Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Image Browser Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Image Browser Redirect

Unread postby emosamurai » April 26th, 2011, 3:47 pm

For about a month now, when I search Google Images, sometimes when I click on one my browser minimizes to nothing then reopens and a pop up screen tells me I am infected with something and I need to download some stupid software. I close the page or try to go back and it keeps doing it, forcing me to close the tab completely and start over. Here are my logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 11/2/2007 12:34:52 PM
System Uptime: 4/25/2011 8:40:53 AM (30 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Microprocessor | 2394/1066mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 3.422 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.387 GiB free.
G: is Removable
V: is NetworkDisk (NTFS) - 466 GiB total, 394.036 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_GDR8164B_______________0D08____\5&2CFF3996&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD-ROM GDR8164B ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_GDR8164B_______________0D08____\5&2CFF3996&0&0.0.0
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H53N_______________B104____\5&2CFF3996&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD+-RW GSA-H53N ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H53N_______________B104____\5&2CFF3996&0&0.1.0
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000
Manufacturer: (Standard CD-ROM drives)
Name: MagicISO Virtual DVD-ROM0000
PNP Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000
Service: cdrom
.
==== System Restore Points ===================
.
RP1618: 4/21/2011 12:00:01 AM - Scheduled Checkpoint
RP1619: 4/21/2011 2:27:10 AM - Windows Update
RP1620: 4/22/2011 12:00:01 AM - Scheduled Checkpoint
RP1621: 4/22/2011 2:25:55 AM - Windows Update
RP1622: 4/22/2011 3:00:10 AM - Windows Update
RP1623: 4/23/2011 12:00:02 AM - Scheduled Checkpoint
RP1624: 4/23/2011 2:26:30 AM - Windows Update
RP1625: 4/25/2011 8:54:24 AM - Windows Update
RP1626: 4/26/2011 12:00:02 AM - Scheduled Checkpoint
RP1627: 4/26/2011 1:50:27 AM - Windows Update
RP1628: 4/26/2011 8:49:56 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.57
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 9.4.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Areca
Bonjour
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite X3
Dell ETS Factory Installation
Dell Printer Software
Dell System Customization Wizard
DivX Web Player
EN
EPSON LFP Remote Panel
EPSON Printer Software
Epson SPR 4880 Network Guide
EPSON SPR4880 User's Guide
EpsonNet Config V2
FontNav
Foxit Phantom
Glary Utilities 2.6
GPL Ghostscript 8.63
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Interlok driver setup x32
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Kerio Visual C++ 2005 redistributable permanent package
LogMeIn
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Small Business Edition 2003
Microsoft Office XP Media Content
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MobileMe Control Panel
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Pale Moon (3.6.15)
PDF Settings
Pen Tablet
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Sentinel Protection Installer 7.4.2
Sonic Activation Module
Sothink SWF Decompiler
SpamBayes 1.0.4
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
StuffIt Expander
SWF Opener
SWiX ver.1.1.1
SyncToy 2.1 (x86)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
User's Guides
VC80CRTRedist - 8.0.50727.762
Vector Magic
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Thesaurus 3
Wasatch Port Redirector
Wasatch SoftRIP Version 6.5
Windows Live OneCare safety scanner
WinPcap 3.1
WinRAR archiver
X3watch 5.0.10
XnView 1.94.2
.
==== Event Viewer Messages From Past Week ========
.
4/25/2011 8:42:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20
4/25/2011 8:41:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001D090632E6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/25/2011 8:41:23 AM, Error: EventLog [6008] - The previous system shutdown at 22:13:03 on 23/04/2011 was unexpected.
4/25/2011 11:29:04 AM, Error: netbt [4321] - The name "OFFICE :1d" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.
4/20/2011 8:56:26 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/20/2011 8:11:51 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
.
==== End Of File ===========================


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Daniel at 14:37:24.48 on Tue 04/26/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3453.1128 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\wwrip65\WWRIP.EXE
C:\Windows\system32\conime.exe
C:\Program Files\microsoft office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\mozilla firefox\plugin-container.exe
C:\Program Files\adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Daniel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: acaptuser32.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\nxjljjd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\nxjljjd5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\daniel\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\nxjljjd5.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsla7b2c70f;MpKsla7b2c70f;c:\programdata\microsoft\microsoft antimalware\definition updates\{db830eae-0de1-4c1c-8338-45722315625e}\MpKsla7b2c70f.sys [2011-4-26 28752]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-12 79432]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2007-11-14 140184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-27 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-5-29 47640]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-1-10 600912]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-1-23 1373480]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-6-5 179712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-8-28 62464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-26 13:50:31 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{db830eae-0de1-4c1c-8338-45722315625e}\MpKsla7b2c70f.sys
2011-04-26 13:50:09 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{db830eae-0de1-4c1c-8338-45722315625e}\mpengine.dll
2011-04-14 23:15:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-05 07:19:52 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9c74c813-96e6-4c27-80a9-7be0afb65736}\gapaengine.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-01 17:12:24 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-03-01 17:12:16 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-03-01 17:12:10 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-03-01 17:12:08 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 08:39:53 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 14:38:08.89 ===============


Please help!
emosamurai
Active Member
 
Posts: 3
Joined: April 26th, 2011, 3:42 pm
Advertisement
Register to Remove

Re: Google Image Browser Redirect

Unread postby torreattack » April 26th, 2011, 5:40 pm

Hi emosamurai and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.


I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.


Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Google Image Browser Redirect

Unread postby emosamurai » April 26th, 2011, 6:11 pm

Thank you for helping me! I will backup everything and await your instructions.
emosamurai
Active Member
 
Posts: 3
Joined: April 26th, 2011, 3:42 pm

Re: Google Image Browser Redirect

Unread postby torreattack » April 27th, 2011, 3:11 am

Hi emosamurai:

Before we begun to fix, I need some extra information.

1) Is this a Business Use Computer?

2) Please run this tool.

CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Google Image Browser Redirect

Unread postby emosamurai » April 27th, 2011, 9:48 am

I use this computer for my freelance art business, if that's what you mean.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\photoshop 7.0\presets\brushes\pretty_cuts_and_cracks.abr
c:\program files\corel\coreldraw graphics suite 13\custom data\bumpmap\cracks.cpt
c:\program files\corel\coreldraw graphics suite 13\custom data\canvas\cracks2c.pcx
c:\program files\corel\coreldraw graphics suite 13\custom data\tiles\cracks2m.cpt
c:\users\daniel\desktop\emb logos\fcrackzip.exe
c:\users\daniel\documents\++vvp art\misc. corps\rpm firecrackers.cdr
c:\users\daniel\documents\++vvp art\_contract\a great idea\firecrackers.cdr
c:\users\daniel\documents\xilisoft corporation\flv converter\crack.js
c:\users\daniel\documents\_graphics\_eps\cracks.eps
c:\users\daniel\downloads\adobe-master-cs3-keygen.zip
c:\users\daniel\downloads\adobe illustrator cs2\crack\keygen.exe
c:\users\daniel\downloads\adobe photoshop cs2\keygen.exe
c:\users\daniel\downloads\fonts\scriptorium.rackham.winall.commercial.font-typo\t-scrack.zip
c:\users\daniel\downloads\foxit.phantom.pdf.suite.v2.1.0.0731.zwt.[setup.&.portable]\crack_zwt_zfp2000\file_id.diz
c:\users\daniel\downloads\foxit.phantom.pdf.suite.v2.1.0.0731.zwt.[setup.&.portable]\crack_zwt_zfp2000\keygen.exe
c:\users\daniel\downloads\foxit.phantom.pdf.suite.v2.1.0.0731.zwt.[setup.&.portable]\crack_zwt_zfp2000\zwt.nfo
c:\users\daniel\downloads\house industries fonts\house industries fonts\bad neighborhood font kit\crackhouse (house)\crackh60.pfb
c:\users\daniel\downloads\house industries fonts\house industries fonts\bad neighborhood font kit\crackhouse (house)\crackh60.pfm
c:\users\daniel\downloads\house industries fonts\house industries fonts\the general collection\crackhouse (house)\crackh60.pfb
c:\users\daniel\downloads\house industries fonts\house industries fonts\the general collection\crackhouse (house)\crackh60.pfm
c:\users\daniel\downloads\vector magic desk edition 1.08\vector_magic_desk_edition_win_32bit_1.08\vectormagic_pc_32bits_1_08_crack\file_id.diz
c:\users\daniel\downloads\winrar v3.80 pro\winrar v3.80 pro precracked by rezman1984 setup.exe
scanner sequence 3.ZZ.11
----- EOF -----
emosamurai
Active Member
 
Posts: 3
Joined: April 26th, 2011, 3:42 pm

Re: Google Image Browser Redirect

Unread postby torreattack » April 27th, 2011, 11:31 am

hi emosamurai :

Business Use Computer
Unfortunately, we cannot help remove malware from a computer, used for business purposes.
Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use. These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.
An extract taken from the Malware Removal's rules posted at the top of the Malware Removal forum:
Malware Removal Administration wrote:Computers used in a business environment often have policies and other modifications made to them. It is impossible for us to differentiate these from ones that have been made by an infection, so in removing what we think is an infection, we may compromise the business set up of your computer.

The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.

We will close any topic where we believe the computer is one that is used in a business environment, irrespective of whether that business is a large company or a small one man enterprise.
For a corporate or multi-computer business:
I strongly advise that you contact your IT department. Make them aware of the problems you are having. If your computer is infected (possibly others as well), your IT department needs to be aware of this, so they can devise a plan to minimize any business impact.
For a single computer used for business purposes:
I would advise your contract an individual or firm to deal with any computer problems.


Beside that, I have to tell you that there are evidences of cracked software on your computer and it must be removed, before any further help would be provided.

I'm sorry, that I am not able to offer you more assistance. Thank you, for your understanding in this matter.
I will now ask for this topic to be closed.

sorry,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Google Image Browser Redirect

Unread postby Wingman » April 27th, 2011, 11:37 am

Business Use Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware