Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google-redirect.com virus.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google-redirect.com virus.

Unread postby Suleiman » May 10th, 2009, 3:48 pm

Hey everyone.
Recently obtained this nasty virus and I can't remove it for the life of me. I've tried Malwarebytes, GooRedFix, and other such malware removal tools and virus scans, but nothing works.

The symptoms are a bit different from those other people are experiencing, however. I seem to be redirected all the time no matter what website I'm on, yet other people only seem to be redirected when clicking a Google search result or trying to visit a tech support website.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:10 PM, on 5/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre6\bin\java.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe

--
End of file - 7332 bytes

Thanks in advance!! :D
Suleiman
Active Member
 
Posts: 3
Joined: May 10th, 2009, 11:20 am
Advertisement
Register to Remove

Re: google-redirect.com virus.

Unread postby km2357 » May 13th, 2009, 2:24 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: google-redirect.com virus.

Unread postby km2357 » May 13th, 2009, 2:28 pm

Step # 1 Download CCleaner

Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.


Step # 2 Retrieve the Installed Programs List from CCleaner

Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.


Step # 3: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include the CCleaner Install List,C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: google-redirect.com virus.

Unread postby Suleiman » May 13th, 2009, 11:04 pm

Thanks so much for everything!
Here are the new logs:

CCleaner Install List
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
CCleaner (remove only)
Collab
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
Digital Line Detect
EarthLink setup files
EZdrummer
EZXCocktail
FL Studio 8
Get High Speed Internet!
H&R Block Tax Offer
HijackThis 2.0.2
IL Download Manager
Intel Application Accelerator
IrfanView (remove only)
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Klinn's Framework Version 2
Learn2 Player (Uninstall Only)
LimeWire 5.1.2
LiveInfoPro
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Photo Click
PoiZone
Populous MatchMaker
Populous Sprite Editor
PowerDVD 5.3
QuickBooks Simple Start Special Edition
QuickTime
RCT3 Soaked
RealPlayer Basic
reFX Nexus 1.3.7
reFX Nexus 1.4.1
Registry Easy v5.0
RollerCoaster Tycoon® 3
SecureClean4
Single Player Launcher 1.1 BETA
Toxic Biohazard
Viewpoint Media Player
Vuze
Windows Installer 3.1 (KB893803)
WinRAR archiver
WordPerfect Office 12

ComboFix Log
ComboFix 09-05-13.02 - Salty 05/13/2009 21:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.731 [GMT -5:00]
Running from: c:\documents and settings\Salty\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Salty\protect.dll
c:\documents and settings\Salty\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\3.exe
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\divefadi.dll
c:\windows\system32\drivers\ovfsthtcodaudwyodubeaqlnqpilhrjuqvjmxp.sys
c:\windows\system32\feloyapu.dll.tmp
c:\windows\system32\javojosu.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\nobuhedi.dll.tmp
c:\windows\system32\ovfsthdladbyvldtmfjmmedgdwmmrppxyebswn.dll
c:\windows\system32\ovfsthficcnnpyrlfuitkypqpnaecgpubekvcp.dat
c:\windows\system32\ovfsthgrdtovwxkifftbwkagsolxstpxmodrqs.dll
c:\windows\system32\ovfsthklcrhmfctxluxpweufvniyuddtmsuykf.dll
c:\windows\system32\ovfsthldohxdeggnecrodgarybhqxrslygkeut.dat
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\sodumami.dll.tmp
c:\windows\system32\taseyebi.exe
c:\windows\system32\uniq.tll
c:\windows\system32\winglsetup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthtrvqukgalrwbhnkkruuomnainylaatpv


((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-10 19:20 . 2006-10-04 08:48 72704 ------w c:\windows\system32\dllcache\magnify.exe
2009-05-10 19:20 . 2006-10-04 08:48 53760 ------w c:\windows\system32\dllcache\narrator.exe
2009-05-10 19:20 . 2006-10-04 08:48 215552 ------w c:\windows\system32\dllcache\osk.exe
2009-05-10 19:20 . 2006-10-04 13:33 35840 ------w c:\windows\system32\dllcache\umandlg.dll
2009-05-10 15:32 . 2009-05-10 15:32 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-10 08:00 . 2009-05-10 08:00 -------- d-----w c:\program files\MSXML 4.0
2009-05-10 03:40 . 2008-06-13 13:10 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-10 03:40 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-10 03:38 . 2008-12-11 11:57 333184 ------w c:\windows\system32\dllcache\srv.sys
2009-05-10 03:38 . 2008-05-01 14:30 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-10 03:38 . 2008-04-11 18:50 683520 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 03:38 . 2008-10-03 10:15 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-05-10 03:38 . 2008-09-04 16:42 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-10 03:37 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-10 03:33 . 2009-05-10 03:33 -------- d-----w c:\windows\system32\Logs
2009-05-10 03:21 . 2009-05-10 19:19 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-10 03:21 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-05-10 03:21 . 2009-03-21 14:18 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-05-10 03:21 . 2008-07-03 13:16 8454656 ------w c:\windows\system32\dllcache\shell32.dll
2009-05-10 03:20 . 2008-10-15 16:57 332800 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-09 19:10 . 2009-05-09 19:10 128 ----a-w c:\documents and settings\Salty\Local Settings\Application Data\fusioncache.dat
2009-05-09 19:08 . 2006-05-15 21:24 86880 ----a-w c:\windows\system32\drivers\WscNetDr.sys
2009-05-09 19:07 . 2009-05-10 04:21 -------- d-----w c:\program files\McAfee
2009-05-09 19:06 . 2009-05-10 04:21 -------- d-----w c:\program files\Common Files\McAfee
2009-05-09 19:05 . 2009-05-10 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-09 18:17 . 2009-05-09 17:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-09 17:57 . 2009-05-09 17:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-09 17:55 . 2009-05-09 17:55 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 17:55 . 2009-05-09 17:55 -------- d-----w c:\program files\Lavasoft
2009-05-09 17:55 . 2009-05-09 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-09 03:31 . 2009-05-09 03:31 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-07 20:04 . 2009-05-09 06:15 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 20:04 . 2009-05-09 06:15 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 01:57 . 2009-05-07 02:06 -------- d-----w c:\program files\Registry Easy
2009-05-07 01:55 . 2009-05-09 17:43 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-07 01:55 . 2009-05-09 17:43 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-07 01:54 . 2009-05-07 01:54 -------- d-----w c:\documents and settings\Salty\Local Settings\Application Data\Downloaded Installations
2009-05-06 21:27 . 2009-05-06 21:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 01:00 . 2009-05-06 01:00 -------- d-----w c:\program files\CCleaner
2009-05-05 21:21 . 2009-05-05 21:20 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-05 21:20 . 2009-05-05 21:21 -------- d-----w c:\documents and settings\Salty\.housecall6.6
2009-05-03 19:59 . 2009-05-03 19:59 -------- d-----w c:\documents and settings\Salty\Application Data\Malwarebytes
2009-05-03 19:59 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 19:59 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 19:59 . 2009-05-03 19:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 19:59 . 2009-05-03 19:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 18:21 . 2009-05-03 18:21 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-02 01:15 . 2008-04-17 17:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-02 01:15 . 2009-03-19 21:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-02 01:14 . 2009-05-02 01:14 -------- d-----w c:\documents and settings\Salty\Local Settings\Application Data\Apple
2009-05-02 01:13 . 2009-03-26 20:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-02 01:13 . 2009-03-26 20:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-02 01:13 . 2009-05-09 17:57 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-02 01:13 . 2009-05-02 01:13 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-02 00:24 . 2009-05-02 00:24 -------- d-----w c:\documents and settings\Salty\Application Data\IrfanView
2009-05-01 01:52 . 2009-05-01 01:52 103464 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-01 01:51 . 2009-05-01 01:51 -------- d-----w c:\program files\MSBuild
2009-05-01 01:51 . 2009-05-01 01:51 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 01:51 . 2009-05-01 01:51 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 01:50 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-01 01:46 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-01 01:46 . 2009-05-01 01:46 -------- d-----w c:\program files\MSXML 6.0
2009-05-01 01:12 . 2009-05-01 01:12 -------- d-----w c:\program files\NopWorks Productions
2009-04-30 00:37 . 2009-05-06 01:13 -------- d-----w c:\documents and settings\Salty\Local Settings\Application Data\Eraser
2009-04-20 21:43 . 2009-04-20 21:43 -------- d-----w c:\program files\TedTycoon
2009-04-19 21:05 . 2009-04-19 21:14 -------- d-----w c:\documents and settings\Salty\Local Settings\Application Data\WMTools Downloaded Files
2009-04-17 22:46 . 2009-04-17 22:46 -------- d-----w c:\documents and settings\Salty\Application Data\AdobeUM
2009-04-16 14:13 . 2009-04-16 14:13 -------- d-----w c:\program files\Toontrack
2009-04-16 05:35 . 2009-04-16 05:35 -------- d-----w c:\documents and settings\Salty\Application Data\DAEMON Tools
2009-04-16 05:34 . 2009-04-16 05:34 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-16 05:34 . 2009-04-16 05:34 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-16 05:34 . 2009-04-16 05:36 -------- d-----w c:\documents and settings\Salty\Application Data\DAEMON Tools Lite
2009-04-16 05:32 . 2009-04-16 05:32 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-16 05:32 . 2009-04-16 05:33 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-16 05:30 . 2009-04-16 05:30 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-16 05:30 . 2009-04-16 05:35 -------- d-----w c:\documents and settings\Salty\Application Data\DAEMON Tools Pro
2009-04-16 05:13 . 2009-04-16 05:13 -------- d-----w c:\program files\Common Files\reFX
2009-04-16 05:13 . 2009-04-16 05:13 -------- d-----w c:\program files\Common Files\Digidesign
2009-04-16 04:54 . 2009-04-16 04:54 1700352 ----a-w c:\windows\system32\gdiplus.dll
2009-04-16 01:21 . 2009-04-16 01:21 -------- d-----w c:\documents and settings\Salty\Local Settings\Application Data\Identities
2009-04-15 23:48 . 2009-04-15 23:48 -------- d-----w c:\documents and settings\All Users\Application Data\sctemp
2009-04-15 23:48 . 2007-05-17 15:57 335872 ----a-w c:\windows\system32\SCshell402.dll
2009-04-15 23:48 . 2007-05-17 15:56 278528 ----a-w c:\windows\system32\SCService4.dll
2009-04-15 23:48 . 2009-04-15 23:48 -------- d-----w c:\program files\WhiteCanyon
2009-04-15 23:35 . 2009-04-15 23:35 -------- d-----w c:\windows\system32\QuickTime
2009-04-15 23:35 . 2009-05-02 01:14 -------- d-----w c:\program files\QuickTime
2009-04-15 23:11 . 2009-04-15 23:35 -------- d-----w c:\documents and settings\Salty\Application Data\tor(2)
2009-04-15 23:10 . 2009-04-15 23:35 -------- d-----w c:\documents and settings\Salty\Application Data\Vidalia(2)
2009-04-15 23:10 . 2009-04-15 23:35 -------- d-----w c:\program files\Vidalia Bundle(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 19:13 . 2005-04-04 15:28 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-05-09 19:13 . 2005-04-04 15:28 -------- d-----w c:\program files\McAfee.com
2009-05-09 06:15 . 2009-05-07 20:04 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-09 06:15 . 2009-05-07 20:04 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-06 01:14 . 2005-04-04 15:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 01:15 . 2009-04-10 02:44 -------- d-----w c:\program files\iTunes
2009-05-02 01:14 . 2009-04-10 02:44 -------- d-----w c:\program files\Bonjour
2009-05-02 01:14 . 2009-04-10 02:42 -------- d-----w c:\program files\Apple Software Update
2009-05-01 01:58 . 2009-03-23 22:25 41688 ----a-w c:\documents and settings\Salty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 18:27 . 2009-03-23 22:46 -------- d-----w c:\program files\Nexus
2009-04-16 17:40 . 2009-03-23 22:49 -------- d-----w c:\program files\VstPlugins
2009-04-16 02:54 . 2009-04-09 21:44 -------- d-----w c:\program files\IrfanView
2009-04-15 23:35 . 2009-04-10 02:43 -------- d-----w c:\program files\QuickTime(2)
2009-04-11 03:12 . 2009-03-23 22:25 -------- d-----w c:\program files\Vuze
2009-04-10 02:44 . 2009-04-10 02:44 -------- d-----w c:\program files\iPod
2009-04-10 02:44 . 2009-04-10 02:40 -------- d-----w c:\program files\Common Files\Apple
2009-04-03 02:32 . 2009-04-03 02:32 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 17:23 . 2009-03-27 17:04 -------- d-----w c:\program files\FreeUndelete
2009-03-27 04:27 . 2009-03-25 18:05 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-03-25 18:02 . 2009-03-25 18:02 -------- d-----w c:\program files\Common Files\PocketSoft
2009-03-25 17:59 . 2009-03-25 17:59 -------- d-----w c:\program files\Atari
2009-03-25 04:20 . 2009-03-25 04:20 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-23 22:49 . 2009-03-23 22:48 -------- d-----w c:\program files\Image-Line
2009-03-23 22:49 . 2009-03-23 22:49 -------- d-----w c:\program files\ASIO4ALL v2
2009-03-23 22:49 . 2009-03-23 22:49 -------- d-----w c:\program files\Outsim
2009-03-23 22:36 . 2009-03-23 22:36 -------- d-----w c:\program files\Populous Reincarnated
2009-03-23 22:34 . 2009-03-23 22:34 24576 ----a-w c:\windows\system32\EALTEST.EXE
2009-03-23 22:34 . 2009-03-23 22:34 132096 ----a-w c:\windows\system32\EAEXEC.EXE
2009-03-23 22:30 . 2009-03-23 22:30 -------- d-----w c:\program files\Bullfrog
2009-03-23 22:24 . 2009-03-23 22:22 -------- d-----w c:\program files\LimeWire
2009-03-23 22:23 . 2009-03-23 22:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-23 22:23 . 2005-04-04 15:22 -------- d-----w c:\program files\Java
2009-03-06 14:44 . 2004-08-04 10:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2004-08-04 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2004-08-04 10:00 659456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DC51E2A-2041-4745-97BA-1CA8C794A07F}]
2007-12-27 13:07 2306048 ----a-w c:\program files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E9D340B-D614-4854-AE06-4218201F6AAE}"= "c:\program files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll" [2007-12-27 2306048]

[HKEY_CLASSES_ROOT\clsid\{3e9d340b-d614-4854-ae06-4218201f6aae}]
[HKEY_CLASSES_ROOT\TBSB00583.TBSB00583.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00583.TBSB00583]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3E9D340B-D614-4854-AE06-4218201F6AAE}"= "c:\program files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll" [2007-12-27 2306048]

[HKEY_CLASSES_ROOT\clsid\{3e9d340b-d614-4854-ae06-4218201f6aae}]
[HKEY_CLASSES_ROOT\TBSB00583.TBSB00583.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00583.TBSB00583]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SecureClean4Tray"="c:\program files\WhiteCanyon\SecureClean 4\sctray4.exe" [2007-05-17 1525248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-09 516440]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGui.exe" [2006-07-26 1287792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-4-4 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-4 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Populous Reincarnated\\MatchMaker\\identd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/9/2009 12:57 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 953168]
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:57]

2009-05-09 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 10:00]

2009-05-09 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-05-09 18:32]

2009-05-13 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-05-07 21:51]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
HKU-Default-Run-InetChk - c:\windows\TEMP\ms1242156492.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 21:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-14 21:59
ComboFix-quarantined-files.txt 2009-05-14 02:59

Pre-Run: 42,209,136,640 bytes free
Post-Run: 42,273,878,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

277 --- E O F --- 2009-05-13 08:00

HiJack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:09 PM, on 5/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: TBSB00583 - {5DC51E2A-2041-4745-97BA-1CA8C794A07F} - C:\Program Files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: LiveInfoPro - {3E9D340B-D614-4854-AE06-4218201F6AAE} - C:\Program Files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe

--
End of file - 6005 bytes

Thanks!
Suleiman
Active Member
 
Posts: 3
Joined: May 10th, 2009, 11:20 am

Re: google-redirect.com virus.

Unread postby km2357 » May 14th, 2009, 1:41 am

I see that you have McAfee SecurityCenter installed. Does it come with an Anti-Virus component? If not, you'll need to download and install an Anti-Virus on your computer.

Here are two free ones to choose from:

1)Antivir PersonalEdition Classic
2)avast! 4 Home Edition

Download and install only one!


Registry Cleaners

Re. Registry Easy v5.0

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners:

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


http://forums.whatthetech.com/Regcleaner_t42862.html

I recommend that you uninstall Registry Easy v5.0 from your computer.



IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.2

Vuze


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.



Step # 1 Upload Files

Go to Jotti
Copy the following line into the white textbox:
c:\program files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll
Click Submit.
Please post the results of this scan to this thread.

If Jotti is busy, Go to VirusTotal and scan the file(s) there.


In your next post/reply, I need to see the following:

1. The Jotti/VirusTotal Results
2. A fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: google-redirect.com virus.

Unread postby km2357 » May 16th, 2009, 12:56 pm

Suleiman? Do you still need help?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: google-redirect.com virus.

Unread postby NonSuch » May 19th, 2009, 4:08 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware