Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Google Hijacking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Google Hijacking

Unread postby claster » February 28th, 2010, 10:41 pm

Dear Friends,

First of all, thanks for the good work you do. It really means a lot that there are knowledgeable people willing to help in situations like this.

The problem I'm having is that Google seems to be hijacked. It performs the search properly (in Firefox, which is my primary browser), but when I click on the results, I'll get taken to an unrelated site. One of the sites it tries to take me to is something called "rle822x.cn" and "ultraantispyware.com." When the problem first started happening, I'd get a warning notice that "www.google.com:443 uses an invalid security certificate." My AV software, and I've got a virtual army of it, includes AVG and Spyware Dr. Also, at first, the searches that would come up would be for something with the word "mfeed" in it. Virus scans picked up indications of "Win32/Patched.CG" and "Rootkit.Patched.TDSS.Gen." One file, in the WINDOWS/System32/drivers directory kept coming up with warnings, and every time I'd click "heal it," it would reappear.

The more annoying aspects of this problem seem to have been healed by the various AV solutions, but I'm still getting misdirections from Google in each browser I try, as well as the occasional new tabs popping up in Firefox. I just checked, and it happens when clicking on Yahoo searches as well. (For what it's worth, AltaVista seems to work fine! Weird.) However, when I enter (or paste) a URL directly into the browser, it works fine. Scans are now coming up clean.

I got this by downloading a television episode ("Men of a Certain Age," actually!) which was a WMV file rather than an "AVI" file, and when I tried to view it, was instructed to click something to download the proper codec, and... wham-o.

Thanks again in advance for all your help.

Bob Claster
bob@bobclaster.com
http://www.bobclaster.com

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:05 PM, on 2/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AirPort\APAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S279.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3045222062
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca29d517f22b00) (gupdate1ca29d517f22b00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10560 bytes



And here's the uninstall list:

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.3.1
AIM 7
AirPort
AnswerWorks 5.0 English Runtime
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audacity 1.3.3 (Unicode)
AVG 8.5
AviSynth 2.5
Bonjour
Braid
Browser Defender 2.0.6.11
CanoScan LiDE 90
Cloudmark Desktop for Microsoft Outlook
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
Critical Update for Windows Media Player 11 (KB959772)
DAZzle
Download Updater (AOL LLC)
DVD Shrink 3.2
eMule
EPSON Print CD
EPSON Printer Software
GoldWave v5.52
GoldWave v5.54
GoldWave v5.55
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Handbrake 0.9.4
Hardlock Device Drivers
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ImgBurn
IMM4 VCM Codec 1.0.0.10
Intel(R) PRO Network Connections 11.2.0.69
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 15
jZip
LAME v3.98.2 for Audacity
Logitech MouseWare 9.79.1
LogMeIn
McAfee Security Scan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access database engine 2007 (English)
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Streets & Trips 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BackItUp 4
neroxml
New Rochelle High School
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2
Paint Shop Pro 4.12 Shareware
PowerDVD
PowerPrompter
Powertoys For Windows XP
Quicken 2009
QuickTime
SAPI Wrapper
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Spyware Doctor 7.0
Steam
System Requirements Lab
Tag&Rename 3.5.3
Trillian
Trillian Pro 3.1 Build 121
TTS Wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Videora Android Converter 5.04
VLC media player 0.9.9
Windows 7 Upgrade Advisor
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Xvid 1.2.1 final uninstall
Yahoo! Messenger
YouSendIt Express
YouSendIt Express

Also, if it's any help, here is the report generated by BitDefender. I've since run their QuickScan again and come up clean, so it's likely that the infection it found is gone. Here it is:

BitDefender QuickScan Beta 32-bit v0.9.9.8
------------------------------------------

Scan date: Sun Feb 28 02:36:24 2010
Machine ID: A0A43638



Found 1 infected file!
------------------------
C:\WINDOWS\system32\drivers\si3114r.sys - Rootkit.Patched.TDSS.Gen


Processes
---------
<unsigned> AirPort Base Station Agent 3396 C:\Program Files\AirPort\APAgent.exe
<unsigned> Microsoft® Windows® Operating System 3184 C:\WINDOWS\system32\fast.exe
<unsigned> Microsoft® Windows® Operating System 2640 C:\WINDOWS\system32\Fast.exe
<unsigned> MouseWare 3432 C:\Program Files\Logitech\MouseWare\system\em_exec.exe
<unsigned> OpenDNSUpdater.exe 3620 C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
<unsigned> PowerDVD 404 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
<unsigned> RichVideo Module 116 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> taskswitch.exe 1340 C:\WINDOWS\system32\taskswitch.exe

<verified> Adobe Photoshop Elements 372 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
<verified> Apple Mobile Device Service 484 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> AVG Internet Security 1408 C:\Program Files\AVG\AVG8\avgam.exe
<verified> AVG Internet Security 2704 C:\Program Files\AVG\AVG8\avgcsrvx.exe
<verified> AVG Internet Security 1460 C:\Program Files\AVG\AVG8\avgcsrvx.exe
<verified> AVG Internet Security 2424 C:\Program Files\AVG\AVG8\avgemc.exe
<verified> AVG Internet Security 1704 C:\Program Files\AVG\AVG8\avgnsx.exe
<verified> AVG Internet Security 1564 C:\Program Files\AVG\AVG8\avgrsx.exe
<verified> AVG Internet Security 3076 C:\Program Files\AVG\AVG8\avgtray.exe
<verified> AVG Internet Security 512 C:\Program Files\AVG\AVG8\avgwdsvc.exe
<verified> Bonjour 536 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> EPSON Status Monitor 3 3560 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
<verified> Firefox 5476 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> GoogleToolbarNotifier 3612 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> iTunes 3844 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 3084 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U15 1512 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE 6 U15 3112 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> McAfee Free Tools 3660 C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
<verified> Microsoft® Visual Studio .NET 548 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 176 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3564 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2520 C:\WINDOWS\system32\fxssvc.exe
<verified> Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 704 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1828 C:\WINDOWS\system32\SNDVOL32.EXE
<verified> Microsoft® Windows® Operating System 1592 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 208 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1232 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3480 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1488 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\winlogon.exe
<verified> Nero BackItUp 604 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
<verified> PC Tools Auxiliary Service 1436 C:\Program Files\Spyware Doctor\pctsAuxs.exe
<verified> PC Tools GUI Application 1000 C:\Program Files\Spyware Doctor\pctsGui.exe
<verified> PC Tools Security Service 1100 C:\Program Files\Spyware Doctor\pctsSvc.exe
<verified> PC Tools Tray Application 588 C:\Program Files\Spyware Doctor\pctsTray.exe
<verified> Quick Search Box 2684 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
<verified> Threat Expert Ltd. Browser Defender 3332 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
<verified> ThreatFire 3256 C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
<verified> Ulead Systems ULCDRSvr 2216 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
<verified> µTorrent 3088 C:\Program Files\uTorrent\uTorrent.exe


Network activity
----------------
Process avgnsx.exe (1704) connected on port 80 (HTTP) - hkg01s01-in-f100.1e100.net
Process avgnsx.exe (1704) connected on port 80 (HTTP) - tz-in-f138.1e100.net
Process avgnsx.exe (1704) connected on port 80 (HTTP) - hkg01s01-in-f101.1e100.net
Process avgnsx.exe (1704) connected on port 80 (HTTP) - a69-192-37-115.deploy.akamaitechnologies.com
Process avgnsx.exe (1704) connected on port 80 (HTTP) - *.122.2o7.net
Process uTorrent.exe (3088) connected on port 5513 - client-82-26-182-210.pete.adsl.virginmedia.com
Process uTorrent.exe (3088) connected on port 49486 - montreal.perfect-privacy.com
Process uTorrent.exe (3088) connected on port 42195 - S01060007e907add2.cg.shawcable.net
Process firefox.exe (5476) connected on port 443 (HTTP over SSL) - hkg01s01-in-f17.1e100.net
Process firefox.exe (5476) connected on port 443 (HTTP over SSL) - google.navigation.opendns.com

Process svchost.exe (1104) listens on ports: 135 (RPC)
Process uTorrent.exe (3088) listens on ports: 17884


Autoruns and critical files
---------------------------
<unsigned> Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
<unsigned> AirPort Base Station Agent C:\Program Files\AirPort\APAgent.exe
<unsigned> Microsoft® Windows® Operating System C:\WINDOWS\system32\Fast.exe
<unsigned> OpenDNSUpdater.exe C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
<unsigned> PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
<unsigned> taskswitch.exe C:\WINDOWS\system32\taskswitch.exe
<unsigned> Ulead VideoStudio C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
<verified> AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
<verified> EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U15 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> LogMeIn C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
<verified> LogMeIn C:\WINDOWS\system32\LMIinit.dll
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> MouseWare C:\WINDOWS\Logi_MwX.Exe
<verified> PC Tools Tray Application C:\Program Files\Spyware Doctor\pctsTray.exe
<verified> Quick Search Box C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Adobe SVG Viewer C:\Program Files\Mozilla Firefox\plugins\NPSVG6.dll
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> DeleteMe1.exe C:\Program Files\Mozilla Firefox\plugins\DeleteMe1.exe
<unsigned> downloadUpdater C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
<unsigned> downloadUpdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
<unsigned> frozen.dll C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> googletoolbar-ff2.dll C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> googletoolbar-ff3.dll C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> googletoolbarloader.dll C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> Java(TM) Platform SE 6 U15 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> Mozilla ActiveX control and plugin supp C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
<unsigned> Musicnotes C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
<unsigned> npRACtrl.dll C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> Turner Media Plugin 1.0.0.10 C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
<unsigned> VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> AVG Internet Security c:\program files\avg\avg8\avgssie.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
<verified> Java Deployment Toolkit 6.0.150.3 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U15 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> LMIProxyHelper.exe C:\Program Files\Mozilla Firefox\plugins\LMIProxyHelper.exe
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft (R) Windows (R) 95, Windows ( C:\Program Files\Mozilla Firefox\plugins\unicows.dll
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> npsibelius.dll C:\Program Files\Mozilla Firefox\plugins\npsibelius.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> PC Tools Content Filter C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
<verified> ractrlkeyhook.dll C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
<verified> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab_srlx.dll
<verified> Threat Expert Ltd. Browser Defender c:\program files\spyware doctor\bdt\pctbrowserdefender.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll


Missing files
-------------
File not found: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NBKeyScan"


Scan
----
<unsigned> MD5: e6f1eccac30190e631eb3fd6da9f8a24 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: dd920bd959dc5aef72413d9232182116 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: 75c4a08eeba68b37a3d102343e203f6b C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> MD5: afb33df2fe4cd33c6fc19a540ebe7ba2 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles/c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: e6f1eccac30190e631eb3fd6da9f8a24 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: dd920bd959dc5aef72413d9232182116 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: afb33df2fe4cd33c6fc19a540ebe7ba2 C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\c5395bdf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: e10e393e3179c7a0f9ea091914e4be91 C:\Program Files\AirPort\APAgent.exe
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: fab3f0bbc92edc9f35f7865af0556f7d C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
<unsigned> MD5: a48854270f4ee87a6d392aae9eff7e1c C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
<unsigned> MD5: d53825bb55b59b7ccd4ca9067e540cbc C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
<unsigned> MD5: 2994380c9717e7eb8b2e3bc9457c7dbd C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
<unsigned> MD5: d7fc7b3bdae8c0202961a4df17b0f293 C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll
<unsigned> MD5: 89920e0387622b41ee619fd7e2bf82d2 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\CyberLink\PowerDVD\msvcr71.dll
<unsigned> MD5: ee037574c705ee756191cf50d5aa00ad C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
<unsigned> MD5: bd517c7fb119997effbe39d5e4b37b05 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> MD5: 2dc61f643534045b332d20cccd7a2b9d C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: a303d9dae709c950ed272068912360c7 C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
<unsigned> MD5: cd60f78040b5619eb0dc261ae44a57c5 C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 55e583817a2012fd75f1f8cf87ee760c c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 1189d45b461e997af17bee5b346bd08a C:\Program Files\Logitech\MouseWare\system\CCMSGHK.DLL
<unsigned> MD5: 88089e52c154fe04c1e426af3a225c67 C:\Program Files\Logitech\MouseWare\system\ccresrce.dll
<unsigned> MD5: 89930841ebe969479cdb29a091dca048 C:\Program Files\Logitech\MouseWare\system\CCSTMGLB.DLL
<unsigned> MD5: 0488d9f94e56c33c8a7221bfa391b09e C:\Program Files\Logitech\MouseWare\system\CCUSTOM.DLL
<unsigned> MD5: bdf269ce109638a0a26b29b2dd933375 C:\Program Files\Logitech\MouseWare\system\DEVICES.DLL
<unsigned> MD5: 7d325ec9b9b1589df12d0874700bc59e C:\Program Files\Logitech\MouseWare\system\em_exec.exe
<unsigned> MD5: a35015fb2e4ffb234b6690a9d602ab0b C:\Program Files\Logitech\MouseWare\system\EVENTEX.DLL
<unsigned> MD5: fb17910532d91e7d6dff15d5402727d3 C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll
<unsigned> MD5: 346d7aab3c93ad6c27ad88013cf368c2 C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
<unsigned> MD5: a430faae0a4db973500b6c882f8848e5 C:\Program Files\Logitech\MouseWare\system\MFC42.DLL
<unsigned> MD5: 1aab00ae4ffb5c72a0a06a254f80510e C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 39dfd2c92728fca093d5bdefe5f6e801 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 42d939bde7a7a28ca313447ff10f81a3 C:\Program Files\Mozilla Firefox\plugins\DeleteMe1.exe
<unsigned> MD5: 323fe218dac089eed70ca55e6c1c2f1d C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
<unsigned> MD5: dbe8c34758da614f35ae7011284406bb C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
<unsigned> MD5: bb2fd4632cbf410c584bab0be026b733 C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
<unsigned> MD5: bc03743e5a4eda849980f1779c9cb672 C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 8aecb176c656ea899739a117d8ef9e9d C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
<unsigned> MD5: 4c23e74ef7f99d8b07c9aa7dc087e200 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> MD5: 3d84a7e0cd7a1fc93eab9f2d50e5bd9c C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> MD5: cccbd677102c57d101e5fd26962d6351 C:\Program Files\Mozilla Firefox\plugins\NPSVG6.dll
<unsigned> MD5: 0633acdf6934b7e44e65acbd795b6c6f C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
<unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> MD5: 89e6d66ec90b4e8e41b55248eb7c84cb C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 5c1a6a134987c12bc0a2f6d07fd842eb C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: 22796e9bba509c141ba9c3ed6971b213 C:\Program Files\Spyware Doctor\PCToolsComponents.bpl
<unsigned> MD5: ee4751299febfab77e689c60721ef218 C:\Program Files\Spyware Doctor\rtl100.bpl
<unsigned> MD5: aa2baee9c50ab6fed72de7c8867dff49 C:\Program Files\Spyware Doctor\vcl100.bpl
<unsigned> MD5: f82c555353ce1906112495df5031e553 C:\Program Files\VideoLAN\VLC\npvlc.dll
<unsigned> MD5: ea85c911c213873a975a5988ed19a66b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: c28aef8f74d851bb3feec3f9053c8915 C:\WINDOWS\system32\COMNCTR.DLL
<unsigned> MD5: 215bf879658630bd79988849db396402 C:\WINDOWS\system32\dnssd.dll
<unsigned> MD5: 62c7ead914822f667587c1c9d6d1c47b C:\WINDOWS\system32\drivers\si3114r.sys
<unsigned> MD5: 1be84e434200cbcc51da6b3aae5f2330 C:\WINDOWS\system32\Fast.exe
<unsigned> MD5: 213afcb3ddab32df46e66558940e249a C:\WINDOWS\system32\taskswitch.exe
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
<unsigned> MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
<unsigned> MD5: ccc2e312486ae6b80970211da472268b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
<unsigned> MD5: 9090454e6772f7cfbce240bf4dc5f7e8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\drivers\si3114r.sys

Upload started - 1 file(s)
C:\WINDOWS\system32\drivers\si3114r.sys (116776)
Upload speed - 30 KB/s
Upload finished - 1 uploaded, 0 failed

Scan finished - communication took 7 sec
Total traffic - 0.21 MB sent, 3.19 KB recvd
Scanned 1431 files and modules - 308 seconds

----------------------------------------------

Okay, it's Wednesday morning now, and the damn thing seems to be back. My "Resident Shield alert" on my newly-updated-to-ver. 9.0 AVG AV software keeps complaining about that si3114r.sys file, which is apparently the heart of my RAID array system. I'm starting to get nervous. I have the kind of RAID array that gives me redundancy between two drives, and I need it to work. The search engine redirects and unwanted tab popups keep happening, but if my RAID array is in trouble, I'm really really worried. HELP!!!!
claster
Active Member
 
Posts: 3
Joined: February 28th, 2010, 8:52 pm
Top
Advertisement
Register to Remove

Re: Google Hijacking

Unread postby andyspeake » March 3rd, 2010, 8:34 pm

Hello, and Welcome :)
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a MRU teacher or senior malware remover. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • Continue to respond to this thread until I give you the All Clean! Remember, abscence of symptons doesn't mean you are malware free.
  • If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • If you are receiving help or have received help on this problem elsewhere, please let us know
  • Please bookmark or favourite this page. In case you need it as reference or etc.

All users of this forum must read this topic before proceeding
No Reply Within 3 Days Will Result In Your Topic Being Closed! If you need more time, please inform me.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland
Top

Re: Google Hijacking

Unread postby andyspeake » March 4th, 2010, 9:03 am

Hi,

Is this computer used for business purposes?

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent and eMule

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here along with an uninstall list.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland
Top

Re: Google Hijacking

Unread postby andyspeake » March 6th, 2010, 8:11 am

3 Day Response
Hello...
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland
Top

Re: Google Hijacking

Unread postby claster » March 6th, 2010, 11:46 am

Sorry, but when a few days passed and I didn't hear from you, I had to put the problem in the hands of a professional. It's being dealt with as we speak. Thanks.
claster
Active Member
 
Posts: 3
Joined: February 28th, 2010, 8:52 pm
Top

Re: Google Hijacking

Unread postby Elrond » March 6th, 2010, 4:20 pm

Due to the problem being taken care of this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index