Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirects

Unread postby princessgeek » April 14th, 2011, 11:59 pm

Kids are on spring break and download goodness knows what. *sigh* I'm getting lots of redirects and often it is ads but I've seen allgive.com pop up a few times. Anyway, please help! :D Here's the DDS and Attach files.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Brenden Young at 19:31:18.56 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1034 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Brenden Young\My Documents\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=17708
uSearch Page =
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.alienware.com/Mothership?Com ... 3931363841
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\brenden young\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\brende~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 9077742718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\brende~1\applic~1\mozilla\firefox\profiles\4w0jd0d8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\brenden young\application data\mozilla\firefox\profiles\4w0jd0d8.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\documents and settings\brenden young\local settings\application data\google\chrome\user data\default\extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.150_0\npsoe.dll
FF - plugin: c:\documents and settings\brenden young\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-4-28 77312]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl052ceb61;MpKsl052ceb61;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl052ceb61.sys [2011-4-13 28752]
R1 MpKsl38c95b11;MpKsl38c95b11;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl38c95b11.sys [2011-4-14 28752]
R1 MpKsl5473a0ad;MpKsl5473a0ad;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl5473a0ad.sys [2011-4-14 28752]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-11-4 20480]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2003-9-2 44032]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-11-4 57440]
S2 CloudAvUpdater;CloudAvUpdater;c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5.tmp\setup.exe [2011-4-14 739136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-552 reva\WLSVC.exe [2010-11-4 167936]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2010-11-4 356433]
S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]
.
=============== Created Last 30 ================
.
2011-04-15 00:09:57 72 ----a-w- c:\windows\RAVTC.TMP
2011-04-15 00:09:54 739136 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5.tmp\setup.exe
2011-04-15 00:09:53 -------- d-----w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\Pan5.tmp
2011-04-15 00:09:34 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl38c95b11.sys
2011-04-14 13:14:45 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl5473a0ad.sys
2011-04-14 04:03:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl052ceb61.sys
2011-04-12 14:49:50 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-11 14:49:41 -------- d-----w- c:\docume~1\brende~1\applic~1\Panda Security
2011-04-11 14:48:41 -------- d-----w- c:\program files\Panda Security
2011-04-11 14:48:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2011-04-11 14:47:07 428352 ----a-w- c:\program files\mozilla firefox\StubInstaller.exe
2011-04-09 04:18:41 -------- d-----w- c:\docume~1\brende~1\applic~1\Malwarebytes
2011-04-09 04:18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 04:18:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-09 04:18:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 04:18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 03:54:13 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\mpengine.dll
2011-04-09 03:54:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-09 03:49:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-09 01:15:50 -------- d-----w- c:\docume~1\brende~1\applic~1\.clamwin
2011-04-09 01:15:40 -------- d-----w- c:\program files\ClamWin
2011-04-09 01:15:40 -------- d-----w- c:\documents and settings\all users\.clamwin
2011-04-09 01:07:38 -------- d-----w- c:\docume~1\brende~1\applic~1\BabylonToolbar
2011-04-08 21:55:55 -------- d-----w- c:\program files\GEMP Loader
2011-04-08 21:49:28 53248 ------w- c:\windows\system32\RemFarStone.exe
2011-04-06 20:34:23 -------- d-----w- c:\program files\SweetIM
2011-04-05 23:48:52 -------- d-----w- c:\program files\Cave Story Deluxe
2011-04-04 20:00:16 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-04 20:00:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-04 20:00:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-04-04 17:01:22 -------- d-----w- c:\windows\ie8updates
2011-04-04 17:00:30 -------- dc-h--w- c:\windows\ie8
2011-04-04 16:52:58 55296 ------w- c:\windows\system32\SETA46.tmp
2011-04-04 16:52:57 1991680 ------w- c:\windows\system32\SETA4B.tmp
2011-04-04 16:52:56 916480 ------w- c:\windows\system32\SETA40.tmp
2011-04-04 16:52:56 602112 ------w- c:\windows\system32\SETA47.tmp
2011-04-04 16:52:56 5961216 ------w- c:\windows\system32\SETA45.tmp
2011-04-04 16:52:56 1210880 ------w- c:\windows\system32\SETA41.tmp
2011-04-04 16:52:31 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-04 16:52:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-04 16:52:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-04 16:52:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-04 16:51:50 -------- d-----w- c:\docume~1\brende~1\locals~1\applic~1\OpenCandy
2011-04-04 16:51:48 -------- d-----w- c:\docume~1\brende~1\applic~1\OpenCandy
2011-04-02 16:59:18 -------- d-----w- c:\documents and settings\brenden young\dwhelper
2011-04-01 16:02:24 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-04-01 16:02:01 -------- d-----w- c:\docume~1\brende~1\applic~1\DAEMON Tools Lite
2011-04-01 16:02:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2011-04-01 15:43:45 -------- d-----w- c:\program files\PowerISO
2011-04-01 15:28:09 2829 ----a-w- c:\windows\DIIUnin.pif
2011-04-01 15:28:08 94208 ----a-w- c:\windows\DIIUnin.exe
2011-04-01 15:21:52 -------- d-----w- C:\Diablo II
2011-03-18 17:04:24 -------- d-----w- c:\program files\Folding@home
2011-03-18 17:04:24 -------- d-----w- c:\docume~1\brende~1\applic~1\Folding@home-x86
2011-03-18 05:29:05 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2011-03-18 05:19:13 -------- d-----w- c:\program files\Pocket Tanks
2011-03-18 02:02:05 -------- d-----w- c:\documents and settings\brenden young\.thumbnails
2011-03-18 02:01:02 -------- d-----w- c:\documents and settings\brenden young\.gimp-2.6
2011-03-18 02:00:38 -------- d-----w- c:\program files\GIMP-2.0
2011-03-18 01:55:52 -------- d-----w- c:\docume~1\brende~1\applic~1\Avery
2011-03-18 01:49:14 -------- d-----w- c:\program files\Avery Dennison
.
==================== Find3M ====================
.
2011-04-01 16:28:53 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-04-01 16:28:53 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-04-01 16:28:53 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-03-13 06:48:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-03 17:24:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-03 17:22:51 1 ----a-w- c:\windows\system32\SI.bin
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: VIA_SATA rev.____ -> Harddisk0\DR0 -> \Device\Scsi\viasraid1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A533439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5397d0]; MOV EAX, [0x8a53984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A640AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A4E2F18]
\Driver\viasraid[0x8A615030] -> IRP_MJ_CREATE -> 0x8A533439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\viasraid1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&241f14ef&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:32:58.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2004 11:38:39 PM
System Uptime: 4/14/2011 5:08:56 PM (2 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | AV8 (VIA K8T800P-8237)
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2204/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 513.296 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_1415147B&REV_60\3&13C0B0C5&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_1415147B&REV_60\3&13C0B0C5&0&8D
Service:
.
==== System Restore Points ===================
.
RP103: 1/15/2011 7:19:21 AM - System Checkpoint
RP104: 1/16/2011 7:21:49 AM - System Checkpoint
RP105: 1/17/2011 12:26:21 PM - System Checkpoint
RP106: 1/18/2011 12:48:52 PM - System Checkpoint
RP107: 1/19/2011 4:27:49 PM - System Checkpoint
RP108: 1/20/2011 8:15:58 AM - Installed DirectX
RP109: 1/21/2011 8:45:29 AM - System Checkpoint
RP110: 1/22/2011 10:33:45 AM - System Checkpoint
RP111: 1/23/2011 11:12:04 AM - System Checkpoint
RP112: 1/24/2011 11:44:23 AM - System Checkpoint
RP113: 1/25/2011 5:08:45 PM - System Checkpoint
RP114: 1/26/2011 7:25:20 PM - System Checkpoint
RP115: 1/28/2011 8:31:34 AM - System Checkpoint
RP116: 1/29/2011 2:08:30 PM - System Checkpoint
RP117: 1/30/2011 2:43:28 PM - System Checkpoint
RP118: 1/31/2011 9:40:21 PM - System Checkpoint
RP119: 2/1/2011 10:06:04 PM - System Checkpoint
RP120: 2/2/2011 10:06:43 PM - System Checkpoint
RP121: 2/3/2011 9:23:12 AM - Installed Heroes of Might and Magic V
RP122: 2/4/2011 10:04:37 AM - System Checkpoint
RP123: 2/5/2011 1:44:27 PM - System Checkpoint
RP124: 2/6/2011 2:00:10 PM - System Checkpoint
RP125: 2/7/2011 2:58:10 PM - System Checkpoint
RP126: 2/8/2011 3:56:00 PM - System Checkpoint
RP127: 2/9/2011 4:49:03 PM - System Checkpoint
RP128: 2/10/2011 8:47:54 PM - System Checkpoint
RP129: 2/10/2011 10:02:09 PM - Installed calibre
RP130: 2/11/2011 10:36:03 PM - System Checkpoint
RP131: 2/12/2011 11:36:03 PM - System Checkpoint
RP132: 2/14/2011 8:36:18 AM - System Checkpoint
RP133: 2/15/2011 1:30:18 PM - System Checkpoint
RP134: 2/16/2011 2:05:03 PM - System Checkpoint
RP135: 2/16/2011 4:51:09 PM - Installed Redshark 3.90
RP136: 2/17/2011 9:51:16 PM - System Checkpoint
RP137: 2/18/2011 11:15:55 AM - Installed Windows XP Wdf01007.
RP138: 2/19/2011 3:02:57 PM - System Checkpoint
RP139: 2/20/2011 5:52:17 PM - System Checkpoint
RP140: 2/21/2011 6:16:23 PM - System Checkpoint
RP141: 2/22/2011 10:51:44 PM - System Checkpoint
RP142: 2/23/2011 11:28:23 PM - System Checkpoint
RP143: 2/25/2011 2:33:02 AM - System Checkpoint
RP144: 2/26/2011 3:16:23 AM - System Checkpoint
RP145: 2/27/2011 4:16:23 AM - System Checkpoint
RP146: 2/28/2011 5:16:23 AM - System Checkpoint
RP147: 3/1/2011 8:05:35 AM - System Checkpoint
RP148: 3/2/2011 8:47:51 AM - System Checkpoint
RP149: 3/3/2011 9:47:51 AM - System Checkpoint
RP150: 3/4/2011 10:47:51 AM - System Checkpoint
RP151: 3/5/2011 10:55:03 AM - System Checkpoint
RP152: 3/6/2011 12:51:07 PM - System Checkpoint
RP153: 3/7/2011 1:47:34 PM - System Checkpoint
RP154: 3/8/2011 2:47:34 PM - System Checkpoint
RP155: 3/9/2011 3:20:19 PM - System Checkpoint
RP156: 3/10/2011 4:20:18 PM - System Checkpoint
RP157: 3/11/2011 5:45:19 PM - System Checkpoint
RP158: 3/12/2011 7:09:29 PM - System Checkpoint
RP159: 3/13/2011 8:54:33 PM - System Checkpoint
RP160: 3/14/2011 10:38:48 PM - System Checkpoint
RP161: 3/15/2011 11:30:41 PM - System Checkpoint
RP162: 3/17/2011 12:30:41 AM - System Checkpoint
RP163: 3/17/2011 6:48:58 PM - Installed DesignPro 5
RP164: 3/18/2011 10:04:24 AM - Installed Folding@home-x86
RP165: 3/19/2011 1:12:52 PM - System Checkpoint
RP166: 3/20/2011 1:47:36 PM - System Checkpoint
RP167: 3/22/2011 8:01:07 AM - System Checkpoint
RP168: 3/23/2011 8:19:01 PM - System Checkpoint
RP169: 3/24/2011 9:45:54 PM - System Checkpoint
RP170: 3/25/2011 10:29:56 PM - System Checkpoint
RP171: 3/26/2011 11:57:45 PM - System Checkpoint
RP172: 3/28/2011 8:06:38 AM - System Checkpoint
RP173: 3/30/2011 8:13:25 AM - System Checkpoint
RP174: 3/31/2011 9:51:37 PM - System Checkpoint
RP175: 4/2/2011 10:36:23 AM - System Checkpoint
RP176: 4/3/2011 1:51:14 PM - System Checkpoint
RP177: 4/4/2011 9:53:24 AM - Software Distribution Service 3.0
RP178: 4/4/2011 10:00:43 AM - Installed Windows Internet Explorer 8.
RP179: 4/4/2011 10:01:14 AM - Software Distribution Service 3.0
RP180: 4/5/2011 1:33:44 PM - System Checkpoint
RP181: 4/6/2011 4:58:02 PM - System Checkpoint
RP182: 4/7/2011 8:08:04 PM - System Checkpoint
RP183: 4/8/2011 6:13:03 PM - Removed SweetIM Toolbar for Internet Explorer 4.0
RP184: 4/8/2011 6:13:39 PM - Removed SweetIM for Messenger 3.3
RP185: 4/9/2011 7:52:43 PM - System Checkpoint
RP186: 4/11/2011 6:38:48 AM - System Checkpoint
RP187: 4/12/2011 8:10:56 AM - System Checkpoint
RP188: 4/13/2011 9:42:02 PM - System Checkpoint
RP189: 4/14/2011 5:18:36 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
Audacity 1.2.6
Bejeweled 2
Bejeweled 3
Bonjour
Bookworm Adventures Vol. 2
Bullzip PDF Printer 4.0.0.463
calibre
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Cave Story Deluxe
CDBurnerXP
Champions Online
Character Builder
ClamWin Free Antivirus 0.97
CloneCD
Creative MediaSource
Creative System Information
DesignPro 5
Diablo II
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.00.802
DWA-552
Folding@home-x86
Free RAR Extract Frog
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google Update Helper
GPL Ghostscript Lite 8.70
Harmony Assistant
Hero Lab V3.6g
Heroes of Might and Magic V Collector Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
hp LaserJet 1010 Series
InCD
Insaniquarium Deluxe 1.0
ips XP 1.11.2600
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.3 for Audacity
Magic The Gathering Tactics
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.7)
Neo Steam : The Shattered Continent
Nero Digital
Nero OEM
NeroVision Express Content
NoteWorthy Composer 2
NVIDIA Drivers
OverDrive Media Console
Panda Cloud Antivirus
Pando Media Booster
PDFtoMusic Pro
PFConfig 1.0.296
Pocket Tanks Deluxe v1.3 By Argogo
Pocket Tanks v1.3
PowerDVD
PowerISO
QuickTime
Redshark 3.90
Safari
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Simple Port Forwarding
Sound Blaster Audigy 2 ZS
Station Launcher
Theme Manager
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 beta 7 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 6:25:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1106.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/13/2011 7:39:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/13/2011 5:59:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E582BF0CA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
princessgeek
Active Member
 
Posts: 4
Joined: April 14th, 2011, 10:20 pm
Advertisement
Register to Remove

Re: Google redirects

Unread postby Gary R » April 15th, 2011, 1:24 am

viewtopic.php?f=11&t=56487

This is a Duplicate of the post linked to above, and has therefore been closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware