0000 2968 ================================================================================
2011/03/03 19:07:20.0000 2968 Scan started
2011/03/03 19:07:20.0000 2968 Mode: Manual;
2011/03/03 19:07:20.0000 2968 ================================================================================
2011/03/03 19:07:21.0187 2968 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/03 19:07:21.0421 2968 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/03/03 19:07:21.0734 2968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/03 19:07:21.0953 2968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/03 19:07:22.0093 2968 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/03/03 19:07:22.0265 2968 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/03 19:07:22.0437 2968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/03 19:07:22.0640 2968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/03 19:07:22.0859 2968 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/03/03 19:07:23.0109 2968 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/03/03 19:07:23.0390 2968 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/03/03 19:07:23.0812 2968 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/03/03 19:07:24.0421 2968 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/03/03 19:07:24.0984 2968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/03/03 19:07:25.0359 2968 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/03/03 19:07:25.0609 2968 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/03/03 19:07:25.0859 2968 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/03/03 19:07:26.0125 2968 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/03/03 19:07:26.0296 2968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/03/03 19:07:26.0437 2968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/03/03 19:07:26.0609 2968 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/03 19:07:26.0781 2968 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/03 19:07:26.0906 2968 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/03 19:07:27.0062 2968 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/03 19:07:27.0328 2968 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/03 19:07:27.0484 2968 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/03 19:07:27.0640 2968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/03 19:07:27.0828 2968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/03 19:07:28.0109 2968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/03 19:07:28.0406 2968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/03 19:07:28.0890 2968 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/03 19:07:29.0109 2968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/03 19:07:29.0453 2968 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/03/03 19:07:29.0609 2968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/03 19:07:29.0750 2968 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/03/03 19:07:29.0921 2968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/03 19:07:30.0062 2968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/03 19:07:30.0265 2968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/03 19:07:30.0546 2968 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/03/03 19:07:30.0734 2968 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/03/03 19:07:30.0875 2968 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/03/03 19:07:31.0046 2968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/03/03 19:07:31.0218 2968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/03 19:07:31.0421 2968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/03 19:07:31.0609 2968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/03 19:07:31.0796 2968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/03 19:07:32.0046 2968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/03 19:07:32.0218 2968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/03/03 19:07:32.0515 2968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/03 19:07:32.0937 2968 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/03 19:07:33.0234 2968 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/03 19:07:33.0687 2968 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/03 19:07:34.0046 2968 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/03 19:07:34.0281 2968 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/03/03 19:07:34.0578 2968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/03 19:07:34.0812 2968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/03 19:07:35.0062 2968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/03 19:07:35.0375 2968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/03 19:07:35.0656 2968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/03 19:07:36.0015 2968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/03 19:07:36.0281 2968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/03 19:07:36.0531 2968 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/03/03 19:07:36.0765 2968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/03 19:07:37.0156 2968 hardlock (e1aa11327dbc838ee4da47a182cd1269) C:\WINDOWS\System32\drivers\hardlock.sys
2011/03/03 19:07:37.0843 2968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/03 19:07:38.0093 2968 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/03/03 19:07:38.0234 2968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/03 19:07:38.0359 2968 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/03 19:07:38.0468 2968 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/03/03 19:07:38.0593 2968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/03 19:07:38.0734 2968 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/03/03 19:07:38.0890 2968 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/03/03 19:07:39.0015 2968 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/03/03 19:07:39.0156 2968 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/03/03 19:07:39.0296 2968 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/03/03 19:07:39.0421 2968 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/03/03 19:07:39.0562 2968 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/03/03 19:07:39.0718 2968 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/03/03 19:07:39.0968 2968 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/03/03 19:07:40.0109 2968 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/03/03 19:07:40.0265 2968 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/03 19:07:40.0453 2968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/03 19:07:40.0609 2968 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/03/03 19:07:40.0812 2968 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/03/03 19:07:41.0031 2968 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/03/03 19:07:41.0171 2968 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/03/03 19:07:41.0296 2968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/03/03 19:07:41.0421 2968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/03 19:07:41.0546 2968 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/03 19:07:41.0703 2968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/03 19:07:41.0828 2968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/03 19:07:41.0984 2968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/03 19:07:42.0109 2968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/03 19:07:42.0218 2968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/03 19:07:42.0359 2968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/03 19:07:42.0484 2968 Jukebox3 (c4d1e49a7d853a6fdfe8ec2906ae5aaa) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
2011/03/03 19:07:42.0625 2968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/03 19:07:42.0765 2968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/03 19:07:42.0906 2968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/03 19:07:43.0125 2968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/03 19:07:43.0250 2968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/03 19:07:43.0359 2968 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/03 19:07:43.0484 2968 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/03/03 19:07:43.0593 2968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/03 19:07:43.0718 2968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/03 19:07:43.0843 2968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/03 19:07:43.0968 2968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/03/03 19:07:44.0125 2968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/03 19:07:44.0265 2968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/03 19:07:44.0421 2968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/03 19:07:44.0546 2968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/03 19:07:44.0687 2968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/03 19:07:44.0828 2968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/03 19:07:44.0953 2968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/03 19:07:45.0078 2968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/03 19:07:45.0187 2968 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/03/03 19:07:45.0343 2968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/03 19:07:45.0546 2968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/03 19:07:45.0671 2968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/03 19:07:45.0812 2968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/03 19:07:45.0937 2968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/03 19:07:46.0062 2968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/03 19:07:46.0187 2968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/03 19:07:46.0343 2968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/03 19:07:46.0484 2968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/03 19:07:46.0703 2968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/03 19:07:46.0953 2968 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/03 19:07:47.0156 2968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/03 19:07:47.0296 2968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/03 19:07:47.0453 2968 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/03/03 19:07:47.0703 2968 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
2011/03/03 19:07:47.0953 2968 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/03/03 19:07:48.0140 2968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/03 19:07:48.0312 2968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/03 19:07:48.0468 2968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/03 19:07:48.0640 2968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/03 19:07:48.0906 2968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/03 19:07:49.0093 2968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/03 19:07:49.0640 2968 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/03/03 19:07:49.0796 2968 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/03/03 19:07:49.0984 2968 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/03/03 19:07:50.0250 2968 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/03/03 19:07:50.0406 2968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/03 19:07:50.0562 2968 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/03 19:07:50.0765 2968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/03 19:07:50.0937 2968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/03 19:07:51.0109 2968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/03/03 19:07:51.0265 2968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/03/03 19:07:51.0406 2968 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/03/03 19:07:51.0546 2968 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/03/03 19:07:51.0703 2968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/03/03 19:07:51.0828 2968 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/03/03 19:07:51.0968 2968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/03 19:07:52.0140 2968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/03 19:07:52.0328 2968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/03 19:07:52.0484 2968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/03 19:07:52.0671 2968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/03 19:07:52.0828 2968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/03 19:07:53.0015 2968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/03 19:07:53.0187 2968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/03 19:07:53.0359 2968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/03 19:07:53.0609 2968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/03 19:07:53.0781 2968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/03 19:07:53.0968 2968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/03 19:07:54.0156 2968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/03 19:07:54.0328 2968 SGUARD (b9d150cfb0b6532c50ab8030565b7f98) C:\WINDOWS\System32\drivers\SGuard.sys
2011/03/03 19:07:54.0609 2968 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/03/03 19:07:54.0812 2968 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/03 19:07:54.0984 2968 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/03/03 19:07:55.0109 2968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/03 19:07:55.0218 2968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/03 19:07:55.0375 2968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/03 19:07:55.0500 2968 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/03 19:07:55.0656 2968 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/03 19:07:55.0781 2968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/03 19:07:55.0968 2968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/03 19:07:56.0250 2968 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/03/03 19:07:56.0375 2968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/03/03 19:07:56.0500 2968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/03/03 19:07:56.0640 2968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/03/03 19:07:56.0765 2968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/03 19:07:56.0906 2968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/03 19:07:57.0031 2968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/03 19:07:57.0156 2968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/03 19:07:57.0265 2968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/03 19:07:57.0453 2968 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/03 19:07:57.0656 2968 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/03 19:07:57.0859 2968 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/03 19:07:58.0062 2968 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/03 19:07:58.0265 2968 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/03 19:07:58.0468 2968 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/03 19:07:58.0656 2968 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/03 19:07:58.0859 2968 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/03 19:07:59.0062 2968 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/03 19:07:59.0218 2968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/03/03 19:07:59.0359 2968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/03 19:07:59.0500 2968 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/03/03 19:07:59.0656 2968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/03 19:07:59.0843 2968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/03 19:07:59.0953 2968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/03 19:08:00.0062 2968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/03 19:08:00.0187 2968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/03 19:08:00.0296 2968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/03 19:08:00.0421 2968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/03 19:08:00.0546 2968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/03 19:08:00.0671 2968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/03 19:08:00.0781 2968 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/03/03 19:08:00.0906 2968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/03/03 19:08:01.0046 2968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/03 19:08:01.0187 2968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/03 19:08:01.0343 2968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/03 19:08:01.0578 2968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/03 19:08:01.0734 2968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/03 19:08:01.0859 2968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/03 19:08:01.0984 2968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/03 19:08:02.0140 2968 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/03/03 19:08:02.0281 2968 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/03/03 19:08:02.0453 2968 ================================================================================
2011/03/03 19:08:02.0453 2968 Scan finished
2011/03/03 19:08:02.0453 2968 ================================================================================
2011/03/03 19:08:28.0406 2448 Deinitialize success
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby deltalima » March 4th, 2011, 5:18 am

Hi lbragg,

Please let me know if you are using a router to connect to the Internet.

Please follow the instructions here to use OpenDNS.

Now reboot the computer and then let me know if the redirection has stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby lbragg » March 4th, 2011, 7:44 am

It is a wireless router from the cable company. What exactly is OpenDNS? Do I need to setup an account per the instructions on the top of their webpage?

Thanks again,

Laurie
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby deltalima » March 4th, 2011, 11:01 am

Hi lbragg,

What exactly is OpenDNS? Do I need to setup an account per the instructions on the top of their webpage


OpenDNS are a free alternative DNS provider. DNS services are normally provided by your ISP but my suspicion is that your router has been reconfigured by malware to use rogue DNS servers that cause the redirects.

There is no need to create an account, follow the instructions in the link to use their servers, it is straightforward to change back again after we have tested.

If we need to reset your router back to the default settings, do you still have the information required to configure it to work with your ISP?

Please let me now the make and model of the router.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby lbragg » March 4th, 2011, 1:37 pm

I have been having a hard time getting the computer to accept this Opendns. I put in the information and the system overrides it. Its Broadband connection with Verizon. The router is model 327W.

Is there something else I can try?
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby lbragg » March 4th, 2011, 1:55 pm

I did, however, flush the cache for the DNS, Webpages and Java.
lbragg
Active Member
 
Posts: 10
Joined: March 3rd, 2011, 1:34 pm

Re: Google Redirect

Unread postby deltalima » March 4th, 2011, 2:17 pm

Hi lbragg,

I have been having a hard time getting the computer to accept this Opendns. I put in the information and the system overrides it.


Please let me know what the settings are that are changed back to. I would expect it to be set to automatic.

Are you logged in as an Administrator?

Do you have the information needed to set the router up to work with the ISP if we reset it?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware