Inactive [InActive] google redirect virus

hello everyone.

Recently every time I try to do a search using google and i click on a link it sends me to some completly different website usually an ad for some product. I use firefox mostly but it also happens when i use internet explorer. i have not tried using a anti virus or spyware program because whenever i try to download one the file is corrupted which i think might have something to do with whatever is causing the redirect.

If anyone knows a way to fix this problem please help me.

 

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 0:45:35.46 on Sun 04/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.133 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\3.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\3.bin\MWSSRCAS.DLL
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe "
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Power2GoExpress] NA
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 85.255.112.140,85.255.112.132
TCP: {F28D68C5-0694-4134-B40C-EA1AF027BD1E} = 85.255.112.140,85.255.112.132
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - c:\program files\schmap\schmap player\schmapdoclib.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dykswduu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-18 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-18 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-18 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-18 298264]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\55.tmp --> c:\windows\system32\55.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-30 29744]

=============== Created Last 30 ================

2009-04-18 19:15 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-04-18 18:49 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-18 18:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-18 18:49 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-18 18:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-18 18:39 <DIR> --d----- c:\program files\Sophos
2009-04-18 16:59 <DIR> --d----- c:\program files\AVG
2009-04-18 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-21 09:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-03-09 19:42 162,763 a------- c:\windows\hpoins28.dat
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 18:00 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2007-09-28 03:38 162 ac------ c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 0:46:02.78 ===============
DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2006 2:28:57 PM
System Uptime: 4/18/2009 6:37:58 PM (6 hours ago)

Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon(tm) 64 Processor 3700+ | CPU 1 | 2210/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 182 GiB total, 169.183 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.653 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP884: 1/19/2009 10:04:48 AM - System Checkpoint
RP885: 1/20/2009 10:32:56 AM - System Checkpoint
RP886: 1/21/2009 11:31:23 AM - System Checkpoint
RP887: 1/22/2009 12:31:22 PM - System Checkpoint
RP888: 1/23/2009 1:31:22 PM - System Checkpoint
RP889: 1/24/2009 1:47:19 PM - System Checkpoint
RP890: 1/25/2009 2:10:38 PM - System Checkpoint
RP891: 1/26/2009 2:42:19 PM - System Checkpoint
RP892: 1/27/2009 3:42:18 PM - System Checkpoint
RP893: 1/28/2009 3:43:24 PM - System Checkpoint
RP894: 1/29/2009 4:33:05 PM - System Checkpoint
RP895: 1/30/2009 4:42:20 PM - System Checkpoint
RP896: 1/31/2009 5:47:12 PM - System Checkpoint
RP897: 2/1/2009 6:38:13 PM - System Checkpoint
RP898: 2/2/2009 7:38:14 PM - System Checkpoint
RP899: 2/3/2009 8:12:37 PM - System Checkpoint
RP900: 2/4/2009 8:20:09 PM - System Checkpoint
RP901: 2/5/2009 8:37:02 PM - System Checkpoint
RP902: 2/6/2009 8:38:14 PM - System Checkpoint
RP903: 2/7/2009 2:57:37 PM - Software Distribution Service 3.0
RP904: 2/7/2009 3:31:02 PM - Software Distribution Service 3.0
RP905: 2/8/2009 3:56:35 PM - System Checkpoint
RP906: 2/9/2009 3:00:16 AM - Software Distribution Service 3.0
RP907: 2/10/2009 3:49:44 AM - System Checkpoint
RP908: 2/11/2009 3:00:22 AM - Software Distribution Service 3.0
RP909: 2/12/2009 3:13:24 AM - System Checkpoint
RP910: 2/13/2009 4:13:24 AM - System Checkpoint
RP911: 2/14/2009 5:14:31 AM - System Checkpoint
RP912: 2/15/2009 6:13:26 AM - System Checkpoint
RP913: 2/16/2009 7:13:27 AM - System Checkpoint
RP914: 2/17/2009 8:13:28 AM - System Checkpoint
RP915: 2/18/2009 9:13:28 AM - System Checkpoint
RP916: 2/19/2009 9:49:42 AM - System Checkpoint
RP917: 2/20/2009 9:54:07 AM - System Checkpoint
RP918: 2/21/2009 10:22:46 AM - System Checkpoint
RP919: 2/22/2009 11:47:17 AM - System Checkpoint
RP920: 2/23/2009 5:23:34 PM - System Checkpoint
RP921: 2/24/2009 5:27:05 PM - System Checkpoint
RP922: 2/25/2009 3:00:17 AM - Software Distribution Service 3.0
RP923: 2/26/2009 3:30:44 AM - System Checkpoint
RP924: 2/27/2009 3:31:49 AM - System Checkpoint
RP925: 2/28/2009 3:37:03 AM - System Checkpoint
RP926: 3/1/2009 4:30:43 AM - System Checkpoint
RP927: 3/2/2009 5:30:45 AM - System Checkpoint
RP928: 3/3/2009 6:30:44 AM - System Checkpoint
RP929: 3/4/2009 6:43:44 AM - System Checkpoint
RP930: 3/5/2009 7:30:46 AM - System Checkpoint
RP931: 3/6/2009 8:56:38 AM - System Checkpoint
RP932: 3/7/2009 9:27:42 AM - System Checkpoint
RP933: 3/8/2009 10:33:18 AM - System Checkpoint
RP934: 3/9/2009 11:26:34 AM - System Checkpoint
RP935: 3/10/2009 10:00:26 PM - System Checkpoint
RP936: 3/11/2009 10:00:45 PM - System Checkpoint
RP937: 3/12/2009 2:00:16 AM - Software Distribution Service 3.0
RP938: 3/13/2009 2:09:40 AM - System Checkpoint
RP939: 3/14/2009 2:10:46 AM - System Checkpoint
RP940: 3/15/2009 4:09:38 AM - System Checkpoint
RP941: 3/16/2009 5:09:40 AM - System Checkpoint
RP942: 3/17/2009 3:43:43 AM - Software Distribution Service 3.0
RP943: 3/18/2009 3:45:19 AM - System Checkpoint
RP944: 3/19/2009 4:45:20 AM - System Checkpoint
RP945: 3/20/2009 5:45:18 AM - System Checkpoint
RP946: 3/21/2009 6:45:20 AM - System Checkpoint
RP947: 3/22/2009 7:45:20 AM - System Checkpoint
RP948: 3/23/2009 8:45:20 AM - System Checkpoint
RP949: 3/24/2009 9:45:20 AM - System Checkpoint
RP950: 3/25/2009 10:45:23 AM - System Checkpoint
RP951: 3/26/2009 12:16:11 PM - System Checkpoint
RP952: 3/27/2009 12:45:24 PM - System Checkpoint
RP953: 3/28/2009 1:45:22 PM - System Checkpoint
RP954: 3/29/2009 1:46:29 PM - System Checkpoint
RP955: 3/30/2009 2:45:24 PM - System Checkpoint
RP956: 3/31/2009 3:45:24 PM - System Checkpoint
RP957: 4/1/2009 4:45:26 PM - System Checkpoint
RP958: 4/2/2009 4:50:53 PM - System Checkpoint
RP959: 4/3/2009 5:43:35 PM - System Checkpoint
RP960: 4/4/2009 6:43:35 PM - System Checkpoint
RP961: 4/5/2009 7:48:58 PM - System Checkpoint
RP962: 4/6/2009 8:47:15 PM - System Checkpoint
RP963: 4/7/2009 9:44:41 PM - System Checkpoint
RP964: 4/8/2009 10:32:59 PM - System Checkpoint
RP965: 4/9/2009 11:31:52 PM - System Checkpoint
RP966: 4/11/2009 12:31:54 AM - System Checkpoint
RP967: 4/12/2009 12:32:59 AM - System Checkpoint
RP968: 4/13/2009 1:31:54 AM - System Checkpoint
RP969: 4/13/2009 8:56:35 PM - Installed HP Product Assistant
RP970: 4/13/2009 8:57:24 PM - Removed HP Software Update
RP971: 4/13/2009 8:57:37 PM - Installed HP Update
RP972: 4/14/2009 9:14:49 PM - System Checkpoint
RP973: 4/15/2009 3:00:20 AM - Software Distribution Service 3.0
RP974: 4/18/2009 4:59:09 PM - Installed AVG Free 8.5
RP975: 4/18/2009 5:01:27 PM - Configured AVG Free 8.5
RP976: 4/18/2009 6:22:41 PM - Configured AVG Free 8.5
RP977: 4/18/2009 6:23:42 PM - Removed AVG Free 8.5
RP978: 4/18/2009 6:23:57 PM - Installed AVG Free 8.5

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AiO_Scan
AVG Free 8.5
Browser Address Error Redirector
BufferChm
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Digital Media Reader
DJ_AIO_03_F4200_Software_Min
DocProc
DVD Solution
eSupportQFolder
GdiplusUpgrade
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Deskjet F4200 All-In-One Driver 11.0 03
HP Extended Capabilities 5.3
HP Imaging Device Functions 5.3
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 2
K-Lite Codec Pack 3.4.5 Full
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.20)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver
My Web Search (My Fun Cards)
MySpaceIM
NVIDIA Drivers
palmOne
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Scan
ScannerCopy
Schmap 2.0 Beta
Screensavers Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Soft Data Fax Modem with SmartCP
SolutionCenter
Sophos Anti-Rootkit 1.3.1
Status
SureThing CD Labeler - Stomper Edition 32 bit
Toolbox
TrayApp
UMVPLStandalone
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Wireless Generation mCLASS:Sync
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/16/2009 7:07:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/15/2009 8:08:38 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MskService with arguments " " in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}
4/15/2009 8:06:55 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL. Reference error message: The operation completed successfully. .
4/15/2009 3:56:59 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced.
4/15/2009 3:56:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
4/15/2009 3:56:59 PM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2009 3:56:05 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
4/15/2009 3:56:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80U.DLL. Reference error message: The operation completed successfully. .
4/15/2009 3:56:05 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
4/15/2009 10:46:28 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0016173CA68F has been denied by the DHCP server 72.183.78.8 (The DHCP Server sent a DHCPNACK message).
4/15/2009 10:43:08 PM, error: Dhcp [1002] - The IP address lease 70.112.142.42 for the Network Card with network address 0016173CA68F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

Hi and welcome

Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.


Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.


Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Yes and press Enter Notes

1. If you use SpywareBlaster and/or IE-SPYAD it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.


NEXT**
Open double-click SmitfraudFix folder on your desktop

Select option #5 - "Search and Clean DNS Hijack" by typing 5 and pressing "Enter" to delete the rogue settings.

Follow the prompts and reboot if asked to do so.




Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================




Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



In your next reply post:
Smitfraud rapport.txt
Malwarebytes' Anti-Malware log
New HJT log

 

Due to inactivity this topic is closed.