Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect

Unread postby mtrueman » July 23rd, 2011, 6:14 am

Im getting redirected all over the place from google search. Have tried Malwarebytes and it finds nothing. Can anyone help?

Here are my DDS logs

Code: Select all
DDS (Ver_2011-06-23.01)
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 01/12/2010 13:48:27
System Uptime: 23/07/2011 10:40:33 (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-K8N Pro-SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2010/200mhz
==== Disk Partitions =========================
A: is Removable
D: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 35.111 GiB free.
G: is FIXED (NTFS) - 203 GiB total, 13.104 GiB free.
H: is FIXED (NTFS) - 264 GiB total, 166.513 GiB free.
J: is Removable
K: is FIXED (NTFS) - 128 GiB total, 46.086 GiB free.
M: is FIXED (NTFS) - 74 GiB total, 30.657 GiB free.
N: is CDROM ()
Q: is FIXED (NTFS) - 30 GiB total, 21.065 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 3.2
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
AVS Update Manager 1.0
BBC iPlayer Desktop
CollabNet Subversion Edge
Composite 2012
CPUID CPU-Z 1.57.1
Creative WebCam Live! Driver (
CutePDF Writer 2.8
DivX Setup
DVD Decrypter (Remove Only)
DVDFab (29/01/2011)
DVDFab Beta (03/04/2011) Qt
DVDFab Passkey (17/03/2011)
Family Tree Maker 2010
ffdshow v1.1.3940 [2011-07-14]
FileZilla Client
FortiClient SSL VPN v4.0.2082
Free iPod Video Converter 1.34
Google Chrome
Google SketchUp 8
Google Talk Plugin
Google Update Helper
Home Designer Suite 8
Internet TV for Windows Media Center
Java Auto Updater
Java DB
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 21
LucisArt 3 ED/SE
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version
MediaInfo 0.7.43
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
Orb Runtime libraries
PDF Settings CS4
PeerBlock 1.1 (r518)
Photoshop Camera Raw
Pixel Bender Toolkit
PostgreSQL 9.0 
Realtek AC'97 Audio
Riva FLV Encoder 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Software Ideas Modeler 4
SopCast 3.3.2
SourceGear DiffMerge
Suite Shared Configuration CS4
SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
TortoiseSVN (32 bit)
TreeSize Free V2.5
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.9
VobSub v2.23 (Remove Only)
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
WinRAR 4.00 beta 2 (32-bit)
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
==== Event Viewer Messages From Past Week ========
23/07/2011 10:40:41, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
23/07/2011 10:32:49, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
23/07/2011 10:13:23, Error: Service Control Manager [7034]  - The TVersity Media Server service terminated unexpectedly.  It has done this 1 time(s).
21/07/2011 20:43:47, Error: TermDD [56]  - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: fe80:0000:0000:0000:1485:3a41:6f14:2f8c.
19/07/2011 19:59:21, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
19/07/2011 19:58:27, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x00000000, 0x85ff1024, 0x00000000, 0x00000000). A dump was saved in: M:\Windows\Minidump\071911-44000-01.dmp. Report Id: 071911-44000-01.
==== End Of File ===========================

Code: Select all

DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 8.0.7600.16385
Run by Mark at 10:54:50 on 2011-07-23
Microsoft Windows 7 Professional   6.1.7600.0.1252.44.1033.18.3072.1377 [GMT 1:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
M:\Windows\system32\svchost.exe -k DcomLaunch
M:\Windows\system32\svchost.exe -k RPCSS
M:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
M:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
M:\Windows\system32\svchost.exe -k netsvcs
M:\Windows\system32\svchost.exe -k LocalService
M:\Windows\system32\svchost.exe -k NetworkService
M:\Program Files\Alwil Software\Avast5\AvastSvc.exe
M:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
M:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
M:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
M:\Program Files\Bonjour\mDNSResponder.exe
M:\Program Files\Java\jdk1.6.0_21\bin\java.exe
M:\Program Files\LogMeIn\x86\LogMeInSystray.exe
M:\Program Files\Microsoft IntelliPoint\ipoint.exe
M:\Program Files\TortoiseSVN\bin\TSVNCache.exe
M:\Program Files\Windows Live\Messenger\msnmsgr.exe
M:\Program Files\Java\jdk1.6.0_21\bin\java.exe
M:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
M:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
M:\Program Files\LogMeIn\x86\RaMaint.exe
M:\Program Files\LogMeIn\x86\LogMeIn.exe
M:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
M:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
M:\Windows\system32\svchost.exe -k imgsvc
M:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\Program Files\PostgreSQL\9.0\bin\postgres.exe
M:\ProgramData\TVersity\Media Server\MediaServer.exe
M:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
M:\Program Files\Yammm\YammmSvc.exe
M:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
M:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
M:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
M:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
M:\Program Files\Windows Media Player\wmpnetwk.exe
M:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
M:\Windows\System32\svchost.exe -k LocalServicePeerNet
M:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
M:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
M:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
M:\Program Files\Google\Chrome\Application\chrome.exe
M:\Program Files\Google\Chrome\Application\chrome.exe
M:\Program Files\Google\Chrome\Application\chrome.exe
M:\Program Files\Google\Chrome\Application\chrome.exe
M:\Program Files\Google\Chrome\Application\chrome.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - m:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - m:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - m:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - m:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - m:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - m:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [msnmsgr] "m:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PeerBlock] m:\program files\peerblock\peerblock.exe
uRun: [AdobeBridge] 
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "m:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [LogMeIn GUI] "m:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IntelliPoint] "m:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "m:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - m:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - m:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - m:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer =
TCP: Interfaces\{2AD2F314-38C8-4ADD-A7FC-7011BB1930AC} : DhcpNameServer =
================= FIREFOX ===================
FF - ProfilePath - m:\users\mark\appdata\roaming\mozilla\firefox\profiles\srivpusx.default\
FF - plugin: m:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: m:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: m:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: m:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: m:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: m:\users\mark\appdata\roaming\mozilla\firefox\profiles\srivpusx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: m:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - m:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;m:\windows\system32\drivers\Lbd.sys [2011-7-23 64512]
R1 aswSnx;aswSnx;m:\windows\system32\drivers\aswSnx.sys [2011-2-25 441176]
R1 aswSP;aswSP;m:\windows\system32\drivers\aswSP.sys [2010-12-2 307928]
R1 nm3;Microsoft Network Monitor 3 Driver;m:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R2 aswFsBlk;aswFsBlk;m:\windows\system32\drivers\aswFsBlk.sys [2010-12-2 19544]
R2 aswMonFlt;aswMonFlt;m:\windows\system32\drivers\aswMonFlt.sys [2010-12-2 53592]
R2 avast! Antivirus;avast! Antivirus;m:\program files\alwil software\avast5\AvastSvc.exe [2011-6-17 42184]
R2 CollabNetSubversionServer;CollabNet Subversion Server;h:\svn\bin\httpd.exe [2011-3-1 24636]
R2 cpuz135;cpuz135;m:\windows\system32\drivers\cpuz135_x32.sys [2011-5-11 21992]
R2 CSVNConsole;CollabNet Subversion Edge;"java" "-classpath" "h:\svn\svcwrapper\wrapper.jar" "-xrs" "-dwrapper.service=true" "-dwrapper.working.dir=h:\svn\svcwrapper\..\appserver" "-dwrapper.config=h:\svn\svcwrapper\conf\wrapper.conf" "-Dwrapper.additional.1x=-Xrs" "org.rzo.yajsw.boot.WrapperServiceBooter"  --> java [?]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;m:\windows\system32\FortiSSLVPNdaemon.exe [2010-3-22 703080]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;m:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
R2 LMIGuardianSvc;LMIGuardianSvc;m:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;m:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;m:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-1 47640]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;M:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "K:/postgresdata" -w --> M:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R2 TabletServiceWacom;TabletServiceWacom;m:\program files\tablet\wacom\Wacom_Tablet.exe [2011-7-14 4807536]
R2 YammmSvc;Yet Another Media Meta Manager;m:\program files\yammm\YammmSvc.exe [2010-8-3 14336]
R3 dvdfab;dvdfab;m:\windows\system32\drivers\dvdfab.sys [2011-3-31 82816]
R3 P0630VID;Creative WebCam Live!;m:\windows\system32\drivers\P0630Vid.sys [2011-1-2 91830]
R3 pppop;PPPoP WAN Adapter;m:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 wacmoumonitor;Wacom Mode Helper;m:\windows\system32\drivers\wacmoumonitor.sys [2011-7-14 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;m:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);m:\program files\google\update\GoogleUpdate.exe [2010-12-2 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;m:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;m:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);m:\program files\google\update\GoogleUpdate.exe [2010-12-2 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;m:\windows\system32\drivers\mbamswissarmy.sys [2011-4-30 41272]
S3 pbfilter;pbfilter;m:\program files\peerblock\pbfilter.sys [2010-12-3 20080]
S3 StorSvc;Storage Service;m:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;m:\windows\system32\wat\WatAdminSvc.exe [2010-12-3 1343400]
=============== Created Last 30 ================
2011-07-23 09:48:33	200976	----a-w-	m:\windows\system32\drivers\tmcomm.sys
2011-07-23 09:45:49	64512	----a-w-	m:\windows\system32\drivers\Lbd.sys
2011-07-23 09:41:16	--------	d-sh--w-	M:\$RECYCLE.BIN
2011-07-23 09:12:12	--------	d-----w-	M:\ComboFix
2011-07-23 08:44:42	388096	----a-r-	m:\users\mark\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-23 08:44:42	--------	d-----w-	m:\program files\Trend Micro
2011-07-23 07:02:08	--------	d-----w-	m:\users\mark\appdata\local\{B1C6E6E4-250B-49CD-A5F3-A523570B4589}
2011-07-22 19:01:56	--------	d-----w-	m:\users\mark\appdata\local\{F805964D-C81A-40FA-AE9A-25CB863DEA0E}
2011-07-22 12:54:37	--------	d-----w-	m:\users\mark\appdata\local\temp
2011-07-22 12:27:53	98816	----a-w-	m:\windows\sed.exe
2011-07-22 12:27:53	518144	----a-w-	m:\windows\SWREG.exe
2011-07-22 12:27:53	256000	----a-w-	m:\windows\PEV.exe
2011-07-22 12:27:53	208896	----a-w-	m:\windows\MBR.exe
2011-07-22 12:14:11	101720	----a-w-	m:\windows\system32\drivers\SBREDrv.sys
2011-07-22 12:08:24	--------	d-----w-	m:\program files\Lavasoft
2011-07-22 10:22:50	66048	--sha-r-	m:\windows\system32\KBDA3V.dll
2011-07-22 10:00:32	--------	d-----w-	m:\users\mark\appdata\roaming\install
2011-07-22 07:29:17	--------	d-----w-	m:\program files\SmartRipper 2.41
2011-07-22 07:01:29	--------	d-----w-	m:\users\mark\appdata\local\{38FA2736-41BF-4F0C-9738-BA9E944B76A8}
2011-07-21 19:01:17	--------	d-----w-	m:\users\mark\appdata\local\{F23EC725-1C2F-4113-B9BB-821DA945B245}
2011-07-21 08:21:15	87552	----a-w-	m:\windows\system32\wudriver.dll
2011-07-21 08:21:04	33792	----a-w-	m:\windows\system32\wuapp.exe
2011-07-21 08:21:04	171608	----a-w-	m:\windows\system32\wuwebv.dll
2011-07-21 08:20:53	2421760	----a-w-	m:\windows\system32\wucltux.dll
2011-07-21 08:19:12	--------	d-----w-	m:\windows\system32\SPReview
2011-07-21 08:18:06	--------	d-----w-	m:\windows\system32\EventProviders
2011-07-21 07:01:05	--------	d-----w-	m:\users\mark\appdata\local\{6D985CBF-F767-4E44-94E0-ABC336E08885}
2011-07-20 19:00:53	--------	d-----w-	m:\users\mark\appdata\local\{1D33EF55-AEED-49E6-9F9A-BCDBA040686D}
2011-07-20 12:38:28	--------	d-----w-	m:\programdata\Yammm
2011-07-20 12:38:10	--------	d-----w-	m:\program files\Yammm
2011-07-20 09:27:57	--------	d-----w-	m:\program files\DVD Decrypter
2011-07-19 22:32:27	7074640	----a-w-	m:\programdata\microsoft\windows defender\definition updates\{23555378-85d1-4b4b-9265-8ea05e7c63ca}\mpengine.dll
2011-07-19 19:31:30	--------	d-----w-	m:\programdata\boost_interprocess
2011-07-19 19:19:41	--------	d-----w-	m:\program files\common files\Autodesk Shared
2011-07-19 19:15:51	--------	d-----w-	m:\program files\Autodesk
2011-07-19 19:04:50	--------	d-----w-	m:\users\mark\appdata\roaming\Autodesk
2011-07-19 19:00:27	--------	d-----w-	m:\users\mark\appdata\local\{8D3CB05D-86ED-405C-BCF5-D1AE562FF9E5}
2011-07-18 18:42:18	74752	----a-w-	m:\windows\system32\ff_vfw.dll
2011-07-18 18:42:18	48128	----a-w-	m:\windows\system32\ff_acm.acm
2011-07-18 18:42:17	--------	d-----w-	m:\program files\ffdshow
2011-07-18 09:45:09	--------	d-----w-	m:\users\mark\appdata\local\{6AA83362-69A9-4CF8-B4BB-2B03F073B819}
2011-07-17 21:44:57	--------	d-----w-	m:\users\mark\appdata\local\{38C70E83-EEA2-4334-B286-4E8EEEA81884}
2011-07-17 09:44:45	--------	d-----w-	m:\users\mark\appdata\local\{1F5C8C95-F362-4B61-97D3-2E08EBD9843F}
2011-07-16 21:44:33	--------	d-----w-	m:\users\mark\appdata\local\{C980281A-C433-4F1B-B39F-2CF3FC4B5432}
2011-07-16 09:44:21	--------	d-----w-	m:\users\mark\appdata\local\{A2E3C5AA-2E70-4A55-A46B-DDC080A9F85E}
2011-07-15 21:44:09	--------	d-----w-	m:\users\mark\appdata\local\{9AE35FC1-CAA8-42AF-ADF7-69AA7915FD37}
2011-07-15 09:43:57	--------	d-----w-	m:\users\mark\appdata\local\{827B3849-2A83-46C0-98C0-CEEB4909D90B}
2011-07-14 21:43:45	--------	d-----w-	m:\users\mark\appdata\local\{D1E63EA8-5BF4-4DDB-804C-BBC277464806}
2011-07-14 14:19:48	--------	d-----w-	m:\users\mark\appdata\roaming\WTablet
2011-07-14 14:19:38	--------	d-----w-	m:\program files\TabletPlugins
2011-07-14 14:19:36	10752	----a-w-	m:\windows\system32\drivers\wacmoumonitor.sys
2011-07-14 14:19:29	11312	----a-w-	m:\windows\system32\drivers\wacommousefilter.sys
2011-07-14 14:19:21	14120	----a-w-	m:\windows\system32\drivers\wacomvhid.sys
2011-07-14 14:19:19	644976	----a-w-	m:\windows\system32\Wacom_Tablet.dll
2011-07-14 14:19:19	506736	----a-w-	m:\windows\system32\Wintab32.dll
2011-07-14 14:19:16	--------	d-----w-	m:\program files\Tablet
2011-07-14 09:43:33	--------	d-----w-	m:\users\mark\appdata\local\{C7679F76-7D3E-4C07-BCB2-7D4567898001}
2011-07-13 09:43:08	--------	d-----w-	m:\users\mark\appdata\local\{F8A683ED-EC4C-4075-8F5B-0CC716C02172}
2011-07-12 21:05:00	3584	---ha-w-	m:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 21:05:00	290816	----a-w-	m:\windows\system32\KernelBase.dll
2011-07-12 09:42:32	--------	d-----w-	m:\users\mark\appdata\local\{57725854-B460-4416-A22E-629AF4BC9368}
2011-07-06 21:47:27	--------	d-----w-	m:\users\mark\appdata\local\{0278BC46-31AA-4222-9314-C81E13F3F09F}
2011-07-06 09:47:15	--------	d-----w-	m:\users\mark\appdata\local\{514FFFFA-774E-4A27-9048-044D2037D322}
2011-07-05 21:47:03	--------	d-----w-	m:\users\mark\appdata\local\{64661222-5AAB-4160-97FA-20818CDE71E9}
2011-07-05 09:46:51	--------	d-----w-	m:\users\mark\appdata\local\{77DE8CCB-43B2-4BF3-9717-9BFF2D35A5A3}
2011-07-04 21:46:39	--------	d-----w-	m:\users\mark\appdata\local\{A359C25E-8450-4303-B12D-EBFEB4FF1F3A}
2011-07-04 09:46:27	--------	d-----w-	m:\users\mark\appdata\local\{4295A735-FB69-42BF-BA1C-D14C79662453}
2011-07-03 21:46:15	--------	d-----w-	m:\users\mark\appdata\local\{5B145AEF-1D7A-49C4-AA93-F7EF4F6CBEEB}
2011-07-03 09:46:03	--------	d-----w-	m:\users\mark\appdata\local\{FF8D393D-9D69-491C-BF37-17A84AE069A6}
2011-07-02 21:45:51	--------	d-----w-	m:\users\mark\appdata\local\{84E42864-F116-469F-BD34-8ED9F577CE03}
2011-07-02 09:45:39	--------	d-----w-	m:\users\mark\appdata\local\{4333B2BD-C210-4389-B390-37482EA64DDE}
2011-07-01 21:45:27	--------	d-----w-	m:\users\mark\appdata\local\{E12A9406-CF0C-492C-BF01-53B9D9EF5B51}
2011-07-01 09:45:15	--------	d-----w-	m:\users\mark\appdata\local\{FB8F2817-8679-4796-9374-3EA18B906A6A}
2011-06-30 21:45:03	--------	d-----w-	m:\users\mark\appdata\local\{A355E3A2-A52C-4161-AAD5-81448104E155}
2011-06-30 09:44:51	--------	d-----w-	m:\users\mark\appdata\local\{464068AB-3465-46F0-9EB6-0A68A672C835}
2011-06-29 21:44:40	--------	d-----w-	m:\users\mark\appdata\local\{E4352FE7-C76A-4F8E-9AF8-1B49F35A52C8}
2011-06-29 09:44:28	--------	d-----w-	m:\users\mark\appdata\local\{11B225BC-E43D-43C3-98B2-331E63EE6994}
2011-06-28 21:44:03	--------	d-----w-	m:\users\mark\appdata\local\{51BF727D-5BC1-45E3-A099-DD09A730CE3A}
2011-06-28 19:25:27	294912	----a-w-	m:\windows\system32\umpnpmgr.dll
2011-06-28 19:25:22	1553920	----a-w-	m:\windows\system32\tquery.dll
2011-06-28 19:25:22	1401856	----a-w-	m:\windows\system32\mssrch.dll
2011-06-28 19:25:21	86528	----a-w-	m:\windows\system32\SearchFilterHost.exe
2011-06-28 19:25:21	666624	----a-w-	m:\windows\system32\mssvp.dll
2011-06-28 19:25:21	59392	----a-w-	m:\windows\system32\msscntrs.dll
2011-06-28 19:25:21	428032	----a-w-	m:\windows\system32\SearchIndexer.exe
2011-06-28 19:25:21	337408	----a-w-	m:\windows\system32\mssph.dll
2011-06-28 19:25:21	197120	----a-w-	m:\windows\system32\mssphtb.dll
2011-06-28 19:25:21	164352	----a-w-	m:\windows\system32\SearchProtocolHost.exe
2011-06-26 15:07:29	--------	d-----w-	m:\program files\common files\SWF Studio
2011-06-26 15:07:24	--------	d-----w-	m:\program files\Riva
2011-06-26 15:04:54	--------	d-----w-	m:\program files\flv2avi
2011-06-26 06:28:05	--------	d-----w-	m:\program files\virtualdub
2011-06-25 09:42:24	--------	d-----w-	m:\users\mark\appdata\local\{3D5D58B6-9403-4123-8DB3-03BA86928B93}
2011-06-24 20:47:46	--------	d-----w-	m:\users\mark\appdata\local\{D0BEB277-8C48-43D9-93BA-720B92372E66}
2011-06-24 08:47:34	--------	d-----w-	m:\users\mark\appdata\local\{E8E12D31-3887-45AB-ADDD-6E7977B0132C}
==================== Find3M  ====================
2011-07-17 02:22:36	83360	----a-w-	m:\windows\system32\LMIRfsClientNP.dll
2011-07-17 02:22:35	87424	----a-w-	m:\windows\system32\LMIinit.dll
2011-07-17 02:22:35	53632	----a-w-	m:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-17 02:22:35	29568	----a-w-	m:\windows\system32\LMIport.dll
2011-07-06 18:52:42	41272	----a-w-	m:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42	22712	----a-w-	m:\windows\system32\drivers\mbam.sys
2011-06-11 02:37:19	2332672	----a-w-	m:\windows\system32\win32k.sys
2011-06-02 17:53:02	94208	----a-w-	m:\windows\system32\dpl100.dll
2011-06-02 05:59:55	169984	----a-w-	m:\windows\system32\winsrv.dll
2011-06-02 05:55:31	271872	----a-w-	m:\windows\system32\conhost.exe
2011-06-02 03:45:49	6144	---ha-w-	m:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49	4608	---ha-w-	m:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49	3584	---ha-w-	m:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49	3072	---ha-w-	m:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:00:02	1638912	----a-w-	m:\windows\system32\mshtml.tlb
2011-05-24 18:14:10	222080	------w-	m:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59	40112	----a-w-	m:\windows\avastSS.scr
2011-05-10 12:03:54	441176	----a-w-	m:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44	53592	----a-w-	m:\windows\system32\drivers\aswMonFlt.sys
2011-05-04 02:43:59	222720	----a-w-	m:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48	96256	----a-w-	m:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41	123392	----a-w-	m:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29	740864	----a-w-	m:\windows\system32\inetcomm.dll
2011-04-29 02:57:34	311296	----a-w-	m:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21	309760	----a-w-	m:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13	114176	----a-w-	m:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46	78336	----a-w-	m:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06	1286016	----a-w-	m:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40	338944	----a-w-	m:\windows\system32\drivers\afd.sys
2007-09-05 22:59:40	118784	----a-w-	m:\program files\Blu-ray Disc Ripper.exe
2006-05-03 11:06:54	163328	--sha-r-	m:\windows\system32\flvDX.dll
2007-02-21 12:47:16	31232	--sha-r-	m:\windows\system32\msfDX.dll
2008-03-16 14:30:52	216064	--sha-r-	m:\windows\system32\nbDX.dll
============= FINISH: 10:57:48.47 ===============
Active Member
Posts: 2
Joined: July 23rd, 2011, 6:05 am
Register to Remove

Re: Google redirect

Unread postby pgmigg » July 24th, 2011, 10:56 am

Hello mtrueman,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
MRU Teacher
MRU Teacher
Posts: 3091
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect

Unread postby mtrueman » July 24th, 2011, 2:45 pm

Its ok, it was a Virtumonde.dll thing which Search and Destroy managed to get rid of. Of the many other things i tried, this was the only one that even identified the problem.

Many thanks

Active Member
Posts: 2
Joined: July 23rd, 2011, 6:05 am

Re: Google redirect

Unread postby pgmigg » July 25th, 2011, 12:41 pm

Hello mtrueman,

Thank you for your patience... :)

Please tell me, is this computer used for business purposes or connected to a business network?
I need to know it - so I can provide the proper instructions.

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program(s)
  1. Click on Start -> Control Panel and depends on View by selection in upper right corner:
    • If Category - click on Uninstall Programs.
    • If Icons - click on Programs and Features.
  2. Locate the following program:
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled, please close Control Panel.
  5. Then please reboot your machine normally.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Its ok, it was a Virtumonde.dll thing which Search and Destroy managed to get rid of. Of the many other things i tried, this was the only one that even identified the problem.

You may have removed certain files but that does not mean you are free of malware. Absence of symptoms does not mean you are not still infected. To be sure that all malware has been removed, please continue with these necessary steps:

Step 2.
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Double click WVCheck.exe, to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 3.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Answer for my question about type of using of your computer.
  2. Your decision about removing P2P program.
  3. Did you have any problems executing the instructions?
  4. Contents of a log created by WVCheck.exe
  5. Contents of a log created by CKFiles.txt

User avatar
MRU Teacher
MRU Teacher
Posts: 3091
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect

Unread postby Wingman » July 29th, 2011, 6:02 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 14055
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware