Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please, possible google redirect error?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help please, possible google redirect error?

Unread postby jets24 » May 14th, 2012, 7:48 pm

Having a lot of trouble with a slow moving computer, google redirect error and non responsive mozilla firefox at times.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Ryan at 17:54:56 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2130 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Ryan\Desktop\Games\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkot ... p=homepage
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
uRun: [AIM] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\05162727F64747F586F6D656 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\34F62747C616E646D2355636572756 : DhcpNameServer = 137.123.221.100 137.123.221.69 137.123.3.218
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\36963736F6D27657563747 : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.33.1
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\36F62747C616E646 : DhcpNameServer = 137.123.3.218 137.123.221.69 137.123.221.100
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\7457563747 : DhcpNameServer = 208.67.222.222 208.67.222.220
TCP: Interfaces\{7F284403-D3DD-4F8F-8F69-D378F0A5D024}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\s3ct33b1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - sports.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m ... e=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ryan\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-24 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-10 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-10 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-25 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-11-21 91456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-25 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-13 18:51:26 -------- d-----w- C:\Users\Ryan\AppData\Local\{A5F0C6D6-F2EF-43EE-A64F-134BFF8CE9F9}
2012-05-13 18:51:14 -------- d-----w- C:\Users\Ryan\AppData\Local\{F3BBEA25-8241-46E3-827D-45D36429B846}
2012-05-13 08:59:41 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-05-13 08:59:37 -------- d-----w- C:\Users\Ryan\AppData\Local\NPE
2012-05-13 08:42:07 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-05-13 08:41:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 08:41:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 08:41:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 08:15:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-13 08:09:32 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-05-13 07:50:48 -------- d-----w- C:\ProgramData\RegAce
2012-05-13 07:19:51 98816 ----a-w- C:\Windows\sed.exe
2012-05-13 07:19:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-13 07:19:51 256000 ----a-w- C:\Windows\PEV.exe
2012-05-13 07:19:51 208896 ----a-w- C:\Windows\MBR.exe
2012-05-13 07:08:02 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-05-13 06:58:30 116016 ----a-w- C:\Windows\System32\drivers\04145320.sys
2012-05-13 04:45:02 -------- d-----w- C:\Users\Ryan\AppData\Local\{F90FC1B4-CA8B-4BC7-9796-0E9C3D55344C}
2012-05-13 04:44:48 -------- d-----w- C:\Users\Ryan\AppData\Local\{E53FC949-C7B1-410E-9DBB-2B9281697943}
2012-05-13 04:17:22 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-05-12 16:44:16 -------- d-----w- C:\Users\Ryan\AppData\Local\{DE15215C-0FD0-4C4D-AF91-60211EF7A798}
2012-05-12 16:44:04 -------- d-----w- C:\Users\Ryan\AppData\Local\{A97077BB-2F54-4AB9-9B1B-0517BC59225D}
2012-05-12 04:02:06 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-05-12 03:58:17 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2012-05-12 03:58:02 -------- d-----w- C:\Users\Ryan\AppData\Roaming\.purple
2012-05-12 03:57:27 -------- d-----w- C:\ProgramData\blekko toolbars
2012-05-12 03:57:14 -------- d-----w- C:\Program Files (x86)\Chat Messenger
2012-05-12 03:01:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\77b3f8391cd2feb01\MeshBetaRemover.exe
2012-05-12 03:00:39 -------- d-----w- C:\Users\Ryan\AppData\Local\{9396F785-18A0-443F-B3D6-6903CC154E9A}
2012-05-12 00:58:40 -------- d-----w- C:\Users\Ryan\AppData\Local\{8527E000-E85D-440D-9399-A88C424690C8}
2012-05-11 12:58:13 -------- d-----w- C:\Users\Ryan\AppData\Local\{1DF21A0C-8DBB-47DA-B346-83C8B2EAD875}
2012-05-11 08:07:25 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A574E57B-7DD6-419A-AEFA-5AA5653C0D10}\offreg.dll
2012-05-11 08:06:08 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A574E57B-7DD6-419A-AEFA-5AA5653C0D10}\mpengine.dll
2012-05-11 00:57:30 -------- d-----w- C:\Users\Ryan\AppData\Local\{EE93460B-FCD6-434B-B613-84538D6DEC81}
2012-05-11 00:57:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{918C1C7F-6B1D-4327-81E2-A28E183F7A1E}
2012-05-11 00:57:04 -------- d-----w- C:\Users\Ryan\Tracing
2012-05-11 00:51:57 -------- d-----w- C:\Users\Ryan\AppData\Local\{3B4AEE9B-6A10-40ED-B5B4-42B0EFF0225C}
2012-05-11 00:51:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Windows Live Writer
2012-05-11 00:51:44 -------- d-----w- C:\Users\Ryan\AppData\Local\Windows Live Writer
2012-05-10 20:37:44 -------- d-----w- C:\Windows\en
2012-05-10 20:32:03 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-05-10 20:32:03 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-05-10 20:32:03 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-05-10 20:32:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-05-10 20:30:33 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DSETUP.dll
2012-05-10 20:30:33 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\DXSETUP.exe
2012-05-10 20:30:33 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bf7bb6b41cd2eeb06\dsetup32.dll
2012-05-10 20:30:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DSETUP.dll
2012-05-10 20:30:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\DXSETUP.exe
2012-05-10 20:30:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc1e9c681cd2eeb05\dsetup32.dll
2012-05-10 20:29:45 -------- d-----w- C:\Users\Ryan\AppData\Local\Windows Live
2012-05-10 20:08:52 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Avira
2012-05-10 20:03:20 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-10 20:03:20 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-05-10 20:03:19 -------- d-----w- C:\ProgramData\Avira
2012-05-10 20:03:19 -------- d-----w- C:\Program Files (x86)\Avira
2012-05-10 19:42:51 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-05-10 04:54:40 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-10 04:54:38 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 04:54:38 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-08 21:23:56 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-08 21:23:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 21:23:54 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-08 21:23:52 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 21:23:51 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-08 21:23:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 21:22:01 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-08 21:21:34 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-08 21:21:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 21:21:31 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-04-22 00:22:14 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Dartfish
2012-04-22 00:22:09 -------- d-----w- C:\Users\Ryan\AppData\Local\Dartfish
2012-04-22 00:21:20 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2012-04-22 00:21:20 -------- d-----w- C:\ProgramData\Dartfish
2012-04-17 23:13:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 23:13:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 23:13:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 23:13:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 23:13:22 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 23:13:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 23:13:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 17:56:29.24 ===============
jets24
Active Member
 
Posts: 1
Joined: May 14th, 2012, 7:44 pm
Advertisement
Register to Remove

Re: Help please, possible google redirect error?

Unread postby torreattack » May 17th, 2012, 5:41 pm

Checking your log, will reply soon.
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Help please, possible google redirect error?

Unread postby torreattack » May 18th, 2012, 10:49 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi jets24 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please re-run DDS and post both DDS.txt and Extra.txt.

I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Help please, possible google redirect error?

Unread postby deltalima » May 20th, 2012, 5:51 pm

Connected to Educational Network
I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such computers.


This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware