Solved Windows 7 Google Redirect

yugao · 2011/05/23

Ok sounds like a plan. Thanks again for all your help!!!

Admin. · 2011/05/23

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

yugao · 2011/05/23

great! thanks for the info.

broni · 2011/05/23

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
O30 - LSA: Security Packages - (ce) - File not found
O30 - LSA: Security Packages - (V1) - File not found
O30 - LSA: Security Packages - (㺫ᦼ晏楦散㈱) - File not found
O30 - LSA: Security Packages - (>뻯㱻㈏㺫ᦼ*) - File not found
O30 - LSA: Security Packages - (쎒) - File not found
O30 - LSA: Security Packages - () - File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/05/19 23:47:42 | 000,012,340 | -HS- | M] () -- C:\Users\Eddie\AppData\Local\3wi85bql8bp08d3y5
[2011/05/19 23:47:42 | 000,012,340 | -HS- | M] () -- C:\ProgramData\3wi85bql8bp08d3y5
[2011/05/19 18:23:41 | 000,000,120 | ---- | C] () -- C:\Users\Eddie\AppData\Local\Nlumesum.dat
[2011/05/19 18:23:41 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Local\Xxeseqonofaj.bin
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D06A4C76

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
======================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

yugao · 2011/05/23

uhoh, after I ran OTL with the fix, it asked me to reboot, which I did. When the login screen comes up, I cannot log in. When I type in my password, an error message shows: "the RPC server is unavailable ". then after a few min, it automatically reboots again. This cycle continues...

broni · 2011/05/23

Try "Last Known Good Configuration ">

yugao · 2011/05/23

For some reason, when my computer restarts, I can't go in to advanced boot options with F8. It's like my computer does not register the key presses.

I also tried to force shut down my computer, and when Windows error recovery comes up, my keyboard seems disabled. I cannot press up or down arrows to select which boot to use. So it just waited 30 seconds and booted normally.

yugao · 2011/05/23

well nevermind, that was stupid of me, I checked my bios again and realized that I didn't enable USB Legacy Support. I am now trying last known good configuration.

yugao · 2011/05/23

Ok, I can log in now. I have the OTL Log that I will post below. Should I continue with the last 2 scans in your previous post?

OTL Log:

All processes killed
========== OTL ==========
Service ALSysIO stopped successfully!
Service ALSysIO deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:V1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:㺫ᦼ晏楦散㈱ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:>뻯㱻㈏㺫ᦼ* deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:쎒 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Eddie\AppData\Local\3wi85bql8bp08d3y5 moved successfully.
C:\ProgramData\3wi85bql8bp08d3y5 moved successfully.
C:\Users\Eddie\AppData\Local\Nlumesum.dat moved successfully.
C:\Users\Eddie\AppData\Local\Xxeseqonofaj.bin moved successfully.
ADS C:\ProgramData\TEMP06A4C76 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eddie
->Temp folder emptied: 2019045 bytes
->Temporary Internet Files folder emptied: 14081945 bytes
->Java cache emptied: 9291352 bytes
->FireFox cache emptied: 89448301 bytes
->Flash cache emptied: 505554 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Eddie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_165533

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

yugao · 2011/05/23

Ok I did the last three things on your list earlier.

Security Check Log:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET NOD32 Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java DB 10.5.3.0
Java(TM) 6 Update 25
Java(TM) SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.3.181.14
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

BitDefender Log:

QuickScan Beta 32-bit v0.9.9.93
-------------------------------
Scan date: Mon May 23 17:42:26 2011
Machine ID: 8635FF30

No infection found.
-------------------

Processes
---------
(unsigned) mysqld.exe 1876 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

(verified) AMD External Events 1268 C:\Windows\System32\atieclxx.exe
(verified) Bonjour 1784 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) ESET Smart Security 1016 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(verified) ESET Smart Security 1812 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(verified) Firefox 3736 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 572 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 2620 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) GrooveMonitor Utility 3260 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Logitech Webcam Software 1104 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(verified) Microsoft SQL Server 1928 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(verified) Microsoft SQL Server 1960 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(verified) Microsoft SQL Server 1856 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(verified) Microsoft® Windows® Operating System 3696 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 3072 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 412 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 516 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 2688 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 568 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 576 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 552 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 284 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1624 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 976 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2008 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2604 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1072 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1244 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1460 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1656 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 748 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 828 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3856 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 4016 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2696 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 504 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 684 C:\Windows\System32\winlogon.exe
(verified) MobileDeviceService 1748 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) Windows® Search 3604 C:\Windows\System32\SearchIndexer.exe

Network activity
----------------
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.199
Process firefox.exe (3736) connected on port 80 (HTTP) --> 184.24.29.229
Process firefox.exe (3736) connected on port 443 (HTTP over SSL) --> 69.63.181.12
Process firefox.exe (3736) connected on port 80 (HTTP) --> 204.11.109.22
Process firefox.exe (3736) connected on port 80 (HTTP) --> 24.143.203.42
Process firefox.exe (3736) connected on port 80 (HTTP) --> 24.143.207.241
Process firefox.exe (3736) connected on port 80 (HTTP) --> 24.143.207.17
Process firefox.exe (3736) connected on port 80 (HTTP) --> 24.143.207.241
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.186
Process firefox.exe (3736) connected on port 80 (HTTP) --> 24.143.203.19
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.127.96
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.127.96
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.127.96
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.127.96
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.186
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.186
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.186
Process firefox.exe (3736) connected on port 80 (HTTP) --> 66.235.142.20
Process firefox.exe (3736) connected on port 80 (HTTP) --> 74.125.224.199

Process wininit.exe (504) listens on ports: 49152 (RPC)
Process services.exe (552) listens on ports: 49155 (RPC)
Process lsass.exe (568) listens on ports: 49156 (RPC)
Process svchost.exe (828) listens on ports: 135 (RPC)
Process svchost.exe (976) listens on ports: 49153 (RPC)
Process svchost.exe (1072) listens on ports: 49154 (RPC)
Process mysqld.exe (1876) listens on ports: 3306 (MySQL)
Process wmpnetwk.exe (3696) listens on ports: 554 (RTSP)

Autoruns and critical files
---------------------------
(unsigned) MSIAfterburner C:\Program Files\MSI Afterburner\MSIAfterburner.exe

(verified) Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
(verified) AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
(unsigned) ijji Optimizer Application C:\Windows\Downloaded Program Files\ijjiOptimizer.exe
(unsigned) ijjiPCPlugin C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll
(unsigned) Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
(verified) Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) BitDefender QuickScan C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\7p0qz8lv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Contribute c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll
(verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
(verified) DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
(verified) DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
(verified) Java Deployment Toolkit 6.0.250.6 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U25 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
(verified) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(verified) NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
(verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files
-------------
File not found: ICO.EXE
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ "Mouse Suite 98 Daemon "

File not found: KHALMNPR.EXE
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ "Kernel and Hardware Abstraction Layer "

Scan
----
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) MD5: 143a396c5a8a4288787ac4628d70c0ac C:\Program Files\MSI Afterburner\MSIAfterburner.exe
(unsigned) MD5: 2c293f0f3295a599fb50d8fcf1fa6ded C:\Program Files\MSI Afterburner\RTCore32.sys
(unsigned) MD5: 406343dab6c8be18958965a78d2adb01 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(unsigned) MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
(unsigned) MD5: 9956cb0a1a1c8886a956efaa3bbd6ff0 C:\Windows\Downloaded Program Files\ijjiOptimizer.exe
(unsigned) MD5: e16b129afb492be9733cae06ed8c8a03 C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll
(unsigned) MD5: 3f941d0d4a09b7649a91d7f57f92ebb1 C:\Windows\system32\GameMon.des
(unsigned) MD5: 16f3bb89525ee0a857923e63206409d9 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll
(unsigned) MD5: e983dc6a5c218016252af33b6ca6bfcb C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfc80u.dll

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.09 MB sent, 2.18 KB recvd
Scanned 1522 files and modules - 25 seconds

==============================================================================

broni · 2011/05/23

You scared me to death.....LOL

Uninstall:
Java(TM) SE Development Kit 6 Update 20
Java DB 10.5.3.0
(unless you're Java developer).

=======================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

yugao · 2011/05/23

I got scared to death also! Anyways, Thanks for all you help. I don't know what I would have done! Thanks for spending so much time and suggesting me with more security programs! You're the best.

I installed all the suggested programs and my computer is running perfectly fine.

Thanks again,
Eddie

OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eddie
->Temp folder emptied: 5903 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18148149 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Eddie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_175100

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/05/23

Well done

Good luck and stay safe

Log in or Sign up

Solved Windows 7 Google Redirect

yugao Inactive Thread Starter

Admin. Administrator Administrator Staff

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Windows 7 Google Redirect

yugao Inactive Thread Starter

Admin. Administrator Administrator Staff

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches