Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search redirects! Malwarebytes didn't fix it

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » April 26th, 2010, 4:30 am

Hello and thank you folks in advance for your assistance. A couple days ago I began getting these repeated "Microsoft De-bugger" prompts regarding a script editor. In the heat of the moment, I clicked "yes" for the editor to proceed. A page with HTML type language popped up and began getting rewritten. A second later I received another prompt asking if I wanted to continue or "break." I clicked "break" and closed the program. Since then, the links that I get as a result of Google searches will re-direct me. I ran a full scan of Malwarebytes which found several Trojans in my system. The infected files were then supposedly quarantined or deleted. The problem, however, persists.

Here is my Hijack This log file and Uninstall list.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:17 AM, on 4/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9014 bytes

------------------------------------------------------------------------------------------------------------------------------------

µTorrent
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Batch Image Resizer 2.65
Bonjour
Broadcom Management Programs 2
CCleaner
CDex extraction audio
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
ESPNMotion
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.5.1
Google AFE
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 17
Laplink FileMover
Learn2 Player (Uninstall Only)
Macromedia Flash Player
MakeTorrent v2.1
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Otto
PC-Linq
PicViewer 2.74
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
RealTime Cookie & Cache Cleaner (RtC3)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
WildTangent Web Driver
Winamp (remove only)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD 1.1 final uninstall
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am
Advertisement
Register to Remove

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » April 29th, 2010, 5:19 pm

Hi

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

uTorrent
MakeTorrent


These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so.



Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


--

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » April 30th, 2010, 9:03 am

Done and done.

--Here is the DDS log--


DDS (Ver_10-03-17.01) - NTFSx86
Run by The_Club at 5:53:04.07 on Fri 04/30/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The_Club\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\the_club\applic~1\mozilla\firefox\profiles\me7sidcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\the_club\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFML32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [2006-4-23 42944]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-4-23 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-4-23 8960]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-1-17 15576]

=============== Created Last 30 ================

2010-04-26 08:16:52 0 d-----w- C:\Trend Micro
2010-04-24 11:38:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 09:21:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-24 08:42:21 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-11-21 03:10:31 56 --sh--r- c:\windows\system32\6705259C80.sys
2007-11-21 03:10:34 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 5:54:02.20 ===============


--Here is the ATTACH log--


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2006 7:57:47 PM
System Uptime: 4/29/2010 12:39:34 PM (17 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1316/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 0.338 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\35CD0D21344FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\35CD0D21344FC000
Service: NIC1394

==== System Restore Points ===================

RP919: 4/26/2010 1:48:21 AM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Batch Image Resizer 2.65
Bonjour
Broadcom Management Programs 2
CCleaner
CDex extraction audio
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
ESPNMotion
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.5.1
Google AFE
Google Talk (remove only)
Google Toolbar for Internet Explorer
GoToMeeting 4.1.0.366
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 17
Laplink FileMover
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Otto
PC-Linq
PicViewer 2.74
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
RealTime Cookie & Cache Cleaner (RtC3)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD 1.1 final uninstall
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/25/2010 6:05:36 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 80509b81.
4/25/2010 3:38:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/24/2010 2:05:39 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEBCF420. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/23/2010 8:39:00 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/23/2010 11:24:00 PM, error: PSched [14103] - QoS [Adapter {D53037AC-3EC5-4349-B2D8-018458D6E4B4}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================




--Here is the GMER log--

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-30 06:01:50
Windows 5.1.2600 Service Pack 3
Running: 8bikmlqx.exe; Driver: C:\DOCUME~1\The_Club\LOCALS~1\Temp\pxtdrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? manomf.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74B6780]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74A9B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [F74A9B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F74A9B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74A9B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » April 30th, 2010, 10:05 am

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » April 30th, 2010, 11:59 pm

ComboFix 10-04-30.01 - The_Club 04/30/2010 15:28:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.693 [GMT -7:00]
Running from: c:\documents and settings\The_Club\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-26 08:16 . 2010-04-26 08:17 -------- d-----w- C:\Trend Micro
2010-04-24 11:38 . 2010-04-25 21:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\program files\Alwil Software
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-24 08:42 . 2010-04-24 08:42 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 12:49 . 2006-10-24 03:47 -------- d-----w- c:\program files\uTorrent
2010-04-25 13:19 . 2008-12-18 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 13:54 . 2006-10-24 03:47 -------- d-----w- c:\documents and settings\The_Club\Application Data\uTorrent
2010-03-30 21:56 . 2010-03-30 21:56 503808 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\msvcp71.dll
2010-03-30 21:56 . 2010-03-30 21:56 499712 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\jmc.dll
2010-03-30 21:56 . 2010-03-30 21:56 348160 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\msvcr71.dll
2010-03-30 21:56 . 2010-03-30 21:56 61440 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3d2906-n\decora-sse.dll
2010-03-30 21:56 . 2010-03-30 21:56 12800 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3d2906-n\decora-d3d.dll
2010-03-30 21:56 . 2010-03-30 21:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 21:55 . 2006-01-04 15:29 -------- d-----w- c:\program files\Java
2010-03-30 07:46 . 2010-01-04 02:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 02:51 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 11:28 . 2009-06-07 11:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 11:09 . 2005-08-16 10:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2005-08-16 10:18 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-01-04 15:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2005-08-16 10:18 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 10:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 10:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 16:55 . 2010-02-05 16:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 16:52 . 2006-01-15 05:59 38128 -c--a-w- c:\documents and settings\The_Club\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 03:10 . 2006-01-17 09:39 56 --sh--r- c:\windows\system32\6705259C80.sys
2007-11-21 03:10 . 2006-01-17 09:39 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-4 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [4/23/2006 11:40 AM 42944]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [4/23/2006 11:40 AM 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [4/23/2006 11:40 AM 8960]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [1/17/2006 1:41 AM 15576]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\The_Club\Application Data\Mozilla\Firefox\Profiles\me7sidcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\The_Club\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFML32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 15:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x86F0C8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf769ff28
\Driver\ACPI -> ACPI.sys @ 0xf7532cb8
\Driver\atapi -> atapi.sys @ 0xf74a9b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf739dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf738ca0d
SendHandler -> NDIS.sys @ 0xf73a0b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-04-30 15:42:23
ComboFix-quarantined-files.txt 2010-04-30 22:42

Pre-Run: 247,341,056 bytes free
Post-Run: 914,124,800 bytes free

- - End Of File - - A01CE38BA318C29B1D2E229906ECF867
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 1st, 2010, 12:01 am

NEW DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by The_Club at 21:00:47.39 on Fri 04/30/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.519 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The_Club\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\the_club\applic~1\mozilla\firefox\profiles\me7sidcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\the_club\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFML32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [2006-4-23 42944]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-4-23 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-4-23 8960]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-1-17 15576]

=============== Created Last 30 ================

2010-04-30 22:21:01 98816 ----a-w- c:\windows\sed.exe
2010-04-30 22:21:01 77312 ----a-w- c:\windows\MBR.exe
2010-04-30 22:21:01 256512 ----a-w- c:\windows\PEV.exe
2010-04-30 22:21:01 161792 ----a-w- c:\windows\SWREG.exe
2010-04-26 08:16:52 0 d-----w- C:\Trend Micro
2010-04-24 11:38:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 09:21:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-24 08:42:21 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-11-21 03:10:31 56 --sh--r- c:\windows\system32\6705259C80.sys
2007-11-21 03:10:34 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:01:05.53 ===============


NEW ATTACH LOG


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2006 7:57:47 PM
System Uptime: 4/30/2010 3:25:28 PM (6 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1994/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 0.871 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\35CD0D21344FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\35CD0D21344FC000
Service: NIC1394

==== System Restore Points ===================

RP919: 4/26/2010 1:48:21 AM - System Checkpoint
RP920: 4/30/2010 3:21:26 PM - ComboFix created restore point

==== Installed Programs ======================

7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Batch Image Resizer 2.65
Bonjour
Broadcom Management Programs 2
CCleaner
CDex extraction audio
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
ESPNMotion
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.5.1
Google AFE
Google Talk (remove only)
Google Toolbar for Internet Explorer
GoToMeeting 4.1.0.366
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 17
Laplink FileMover
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Otto
PC-Linq
PicViewer 2.74
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
RealTime Cookie & Cache Cleaner (RtC3)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD 1.1 final uninstall
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/25/2010 6:05:36 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 80509b81.
4/25/2010 3:38:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/24/2010 2:05:39 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEBCF420. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/23/2010 8:39:00 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/23/2010 11:24:00 PM, error: PSched [14103] - QoS [Adapter {D53037AC-3EC5-4349-B2D8-018458D6E4B4}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » May 1st, 2010, 6:44 am

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\program files\uTorrent
c:\documents and settings\The_Club\Application Data\uTorrent



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall Macromedia Flash Player.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 1st, 2010, 8:14 pm

Sorry about all the porn in the log. Wonder how I could have got infected in the first place :roll:

ComboFix 10-05-01.04 - The_Club 05/01/2010 16:48:54.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.690 [GMT -7:00]
Running from: c:\documents and settings\The_Club\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The_Club\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\The_Club\Application Data\uTorrent
c:\documents and settings\The_Club\Application Data\uTorrent\?????????.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\[TD]Melody Love.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\[TD]Melody Love.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\2 Hot Blondes.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\aip04.hq.00_all.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Alexis Love - 18yearsold.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\alina-and-rita.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Almost_Jailbait_1_Scene_1_b.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Amateur Hardcore Teens.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Amateur_BJ.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\AnalRape [www.ijustkilled.com].wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S04E09.Tuscany[cabra].mkv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S05E04.HDTV.Azores.[goat].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S05E05.HDTV.Chicago.[goat].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S05E08.HDTV.Disappearing.Manhattan.[goat].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S05E09.HDTV.Sri.Lanka.[goat].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S05E10.HDTV.Vietnam.[goat].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Anthony.Bourdain.No.Reservations.S06E20.HDTV.XviD-SYS.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\BBC.The.City.Addicted.to.Crystal.Meth.XviD.AC3.MVGroup.org.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E01.HDTV.XviD-SYS.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E01.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E02.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E04.HDTV.XviD-0TV.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E04.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E06.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E07.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E08.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S03E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S04E02.HDTV.XviD-2HD.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S04E03.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Big.Love.S04E04.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Bizarre Ride II.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Bored_Stiff-Explainin-Timeless-2008-FTD.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S01E01.DSR.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E01.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E04.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E07.Negro.Y.Azul.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E08.HDTV.XviD-DOT.[VTV].avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E08.HDTV.XviD-DOT.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E09.XviD-UnKnownSoldier.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E11.DSR.XviD-RRR.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Breaking.Bad.S02E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Bring Um Young 9.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Bring.Um.Young.27.Nicole.Ray.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cocaine.Cowboys.LIMITED.DVDSCR.XViD-maVenssupplieR.[www.torrentfive.com].torrent
c:\documents and settings\The_Club\Application Data\uTorrent\cocksmokers44sc16.mpg.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\college couple.mp4.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\columbian teen painful anal_crying babes.AVI.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S21E18.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S21E33.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E04.HDTV.XVID-BAJSKORV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E05.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E06.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E07.HDTV.XviD-CHGRP.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E08.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E09.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Cops.S22E10.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E01.HDTV.XviD-NoTV.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E02.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E03.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E04.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E05.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Curb.Your.Enthusiasm.S07E09.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\dare.dorm-my.turn.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\dare.dorm-our.secrets.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Dasha.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\De La Soul - Stakes Is High (1996).torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Del_The_Funky_Homosapien-Eleventh_Hour-2008-pLAN9.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\dht.dat
c:\documents and settings\The_Club\Application Data\uTorrent\dht.dat.old
c:\documents and settings\The_Club\Application Data\uTorrent\Dillon Lee.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Drunk girls fucking.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\drunkcouplefuckingb.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Ego.Trips.The.White.Rapper.Show.S01E01.DSR.XviD-OMiCRON.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Ego.Trips.The.White.Rapper.Show.S01E01.DSR.XviD-OMiCRON.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\entourage.0602.hdtv.xvid-notv.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\entourage.0611.hdtv.xvid-notv.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S04E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S04E05.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E02.RERIP.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E04.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E05.HDTV.XviD-aAF.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E06.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E07.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E08.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E11.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S05E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E03.HDTV.XviD-NoTV.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E05.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E06.PROPER.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E07.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E08.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E09.HDTV.XviD-NoTV.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E10.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E12.HDTV.XviD-NoTV.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Entourage.S06E12.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Evelyn Lin - 18yearsold.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Faces of Pain 3.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\fh18_holly.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Film a26 Drunken Teeny Fucked deep.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\FlashForward.S01E05.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\FlashForward.S01E06.HDTV.XviD-FEVER.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\GirlsGotCream - Keegan.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Green eyes big tits teen and Facial.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Green eyes big tits teen and Facial.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Haylee.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hells.Kitchen.US.S06E07.WS.PDTV.XviD-2HD.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hells.Kitchen.US.S06E08.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hells.Kitchen.US.S06E10.7.Chefs.Compete.WS.PDTV.XviD-FQM.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hells.Kitchen.US.S06E11.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hells.Kitchen.US.S06E13.4.WS.PDTV.XviD-CHGRP.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hieroglyphics-Over_Time-2007-FTD.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Hot Young 18yo Marilyn.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Its Always Sunny In Philadelphia-A Very Sunny Christmas 2009.DVDRip.XviD-WBZ.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Jay-Z - The Black Album (2003).torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Jenny Noel @ Karupspc..1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Jenny Noel @ Karupspc..torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Jenny.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\JohnPersons Comics.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Kiki Vidis - Just Over Eighteen 20.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Kitty - Daddy's Worst Nightmare 3 - by Bomkia.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Kitty Marie - Casting Couch Confessions 2.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Kristin.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Little Lexis - Amateur Anal Attempts - Cute Virgin.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Little Lupe 44 (hardcore).wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Little Lupe 7.mpeg.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\LittleLupe-TopAnalTeen1.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\LittleLupe-TopAnalTeen2.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\long_dong_craving1-3_big.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Make.Me.Creamy.4.XXX.Vouyer.Media.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\McKenzie Lee - Teen Sensations 10.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\melody is here to clean rod's pool.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Menace II Society.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Mindy Lee - 18yearsold.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Miss universe.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Modern Marvels - High voltage.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Molestky - Little White Chicks Big Black Monster Dicks 8.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Molestky - Little White Chicks Big Black Monster Dicks 8.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\nastya2_high.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\nubiles_luckey_hardcore_full.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\nubiles_marissa_hardcore_full.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\paola.mpeg.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Planet Asia - The Medicine.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Quasimoto - The Further Adventures of Lord Quas (2005).torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rayna - 18Eighteen Xtra 3(TD_Repost).avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Real school girl Sarah sex self video.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S04E01.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S04E02.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S04E06.WS.DSR.XviD-DIMENSION.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S04E09.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S04E13.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E02.HDTV.XviD-0TV.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E05.Sheila.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E06.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E08.HDTV.XviD-0TV.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E09.Thaw.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E10.Control.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E11.Mickey.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E12.Disease.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E13.Torch.HDTV.XviD-FQM.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E15.Initiation.HDTV.XviD-FQM.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E16.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E17.Lesbos.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E18.Carrot.HDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E18.Carrot.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E19.David.HDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E19.David.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E20.Zippo.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Rescue.Me.S05E21.Jump.HDTV.XviD-FQM.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\resume.dat
c:\documents and settings\The_Club\Application Data\uTorrent\resume.dat.old
c:\documents and settings\The_Club\Application Data\uTorrent\Roxy.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\rss.dat
c:\documents and settings\The_Club\Application Data\uTorrent\rss.dat.old
c:\documents and settings\The_Club\Application Data\uTorrent\RU.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Sasha.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\settings.dat
c:\documents and settings\The_Club\Application Data\uTorrent\settings.dat.old
c:\documents and settings\The_Club\Application Data\uTorrent\SfTJTLqn_no.reservations.607.hdtv.xvid-sys.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Soundpieces_ Da Antidote!.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Soundtrack - Menace II Society - & Bonus Tracks - 192kbps.rar.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\South.Park.S10E10.DSR.XviD-NoTV.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Southland.S01E04.HDTV.XviD-DOT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Southland.S02E01.Phase.Three.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Stolen Porn Videos - Danielle.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Survivorman 105 Canadian Arctic(Tv).torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Sweet_Kacey_Anal.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Tasia - Goo Girls 16.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Teen Jong-Anal.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Teen.Fucked.on.the.Beach.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\teen_couple.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\teenmegacum1.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Thainee - Schoolgirl Slut.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The best gift poutanakia.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The Roots - (1995) Do You Want More !!!.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The Wire S05E03.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The Wire S05E03.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The Wire S05E06.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The Wire Season 4.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Academy.S02E05.DSR.XviD-0TV.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Academy.S02E05.DSR.XviD-0TV.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Invention.of.Lying.2009.MERRY.XMAS.BDRip.XviD-iMBT.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E04.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E11.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E12.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E13.PROPER.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E15.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E19.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.S05E23.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.US.S04E09.HDTV.XviD-LOL.[MFD].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Office.US.S06E06.The.Lover.HDTV.XviD-FQM.[VTV].avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E04.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E05.PDTV.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E07.PDTV.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E08.PROPER.PDTV.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E09.PDTV.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S06E10.PDTV.XviD-JMT.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E01.DSR.XviD-0TV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E02.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E03.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E04.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E07.Bitches.Brew.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E08.Parricide.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E09.Moving.Day.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E10.Party.Line.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E11.Petty.Cash.PDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E11.Petty.Cash.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E12.Possible.Kill.Screen.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Shield.S07E13.Family.Meeting.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Sopranos.S06E18.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Sopranos.S06E19.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Wire.S04E11.DVDScr.XviD-OMiCRON.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Wire.S04E12.DVDSCR.XViD-iND.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The.Wire.S04E13.DVDScr.XviD-OMiCRON.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\THE_TALENTED_MR_RIPLEY.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The_Wire.S04E10.SCR.XviD-CRX.avi.1.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The_Wire.S04E10.SCR.XviD-CRX.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\The_Wire.S04E13.SCR.XviD-CRX.avi.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Tiffany Brookes - 18yearsold.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Tiny asian girl destroyed.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\UCLA.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\utorrent.lng
c:\documents and settings\The_Club\Application Data\uTorrent\Whale_Tail_2_Scene_2.Loretta.Lauren.wmv.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\XXX - Classic Porn - Deep Throat (Full Movie).rar.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Young Asian Cuties.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Young Stuff 5.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\Young.Stand.Up.Titties.2.Sindee Jennings.torrent
c:\documents and settings\The_Club\Application Data\uTorrent\YoungAnal.avi.torrent
c:\program files\uTorrent
c:\program files\uTorrent\8179-utorrent.39b3.dmp
c:\program files\WindowsUpdate

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-04-26 08:16 . 2010-04-26 08:17 -------- d-----w- C:\Trend Micro
2010-04-24 11:38 . 2010-04-25 21:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\program files\Alwil Software
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-24 08:42 . 2010-04-24 08:42 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 13:19 . 2008-12-18 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 21:56 . 2010-03-30 21:56 503808 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\msvcp71.dll
2010-03-30 21:56 . 2010-03-30 21:56 499712 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\jmc.dll
2010-03-30 21:56 . 2010-03-30 21:56 348160 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-312330dc-n\msvcr71.dll
2010-03-30 21:56 . 2010-03-30 21:56 61440 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3d2906-n\decora-sse.dll
2010-03-30 21:56 . 2010-03-30 21:56 12800 ----a-w- c:\documents and settings\The_Club\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3d2906-n\decora-d3d.dll
2010-03-30 21:56 . 2010-03-30 21:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 21:55 . 2006-01-04 15:29 -------- d-----w- c:\program files\Java
2010-03-30 07:46 . 2010-01-04 02:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 02:51 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 11:28 . 2009-06-07 11:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 11:09 . 2005-08-16 10:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2005-08-16 10:18 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-01-04 15:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2005-08-16 10:18 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 10:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 10:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 16:55 . 2010-02-05 16:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 16:52 . 2006-01-15 05:59 38128 -c--a-w- c:\documents and settings\The_Club\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 03:10 . 2006-01-17 09:39 56 --sh--r- c:\windows\system32\6705259C80.sys
2007-11-21 03:10 . 2006-01-17 09:39 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-4 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [4/23/2006 11:40 AM 42944]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [4/23/2006 11:40 AM 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [4/23/2006 11:40 AM 8960]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [1/17/2006 1:41 AM 15576]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\The_Club\Application Data\Mozilla\Firefox\Profiles\me7sidcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\The_Club\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFML32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 17:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x86F6D8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf769ff28
\Driver\ACPI -> ACPI.sys @ 0xf7532cb8
\Driver\atapi -> atapi.sys @ 0xf74a9b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf739dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf738ca0d
SendHandler -> NDIS.sys @ 0xf73a0b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Apoint\Apntex.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-05-01 17:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 00:10
ComboFix2.txt 2010-04-30 22:42

Pre-Run: 905,175,040 bytes free
Post-Run: 874,233,856 bytes free

- - End Of File - - D6B50834ADE8807DD6094EBCF8DF79FE
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 2nd, 2010, 12:10 am

KASPERSKY

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, May 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, May 01, 2010 22:24:58
Records in database: 4027239
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 74192
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:35:29


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

Selected area has been scanned.
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 2nd, 2010, 12:14 am

DDS




DDS (Ver_10-03-17.01) - NTFSx86
Run by The_Club at 21:11:20.96 on Sat 05/01/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.759 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\The_Club\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=M-M8rIllRtEK-ppEktgEHgY4Tyk
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\the_club\applic~1\mozilla\firefox\profiles\me7sidcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\documents and settings\the_club\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFML32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [2006-4-23 42944]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-4-23 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-4-23 8960]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-1-17 15576]

=============== Created Last 30 ================

2010-05-02 00:53:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-02 00:53:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 22:21:01 98816 ----a-w- c:\windows\sed.exe
2010-04-30 22:21:01 77312 ----a-w- c:\windows\MBR.exe
2010-04-30 22:21:01 256512 ----a-w- c:\windows\PEV.exe
2010-04-30 22:21:01 161792 ----a-w- c:\windows\SWREG.exe
2010-04-26 08:16:52 0 d-----w- C:\Trend Micro
2010-04-24 11:38:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-24 09:21:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-24 08:42:21 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-11-21 03:10:31 56 --sh--r- c:\windows\system32\6705259C80.sys
2007-11-21 03:10:34 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:12:40.53 ===============



ATTACH.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2006 7:57:47 PM
System Uptime: 5/1/2010 5:43:48 PM (4 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1994/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 0.568 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\35CD0D21344FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\35CD0D21344FC000
Service: NIC1394

==== System Restore Points ===================

RP919: 4/26/2010 1:48:21 AM - System Checkpoint
RP920: 4/30/2010 3:21:26 PM - ComboFix created restore point
RP921: 5/1/2010 5:16:12 PM - Removed Adobe Reader 7.0.8
RP922: 5/1/2010 5:23:38 PM - Installed Adobe Reader 9.3.
RP923: 5/1/2010 5:30:41 PM - Removed Macromedia Flash Player
RP924: 5/1/2010 5:37:38 PM - Removed Java DB 10.4.2.1
RP925: 5/1/2010 5:38:57 PM - Removed Java(TM) 6 Update 17
RP926: 5/1/2010 5:40:07 PM - Removed Java(TM) SE Development Kit 6 Update 17
RP927: 5/1/2010 5:53:05 PM - Installed Java(TM) 6 Update 20

==== Installed Programs ======================

7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Batch Image Resizer 2.65
Bonjour
Broadcom Management Programs 2
CCleaner
CDex extraction audio
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
ESPNMotion
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.5.1
Google AFE
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Laplink FileMover
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Otto
PC-Linq
PicViewer 2.74
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
RealTime Cookie & Cache Cleaner (RtC3)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD 1.1 final uninstall
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/28/2010 2:38:36 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/27/2010 2:29:01 AM, error: PSched [14103] - QoS [Adapter {D53037AC-3EC5-4349-B2D8-018458D6E4B4}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
4/25/2010 6:05:36 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 80509b81.
4/25/2010 3:38:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/24/2010 2:05:39 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEBCF420. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » May 2nd, 2010, 6:32 am

Hi,

Does the redirecting issue still occur? If yes, does it occur with both Internet Explorer and Firefox?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 2nd, 2010, 2:14 pm

Yes the issue still happens with Firefox. Although I have IE on my computer, I almost never use it.

When I click on a Google search result... let's say it's www.nike.com. I see that the status info on the bottom left will say

Waiting for www.nike.com to reply, then it will say something like, Transferring to 551.nike.com. The number variation is not always 551 but will be some mixture of numbers and letters.
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » May 3rd, 2010, 9:11 am

Hi,

Could you still try with IE even if it's not your primary browser? That way we can see if the problem is just with Firefox search results or if it affects both.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Ultimate86 » May 3rd, 2010, 7:32 pm

It doesn't appear that my Google search results in IE are redirecting. However, it is taking several seconds more than usual for pages to load on IE.
Ultimate86
Active Member
 
Posts: 13
Joined: April 26th, 2010, 4:22 am

Re: Google search redirects! Malwarebytes didn't fix it

Unread postby Blade81 » May 4th, 2010, 10:02 am

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe and wait for the process to finish.
3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware