Inactive [InActive] The Google Redirect Virus

Shaderone · 2009/04/26

Like most of the other people in these newer threads, I've recently been experiencing redirects when clicking on Google search result links. When they first started, I also got a serious issue with popups every few minutes. I started with a virus scan using AVG Free Edition, which resulted in no change. I moved on to Malwarebyte's Anti-Malware software, which eliminated the popups, but the redirects still remain. Do you guys have any tips for me? Here are my DDS results:

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jess at 12:11:33.56 on Sun 04/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.441 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\emMON.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Games\Electronic Arts\Warhammer Online - Age of Reckoning\WAR.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Jess\My Documents\Internet Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.16.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\ntunecmd.exe" perf "c:\documents and settings\jess\local settings\application data\nvidia corporation\ntune\profiles\Baseline.npe "
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe "
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\jess\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe "
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [emMON] emMON.exe
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [prnet] "c:\windows\system32\prnet.tmp "
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
StartupFolder: c:\docume~1\jess\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\jess\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.16.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186335651718
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://t1.battlefield-heroes.com/patcher/westpatcher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {E9B70F6A-5682-4391-9F08-0A4585F9F0E8} = 64.59.144.16,64.59.144.17
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\beyewowa.dll c:\windows\system32\kavunize.dll c:\windows\system32\jimekaju.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\beyewowa.dll c:\windows\system32\kavunize.dll c:\windows\system32\jimekaju.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jess\applic~1\mozilla\firefox\profiles\7b99gmai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\documents and settings\jess\application data\mozilla\firefox\profiles\7b99gmai.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\jess\application data\mozilla\firefox\profiles\7b99gmai.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\jess\application data\mozilla\firefox\profiles\7b99gmai.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\jess\application data\mozilla\firefox\profiles\7b99gmai.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\jess\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.121.17\npGoogleOneClick.dll
FF - plugin: c:\program files\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.11);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-1 298264]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-6-4 1051136]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-4-3 364008]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-8-7 22784]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-2-15 33256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-25 38496]
S2 gupdate;Google Update Service;c:\program files\google\update\GoogleUpdate.exe [2008-7-16 133104]
S3 DADriv1;DADriv1;\??\c:\documents and settings\jess\desktop\da engine\dak32.sys --> c:\documents and settings\jess\desktop\da engine\DAK32.sys [?]

=============== Created Last 30 ================

2009-04-25 18:36 <DIR> --d----- c:\program files\Zeno Clash
2009-04-25 17:44 <DIR> --d----- c:\docume~1\jess\applic~1\Noteworthy Software
2009-04-25 17:44 <DIR> --d----- c:\program files\Noteworthy Software
2009-04-25 15:20 <DIR> --d----- c:\docume~1\jess\applic~1\Malwarebytes
2009-04-25 15:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-25 15:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 15:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-25 15:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-25 01:27 1,398,506 ---sh--- c:\windows\system32\ohimurud.ini
2009-04-24 18:40 <DIR> --d----- c:\docume~1\jess\applic~1\pidle
2009-04-24 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-04-24 17:12 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-04-24 17:12 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-23 17:24 <DIR> --d----- c:\docume~1\jess\applic~1\DAEMON Tools Lite
2009-04-23 16:49 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-04-23 07:30 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-20 20:04 <DIR> --d----- c:\program files\Hamachi
2009-04-19 03:23 <DIR> --d----- c:\program files\VS Revo Group
2009-04-18 13:16 <DIR> --d----- c:\docume~1\jess\applic~1\BitDefender
2009-04-17 00:42 1,798,144 ac------ c:\windows\system32\dllcache\qedit.dll
2009-04-17 00:42 733,184 ac------ c:\windows\system32\dllcache\qedwipes.dll
2009-04-17 00:42 470,528 ac------ c:\windows\system32\dllcache\qdvd.dll
2009-04-17 00:42 324,096 ac------ c:\windows\system32\dllcache\mswebdvd.dll
2009-04-17 00:42 316,928 ac------ c:\windows\system32\dllcache\qdv.dll
2009-04-17 00:42 257,024 ac------ c:\windows\system32\dllcache\qcap.dll
2009-04-17 00:42 13,312 ac------ c:\windows\system32\dllcache\msdmo.dll
2009-04-17 00:42 12,288 a------- c:\windows\system32\ksolay.ax
2009-04-16 11:42 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 11:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 11:42 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 11:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 11:42 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 11:42 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 11:42 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 11:42 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 11:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 11:41 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 11:41 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 11:41 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-06 20:20 <DIR> --d----- c:\program files\Acoustica Shared Effects
2009-04-06 20:18 <DIR> --d----- c:\docume~1\jess\applic~1\Ableton
2009-04-06 20:17 <DIR> --d----- c:\program files\Ableton
2009-04-06 00:14 <DIR> --d----- c:\program files\common files\Digidesign
2009-04-06 00:14 <DIR> --d----- c:\program files\common files\Native Instruments
2009-04-06 00:14 <DIR> --d----- c:\program files\Native Instruments
2009-04-05 23:10 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-04-05 23:10 368,640 a------- c:\windows\system32\ReWire.dll
2009-04-05 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Propellerhead Software
2009-04-05 23:06 <DIR> --d----- c:\docume~1\jess\applic~1\Propellerhead Software
2009-04-05 23:03 <DIR> --d----- c:\program files\Propellerhead
2009-04-01 17:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-01 17:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-01 17:43 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-01 17:43 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-31 20:40 81,984 a------- c:\windows\system32\bdod.bin
2009-03-31 20:33 850 a------- c:\windows\system32\ProductTweaks.xml
2009-03-31 20:33 385 a------- c:\windows\system32\user_gensett.xml
2009-03-31 20:24 <DIR> --d----- c:\windows\system32\logs
2009-03-31 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-03-31 20:16 <DIR> --d----- c:\program files\common files\BitDefender
2009-03-29 23:12 <DIR> --d----- c:\program files\AutoGK
2009-03-29 09:47 <DIR> --d----- c:\windows\Logs

==================== Find3M ====================

2009-04-23 17:24 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-20 20:04 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-04-03 11:18 33,256 a------- c:\windows\system32\drivers\hssdrv.sys
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 20:40 103,280 a------- c:\docume~1\jess\applic~1\GDIPFONTCACHEV1.DAT
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2008-07-08 00:30 0 a------- c:\documents and settings\jess\jagex_runescape_preferences.dat
2008-06-05 00:33 197 a--sh--- c:\program files\common files\maxtreme.dat
2007-10-09 19:48 22,328 a------- c:\docume~1\jess\applic~1\PnkBstrK.sys
2006-05-03 02:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 03:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-09-08 03:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 12:12:29.15 ===============

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/4/2007 8:02:28 PM
System Uptime: 4/25/2009 3:27:38 PM (21 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N32-E SLI PLUS
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2399/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 279 GiB total, 63.69 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 279 GiB total, 17.077 GiB free.
F: is CDROM (CDFS)
H: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Jess Phone
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Jess Phone
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP907: 4/15/2009 8:01:10 AM - System Checkpoint
RP908: 4/16/2009 8:01:55 AM - System Checkpoint
RP909: 4/17/2009 12:41:55 AM - Installed DirectX
RP910: 4/17/2009 8:02:14 AM - Avg8 Update
RP911: 4/18/2009 8:40:41 AM - System Checkpoint
RP912: 4/18/2009 12:58:54 PM - Software Distribution Service 3.0
RP913: 4/18/2009 1:43:34 PM - Removed Creative Media Toolbox
RP914: 4/18/2009 1:43:41 PM - Removed Creative Auto Tag Cleaner
RP915: 4/18/2009 1:43:51 PM - Removed Creative Zen Vision
RP916: 4/20/2009 1:14:10 AM - System Checkpoint
RP917: 4/21/2009 7:55:49 AM - System Checkpoint
RP918: 4/21/2009 6:14:03 PM - Software Distribution Service 3.0
RP919: 4/22/2009 9:55:34 PM - System Checkpoint
RP920: 4/22/2009 11:33:18 PM - Removed Studio 11 Bonus DVD
RP921: 4/22/2009 11:48:44 PM - Configured VeohTV BETA
RP922: 4/23/2009 5:24:35 PM - SPTD setup V1.58
RP923: 4/24/2009 4:55:09 PM - Software Distribution Service 3.0
RP924: 4/24/2009 5:57:22 PM - Software Distribution Service 3.0
RP925: 4/24/2009 11:25:42 PM - Installed Battlefield 1942 Multiplayer Demo
RP926: 4/25/2009 1:01:16 AM - Software Distribution Service 3.0
RP927: 4/26/2009 1:32:27 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
4200
4200_Help
4200Tour
4200Trb
AAC Decoder
Acoustica Beatcraft
Acoustica CD/DVD Label Maker
Acoustica Effects Pack
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Common File Installer
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advertisement Service
AGEIA PhysX v7.09.13
AiO_Scan
AIOMinimal
AiOSoftware
AnalogX Vocal Remover (WinAmp)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ASIO4ALL
Audacity 1.3.3 (Unicode)
Auto Gordian Knot 2.55
AutoUpdate
AVG 8.5
AviSynth 2.5
Battlefield 1942 Multiplayer Demo
Battlefield Heroes (JESS\Jess)
BIAS SoundSoap PE 2.1
Bonjour
CCleaner (remove only)
Collab
Combined Community Codec Pack 2008-01-24
Copy
Counter-Strike: Source
Creative Removable Disk Manager
Creative System Information
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Creative ZEN Vision W
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.11
DAEMON Tools Toolbar
Day of Defeat: Source
Defraggler (remove only)
Director
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
Drum Machine 1.19
DScaler 4.1.15
DVD Shrink 3.2
Ease MIDI Converter 1.30
Fax
ffdshow [rev 2054] [2008-07-27]
FirstClass
FL Studio 8
Fraps (remove only)
Free 3GP Video Converter version 3.1
Futuremark SystemInfo
GameSpy Comrade
Garry's Mod
GCFScape 1.6.6
GoldWave v5.20
Google Chrome
Google Earth Pro
Google Gears
Google Update Helper
GrabIt 1.7.1 Beta (build 960)
Guild Wars
Guitar Hero III
H.264 Decoder
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Hamachi 1.0.3.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotspot Shield 1.14
House Of Cards Screen Saver
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
IL Download Manager
ImgBurn
InstantShare
ISOBURN 1.8
IsoBuster 2.1
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 3.8.0 Basic
Lame ACM MP3 Codec
Last.fm 1.5.4.24567
Left 4 Dead
Left 4 Dead Dedicated Server
LGP Details Property Sheet
LightScribe System Software 1.12.37.1
Linksys Wireless-G PCI Adapter
Live 7.0.3
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.97
Malwarebytes' Anti-Malware
MaxMSP 4.6.2
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
MIDI Yoke
MidiIllustrator Maestro v1.01
mIRC
MKV Splitter
Mozilla Firefox (3.0.9)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Native Instruments Kontakt 3
Nokia Connectivity Cable Driver
Nokia PC Suite
NoteWorthy Composer 2
NVIDIA Drivers
NVIDIA nTune
ObjectDock
Overland
PC Connectivity Solution
PhotoGallery
Photoshop Camera Raw
Pinnacle Instant DVD Recorder
PoiZone
Portal
PowerISO
PrintScreen
Project64 1.6
QFolder
QuickProjects
QuickTime
Razer DeathAdder(TM) Mouse
Readme
RealPlayer
Reason 4.0
Revo Uninstaller 1.80
Riva FLV Encoder 2.0
RivaTuner v2.24
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sierra Utilities
SkinsHP1
SkinsHP2
SmartSound Quicktracks for Premiere Elements
Songsmith
SoundMAX
Source SDK
Source SDK Base
Source SDK Base - Orange Box
Starcraft
Steam
Studio 11
Studio Ultimate
Suite Shared Configuration CS4
SUPER © Version 2007.bld.23 (July 4, 2007)
System Requirements Lab
Team Fortress 2
Team Fortress Classic
The Battle for Middle-earth (tm) II
TortoiseSVN 1.5.1.13563 (32 bit)
Toxic Biohazard
TrayApp
UltraEdit 14.10
Uninstall 1.0.0.1
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
VTFEdit 1.2.4
Warhammer Online - Age of Reckoning
WebcamMax
WebFldrs XP
WebReg
Wii Media Center X 0.92
Wii Video 9 2.25
Winamp
WinDirStat 1.1.2
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Service Pack 3
winpwn 2.0.0.3
WinRAR archiver
WinZip 11.1
XBList
Xbox 360 Controller for Windows
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Desktop Login
ZENcast Organizer

==== End Of File ===========================

Juliet · 2009/05/07

Hi and welcome.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

Click on Tools.

Select Advanced.

In the left hand pane, scroll down to "Resident Shield ".

In the main pane, deselect the option to "Enable Resident Shield. "
To re-enable AVG 8, please select "Enable Resident Shield" again.

Click to expand...

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

** Please Note:
At times ComboFix may appear to stall, please be patient.

When finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

Log in or Sign up

Inactive [InActive] The Google Redirect Virus

Shaderone Inactive Thread Starter

Juliet Well-Known Member

Share This Page

Log in or Sign up

Inactive [InActive] The Google Redirect Virus

Shaderone Inactive Thread Starter

Juliet Well-Known Member

Share This Page

Useful Searches