Avast WEBforum

Other => Viruses and worms => Topic started by: Shayleigh on November 30, 2010, 08:45:12 AM

Title: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on November 30, 2010, 08:45:12 AM

It started last week 2 days after we got out computer back from the computer Dr. for some fake virus protection spywear program. I was using google and it kept redirecting me to other search sites. It was frustrating me so I looked on Yahoo and it seems to fit the symptoms. I basically know how to use the computer and internet but I kinda get lost when you get into the real technical stuff. Every site has a different method to get rid of it. Almost everyone requires downloading something. I don't know which to trust. What do I do? ??? Please help!

Susie

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Asyn on November 30, 2010, 09:01:55 AM

Quote from: Shayleigh on November 30, 2010, 08:45:12 AM

I don't know which to trust. What do I do? ??? Please help!
Susie

If you trust us, we will help you... ;)
asyn

Title: Re: I think I have the Google redirect virus what do I do?
Post by: mikaelrask on November 30, 2010, 09:34:18 AM

welcome to the forum. lets see if we can solve the problem for you.

i suggest you download, install, update and run a scan with malwarebytes antimalware.

http://www.malwarebytes.org/mbam.php

remove whats it finds. reboot of your system might be necessary.

let us know how it goes and good luck.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Tenko on November 30, 2010, 03:04:16 PM

Hey and Welcome Shayleigh!

Download malwarebyes as it was suggested by others and run it in safe mode, not all malware will be active then, by pressing F8 when the computer boots.

If nothing helps try with boot scan from Avast.

Regards,
Tenko

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 01, 2010, 06:49:12 AM

Nope. I did the scan in safe mode and Google is still redirecting.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: mikaelrask on December 01, 2010, 09:55:19 AM

did malwarebytes detects something? please post the result of the malwarebytes scan.

another suggestion is to scan with superantispyware.

http://www.superantispyware.com/

sometimes it detects things malwarebyes don't an vice versa.

if that should not solve your problem scan with trend micros hijack this and post the result here so we can try to find problem through there.

when i was google the malware i found removeing guide of your malware and it also suggest A-squared as another tool to remove it.

good luck and keep us notified on how it goes.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: SafeSurf on December 01, 2010, 10:10:12 AM

Hello Shayleigh,

If you are still be redirected and unable to run an MBAM scan, then you have some problems. As long as you can get on this forum, please check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0).

Follow the directions for obtaining the OTL logs (you can click on it from the forum to download it from this site). Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine if possible to check email, sync your phone, etc.

***Please do not make any further changes to your machine after you have provided the logs.***

Let me know if you have any questions. Thank you.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 01, 2010, 07:02:35 PM

Quote from: mikaelrask on December 01, 2010, 09:55:19 AM

did malwarebytes detects something? please post the result of the malwarebytes scan.

another suggestion is to scan with superantispyware.

http://www.superantispyware.com/

sometimes it detects things malwarebyes don't an vice versa.

if that should not solve your problem scan with trend micros hijack this and post the result here so we can try to find problem through there.

when i was google the malware i found removeing guide of your malware and it also suggest A-squared as another tool to remove it.

good luck and keep us notified on how it goes.

I'm kinda technically illiterate, so be patient with me. Are trend micros hijack and A-squared other scanning programs and can I have multiple programs in use on my computer? Thank you for the help.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 01, 2010, 07:19:11 PM

Quote from: SafeSurf on December 01, 2010, 10:10:12 AM

Hello Shayleigh,

If you are still be redirected and unable to run an MBAM scan, then you have some problems. As long as you can get on this forum, please check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0).

Follow the directions for obtaining the OTL logs (you can click on it from the forum to download it from this site). Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine if possible to check email, sync your phone, etc.

***Please do not make any further changes to your machine after you have provided the logs.***

Let me know if you have any questions. Thank you.

I DO run the virus and malware scan every night. The virus scan found a few things I deleted but the malware found none. I think the yahoo search is beginning to redirect too. I'm reluctant to search too often as I fear it might progress the problem or something. I'm downloading that OTL file you told me about.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Gargamel360 on December 01, 2010, 07:35:58 PM

Quote from: Shayleigh on December 01, 2010, 07:02:35 PM

I'm kinda technically illiterate, so be patient with me. Are trend micros hijack and A-squared other scanning programs and can I have multiple programs in use on my computer? Thank you for the help.

What you want to avoid (especially if you are technically illiterate) is more than one on-access scanner.>>http://en.wikipedia.org/wiki/Real-time_protection (http://en.wikipedia.org/wiki/Real-time_protection)

You can have as many on-demand scanners as you like. Just avoid scanning with them at the same time. HijackThis is on-demand. I think A2 can be installed as on-demand also but I'm not positive about that one.

Lucky for you, Avast! forums have Essexboy on-demand. I would follow Safesurf's posted instructions below, if I where in your situation.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: essexboy on December 01, 2010, 09:20:14 PM

Hi Susie - looks like the repair guys did not do a proper job.. I have two programmes for you to download and run.. The first is a fixing tool and the second an analysis log for me to peruse

Please read carefully and follow these steps.

Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

(http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png)
If an infected file is detected, the default action will be Cure, click on Continue.

(http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png)
If a suspicious file is detected, the default action will be Skip, click on Continue.

(http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png)
It may ask you to reboot the computer to complete the process. Click on Reboot Now.

(http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png)
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

.
THEN

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach all logs to your next post please (it may take two or three posts)

Title: Re: I think I have the Google redirect virus what do I do?
Post by: mikaelrask on December 05, 2010, 05:52:28 PM

Quote from: Shayleigh on December 01, 2010, 07:02:35 PM

Quote from: mikaelrask on December 01, 2010, 09:55:19 AM
did malwarebytes detects something? please post the result of the malwarebytes scan.

another suggestion is to scan with superantispyware.

http://www.superantispyware.com/

sometimes it detects things malwarebyes don't an vice versa.

if that should not solve your problem scan with trend micros hijack this and post the result here so we can try to find problem through there.

when i was google the malware i found removeing guide of your malware and it also suggest A-squared as another tool to remove it.

good luck and keep us notified on how it goes.

I'm kinda technically illiterate, so be patient with me. Are trend micros hijack and A-squared other scanning programs and can I have multiple programs in use on my computer? Thank you for the help.

yes you can use those programs with avast.yeah hijack is a tool that will show what files you have one your computer and from there we should be able to check for the problem that is troubling your computer. a Squard was a tool that I found when I goggle your problem.it was a recommended tool that could solve the problem, but would recommend you use the tools Essexbox suggested.

I'm sorry if my previous post was unclear to you.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: SafeSurf on December 06, 2010, 09:50:50 AM

Quote from: mikaelrask on December 05, 2010, 05:52:28 PM

but would recommend you use the tools Essexbox suggested.

Quote from: SafeSurf on December 01, 2010, 10:10:12 AM

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine if possible to check email, sync your phone, etc.

***Please do not make any further changes to your machine after you have provided the logs.***

It has been a while since you have been on the forum and I had already referred you to Essexboy, our Certified Malware Expert. Please follow his instructions for your malware removal. Thank you.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 12:57:49 PM

Sorry for the delayed response. My mother insisted on taking the computer back tot he Dr. but they returned it without fixing the problem. I assure you we are not making it up, every time we type anything in google and now yahoo it directs you to a random shopping site.

Here are the documents you requested. I hope I did them right. Thanks for the help.

2010/12/07 05:06:55.0176   TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/07 05:06:55.0176   ================================================================================
2010/12/07 05:06:55.0176   SystemInfo:
2010/12/07 05:06:55.0176
2010/12/07 05:06:55.0176   OS Version: 5.1.2600 ServicePack: 3.0
2010/12/07 05:06:55.0176   Product type: Workstation
2010/12/07 05:06:55.0176   ComputerName: JAKUBEK
2010/12/07 05:06:55.0176   UserName: Home
2010/12/07 05:06:55.0176   Windows directory: C:\WINDOWS
2010/12/07 05:06:55.0176   System windows directory: C:\WINDOWS
2010/12/07 05:06:55.0176   Processor architecture: Intel x86
2010/12/07 05:06:55.0176   Number of processors: 2
2010/12/07 05:06:55.0176   Page size: 0x1000
2010/12/07 05:06:55.0176   Boot type: Normal boot
2010/12/07 05:06:55.0176   ================================================================================
2010/12/07 05:06:55.0551   Initialize success
2010/12/07 05:06:57.0941   ================================================================================
2010/12/07 05:06:57.0941   Scan started
2010/12/07 05:06:57.0941   Mode: Manual;
2010/12/07 05:06:57.0941   ================================================================================
2010/12/07 05:07:01.0160   Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/07 05:07:01.0254   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/07 05:07:01.0316   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/07 05:07:01.0363   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/07 05:07:01.0410   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/07 05:07:01.0488   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/07 05:07:01.0551   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/07 05:07:01.0598   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/07 05:07:01.0676   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/07 05:07:01.0754   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/07 05:07:01.0816   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/07 05:07:01.0894   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/07 05:07:01.0957   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/07 05:07:02.0019   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/07 05:07:02.0066   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/07 05:07:02.0129   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/07 05:07:02.0207   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/07 05:07:02.0254   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/07 05:07:02.0316   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/07 05:07:02.0363   ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/07 05:07:02.0426   aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/07 05:07:02.0473   aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/07 05:07:02.0535   aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/07 05:07:02.0566   aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/07 05:07:02.0598   aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/07 05:07:02.0676   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/07 05:07:02.0723   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/07 05:07:02.0785   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/07 05:07:02.0863   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/07 05:07:02.0941   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/07 05:07:03.0004   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/07 05:07:03.0035   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/07 05:07:03.0098   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/07 05:07:03.0144   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/07 05:07:03.0223   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/07 05:07:03.0269   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/07 05:07:03.0332   cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/07 05:07:03.0441   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/07 05:07:03.0504   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/07 05:07:03.0582   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/07 05:07:03.0660   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/07 05:07:03.0738   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/07 05:07:03.0801   DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/12/07 05:07:03.0832   DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/07 05:07:03.0894   DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/07 05:07:03.0941   DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/12/07 05:07:04.0004   DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/07 05:07:04.0051   DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/07 05:07:04.0113   DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/07 05:07:04.0176   DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/12/07 05:07:04.0223   DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/07 05:07:04.0254   DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/07 05:07:04.0348   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/07 05:07:04.0488   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/07 05:07:04.0551   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/07 05:07:04.0629   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/07 05:07:04.0738   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/07 05:07:04.0848   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/07 05:07:04.0910   DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/07 05:07:04.0957   DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:01:46 PM

2010/12/07 05:07:05.0066   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/07 05:07:05.0160   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/07 05:07:05.0207   E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/07 05:07:05.0316   e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/07 05:07:05.0535   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/07 05:07:05.0566   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/07 05:07:05.0598   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/07 05:07:05.0644   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/07 05:07:05.0676   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/07 05:07:05.0723   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/07 05:07:05.0785   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/07 05:07:05.0863   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/07 05:07:05.0894   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/07 05:07:05.0941   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/07 05:07:05.0988   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/07 05:07:06.0051   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/07 05:07:06.0098   HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/07 05:07:06.0144   HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/07 05:07:06.0207   HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/07 05:07:06.0269   HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/07 05:07:06.0332   HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/07 05:07:06.0426   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/07 05:07:06.0488   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/07 05:07:06.0535   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/07 05:07:06.0613   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/07 05:07:06.0848   ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/07 05:07:07.0035   iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/07 05:07:07.0082   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/07 05:07:07.0129   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/07 05:07:07.0285   IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/07 05:07:07.0473   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/07 05:07:07.0535   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/07 05:07:07.0566   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/07 05:07:07.0629   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/07 05:07:07.0676   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/07 05:07:07.0738   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/07 05:07:07.0816   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/07 05:07:07.0863   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/07 05:07:07.0926   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/07 05:07:08.0019   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/07 05:07:08.0066   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/07 05:07:08.0113   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/07 05:07:08.0176   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/07 05:07:08.0285   mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/07 05:07:08.0348   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/07 05:07:08.0394   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/07 05:07:08.0441   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/07 05:07:08.0488   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/07 05:07:08.0535   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/07 05:07:08.0582   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/07 05:07:08.0613   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/07 05:07:08.0660   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/07 05:07:08.0754   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/07 05:07:08.0816   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/07 05:07:08.0863   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/07 05:07:08.0910   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/07 05:07:08.0941   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/07 05:07:08.0988   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/07 05:07:09.0019   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/07 05:07:09.0082   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/07 05:07:09.0129   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/07 05:07:09.0160   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/07 05:07:09.0176   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/07 05:07:09.0254   NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/07 05:07:09.0301   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/07 05:07:09.0363   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/07 05:07:09.0426   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/07 05:07:09.0473   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/07 05:07:09.0519   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/07 05:07:09.0598   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/07 05:07:09.0707   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/07 05:07:09.0957   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:04:09 PM

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/07 05:07:10.0019   ODWGU(Ativa) (678d5ee988376f52e9ca7a312212173d) C:\WINDOWS\system32\DRIVERS\ODWGU.sys
2010/12/07 05:07:10.0066   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/07 05:07:10.0098   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/07 05:07:10.0144   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/07 05:07:10.0191   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/07 05:07:10.0332   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/07 05:07:10.0394   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/07 05:07:10.0566   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/07 05:07:10.0629   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/07 05:07:10.0723   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/07 05:07:10.0816   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/07 05:07:10.0863   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/07 05:07:10.0926   PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/07 05:07:10.0973   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/07 05:07:11.0019   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/07 05:07:11.0082   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/07 05:07:11.0129   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/07 05:07:11.0176   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/07 05:07:11.0254   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/07 05:07:11.0316   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/07 05:07:11.0394   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/07 05:07:11.0410   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/07 05:07:11.0473   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/07 05:07:11.0504   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/07 05:07:11.0566   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/07 05:07:11.0644   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/07 05:07:11.0707   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/07 05:07:11.0785   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/07 05:07:11.0832   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/07 05:07:11.0926   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/07 05:07:11.0988   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/07 05:07:12.0051   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/07 05:07:12.0113   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/07 05:07:12.0207   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/07 05:07:12.0269   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/07 05:07:12.0332   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/07 05:07:12.0394   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/07 05:07:12.0473   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/07 05:07:12.0691   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/07 05:07:12.0738   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/07 05:07:12.0769   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/07 05:07:12.0816   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/07 05:07:12.0894   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/07 05:07:12.0957   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/07 05:07:13.0035   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/07 05:07:13.0098   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/07 05:07:13.0144   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/07 05:07:13.0207   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/07 05:07:13.0238   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/07 05:07:13.0285   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/07 05:07:13.0394   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/07 05:07:13.0426   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/07 05:07:13.0473   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/07 05:07:13.0535   USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/07 05:07:13.0582   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/07 05:07:13.0644   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/07 05:07:13.0707   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/07 05:07:13.0754   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/07 05:07:13.0816   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/07 05:07:13.0863   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/07 05:07:13.0910   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/07 05:07:13.0941   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/07 05:07:13.0988   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/07 05:07:14.0035   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/07 05:07:14.0066   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/07 05:07:14.0144   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/07 05:07:14.0238   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/07 05:07:14.0316   winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/07 05:07:14.0426   WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/07 05:07:14.0504   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/07 05:07:14.0566   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/07 05:07:14.0613   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/07 05:07:14.0660   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/07 05:07:14.0660   ================================================================================
2010/12/07 05:07:14.0660   Scan finished
2010/12/07 05:07:14.0660   ================================================================================
2010/12/07 05:07:14.0676   Detected object count: 1
2010/12/07 05:07:25.0207   \HardDisk0 - will be cured after reboot
2010/12/07 05:07:25.0207   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/07 05:07:47.0144   Deinitialize success

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:09:03 PM

OTL Extras logfile created on: 12/7/2010 5:20:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 204.17 Gb Free Space | 88.86% Space Free | Partition Type: NTFS

Computer Name: JAKUBEK | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1191:UDP" = 1191:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"1190:UDP" = 1190:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:18:30 PM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Documents and Settings\Susie Q\My Documents\Cat\Kodak EasyShare software\bin\EasyShare.exe" = C:\Documents and Settings\Susie Q\My Documents\Cat\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Susie Q\Applications\Kodak EasyShare software\bin\EasyShare.exe" = C:\Documents and Settings\Susie Q\Applications\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:20:48 PM

"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:22:56 PM

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"avast5" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"green02.scr" = green02 ScreenSaver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hoyle Board Games 3" = Hoyle Board Games 3
"Hoyle Card Games Demo" = Hoyle Card Games Demo
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"Stellarium_is1" = Stellarium 0.10.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ULTIMATER" = Microsoft Office Ultimate 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2010 1:02:39 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application 0.5047485340980179.exe, version 2.67.0.239, faulting
module 0.5047485340980179.exe, version 2.67.0.239, fault address 0x00004327.

Error - 12/7/2010 1:02:42 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application 0.9247337076589472.exe, version 2.67.0.239, faulting
module 0.9247337076589472.exe, version 2.67.0.239, fault address 0x00004327.

Error - 12/7/2010 3:39:55 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/7/2010 4:04:35 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/7/2010 4:05:30 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 12/7/2010 4:14:43 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/7/2010 5:19:05 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/7/2010 5:19:13 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/7/2010 7:06:04 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/7/2010 7:06:22 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ OSession Events ]
Error - 12/15/2008 7:39:32 AM | Computer Name = JAKUBEK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 667
seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/28/2009 8:16:21 AM | Computer Name = JAKUBEK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1921
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/7/2010 12:25:57 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 3:41:25 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/7/2010 3:41:25 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/7/2010 3:41:40 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/7/2010 3:41:40 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/7/2010 3:55:18 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 4:15:30 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 7:11:22 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 7:18:52 AM | Computer Name = JAKUBEK | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 12/7/2010 7:20:44 AM | Computer Name = JAKUBEK | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

< End of report >

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:32:23 PM

OTL logfile created on: 12/7/2010 5:20:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 204.17 Gb Free Space | 88.86% Space Free | Partition Type: NTFS

Computer Name: JAKUBEK | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 12:19:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/30 17:00:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/01 12:19:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/04/12 14:37:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:35:09 PM

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 21:32:26 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/16 19:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/07/12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/07 13:23:30 | 000,408,064 | ---- | M] (Ativa Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2004/08/04 04:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 04:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 04:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 04:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 04:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 04:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 04:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 04:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 04:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 04:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 04:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 04:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 04:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 04:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 04:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:36:54 PM

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071114
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071114
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.catholicexchange.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/12 04:48:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 14:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 17:00:18 | 000,000,000 | ---D | M]

[2010/02/12 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/02/12 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\qni8gogc.default\extensions
[2010/02/12 18:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:38:23 PM

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell - "" = AutoRun
O33 - MountPoints2\{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:39:45 PM

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 22:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\SUPERAntiSpyware.com
[2010/12/06 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop
[2010/12/02 13:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\GlarySoft
[2010/12/02 13:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/02 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/02 12:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/11/29 22:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/29 22:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/27 16:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Ulhi
[2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Adok
[2010/11/27 04:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/22 08:21:46 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/22 08:21:46 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/22 08:21:45 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/22 08:21:45 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/22 08:21:44 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/22 08:21:44 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/22 08:21:43 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/22 08:21:35 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/22 08:21:35 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/22 08:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/22 08:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/19 16:43:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/19 16:28:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/18 15:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Malwarebytes
[2010/11/18 15:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/18 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/18 15:54:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/18 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/18 13:20:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/18 13:20:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/18 13:19:14 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/18 05:05:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/11/15 23:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/15 23:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 05:11:50 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/07 05:09:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/07 01:53:55 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/07 01:40:16 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/07 00:35:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/06 22:07:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 15:13:20 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/02 14:24:05 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/02 13:15:09 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 13:06:14 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/02 10:52:56 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/02 10:06:21 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/02 08:54:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/02 08:05:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/30 12:55:57 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/30 12:09:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/27 16:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/24 23:52:35 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js
[2010/11/22 08:34:45 | 000,386,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/22 08:34:45 | 000,055,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/22 08:31:53 | 000,611,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 08:30:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/22 08:21:46 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/19 16:44:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/19 14:11:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 15:54:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 15:51:54 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\completescan
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/18 13:23:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/18 13:17:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/18 13:17:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/18 13:17:19 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/18 13:15:05 | 000,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/18 13:14:17 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/11/18 13:09:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/11/18 10:49:36 | 000,000,201 | RHS- | M] () -- C:\boot.ini
[2010/11/16 06:07:23 | 000,695,296 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/16 06:07:23 | 000,488,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/11/16 05:48:51 | 000,787,958 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/11/12 03:10:08 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\start
[2010/11/12 03:00:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\install
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:41:21 PM

========== Files Created - No Company Name ==========

[2010/12/02 13:15:09 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 12:57:25 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/23 23:52:08 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js
[2010/11/22 08:21:46 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/18 15:54:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 13:20:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/18 13:19:58 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/18 13:19:50 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/18 13:19:49 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/18 13:19:48 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/18 13:19:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/18 13:19:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/18 13:19:18 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/18 13:06:40 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/18 13:06:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/18 13:06:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/18 13:06:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/18 13:06:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/18 13:06:40 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/18 13:06:40 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/18 10:49:36 | 000,000,201 | RHS- | C] () -- C:\boot.ini
[2010/11/12 05:20:53 | 000,001,599 | ---- | C] () -- C:\Remote Assistance.lnk
[2010/11/12 03:10:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\start
[2010/11/12 03:05:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\completescan
[2010/11/12 03:00:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\install
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/12 02:52:28 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/12 02:52:28 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/12 02:52:27 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/12 02:52:25 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/12 02:52:21 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/12 02:52:19 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/12 02:52:16 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/01/25 15:18:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\housecall.guid.cache
[2009/01/27 19:43:50 | 000,001,433 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/24 14:05:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keychains
[2009/01/24 14:05:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Home\Application Data\Jazz Kit
[2009/01/24 14:05:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/08/11 15:44:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/02/09 03:18:12 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/02 15:19:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/24 22:18:53 | 000,000,315 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/15 19:55:45 | 000,016,022 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\wklnhst.dat
[2007/11/13 21:36:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/13 21:24:35 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/11/13 21:24:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/13 20:57:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/11/13 20:55:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 07, 2010, 01:42:41 PM

========== LOP Check ==========

[2010/11/22 08:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/24 14:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/01/24 14:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/13 21:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/24 14:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2009/01/24 14:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/11/13 21:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/13 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/02/12 04:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/11 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\aAvgApi
[2010/11/28 00:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Adok
[2009/12/11 01:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Amazon
[2010/12/02 13:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GlarySoft
[2009/01/24 14:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Nikon
[2008/01/05 15:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Printer Info Cache
[2009/11/02 23:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Stellarium
[2007/11/15 19:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Template
[2010/11/28 00:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Ulhi
[2010/12/02 13:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\GlarySoft
[2009/02/16 19:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Nikon
[2008/01/08 02:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Template
[2010/11/30 03:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Uwuvz
[2010/11/27 13:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Ykol
[2008/01/30 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susie Q\Application Data\Template
[2010/12/02 08:54:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/02 13:06:14 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/12/02 15:13:20 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/07 01:40:16 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/02 14:24:05 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/02 08:05:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/02 10:52:56 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/12/07 01:53:55 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/12/02 10:06:21 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/12/07 05:11:50 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/11/02 23:03:39 | 042,911,720 | ---- | M] ( ) -- C:\stellarium-0.10.2.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

Title: MADE A BIG MISTAKE!
Post by: Shayleigh on December 07, 2010, 01:56:34 PM

OH! OH OH! I thought he meant to post it. Is there anyway I can delete all that junk and add it as an attachment like I'm supposed to. Such an idiot. SORRY! :-[

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Tenko on December 07, 2010, 02:07:47 PM

you are not an idiot, you are jus inexperienced and it takes time to get experience. You need to download that cleans that for you. Ashampoo, ccleaner, CSC (comodo system cleaner, which is stable), and many more... there are many.

Regards,
Tenko

Title: Re: I think I have the Google redirect virus what do I do?
Post by: essexboy on December 07, 2010, 10:04:20 PM

Quote

My mother insisted on taking the computer back tot he Dr. but they returned it without fixing the problem.

Did they charge you for missing all this ?

Quote

2010/12/07 05:07:14.0676 Detected object count: 1
2010/12/07 05:07:25.0207 \HardDisk0 - will be cured after reboot
2010/12/07 05:07:25.0207 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/07 05:07:47.0144 Deinitialize success

And this ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Ulhi
[2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Adok
[2010/11/24 23:52:35 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js
[2010/11/12 05:20:53 | 000,001,599 | ---- | C] () -- C:\Remote Assistance.lnk
[2010/11/12 03:10:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\start
[2010/11/12 03:05:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\completescan
[2010/11/12 03:00:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\install
[2010/11/30 03:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Uwuvz
[2010/11/27 13:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Ykol

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/whatnext.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edit : slow forum and posted the wrong second step - now fixed

Title: OTL scan
Post by: Shayleigh on December 09, 2010, 03:19:28 AM

K here is the report from the scan

Title: Combo Fix
Post by: Shayleigh on December 09, 2010, 04:59:39 AM

Here is the file from combo fix.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: essexboy on December 09, 2010, 08:18:54 PM

Looks good - any remaining problems ?

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 09, 2010, 11:01:44 PM

It finally works! And it didn't cost an arm and leg!!!Thank you SO much!!! And thank you for being so patient with me. I can't thank you enough you've been more helpful than any of these local computer experts!

With much gratitude,
Susie

Title: Re: I think I have the Google redirect virus what do I do?
Post by: essexboy on December 09, 2010, 11:09:15 PM

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23 (http://java.sun.com/javase/downloads/index.jsp).
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select "Run as an Administrator.")

SPRING CLEAN

Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) to help prevent spyware from installing in the first place.
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update (http://windowsupdate.microsoft.com)

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:

Title: Re: I think I have the Google redirect virus what do I do?
Post by: SafeSurf on December 12, 2010, 09:31:22 AM

@ Shayleigh,

We usually recommend that you keep your machine running for a good 24 – 48 hours after malware removal to make sure everything is working properly and give it a good test drive. After this period, please report back in this thread to let us know how things are going (good or bad).

In the meantime, here are a few suggestions in addition to the ones given to you by Essexboy to keep you and your machine safer in the future:

1.   Keep your definitions up to date for both Avast and MBAM.
2.   Keep all your shields on with Avast.
3.   Update MBAM prior to scanning, then do Quick scans.
4.   Keep your MS Updates current.
5.   Add things to your browsers for safer browsing. See my Signature as an example.
6.   Use common sense when browsing and do not go to risky sites.
7.   When downloading software, read what you are clicking and do not download adware toolbars which are commonly opted in; look before you click or do a Custom install to avoid putting unwanted toolbars on your machine that lead to spyware tracking or adware.
8.   Check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ (http://secunia.com/vulnerability_scanning/personal/) since software is changing all the time. This site gives you the vendor's direct download link making it easy to upgrade your software. Many of us here scan our machines weekly.

Please post back and let us know how your machine is doing. Thank you.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Shayleigh on December 13, 2010, 07:08:11 AM

Quote from: SafeSurf on December 12, 2010, 09:31:22 AM

@ Shayleigh,

5. Add things to your browsers for safer browsing. See my Signature as an example.

What exactly do you mean add things? Like download? we Have MBAM. Do you we need them all? CAN we have them all?

--Susie

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Asyn on December 13, 2010, 07:28:10 AM

Quote from: Shayleigh on December 13, 2010, 07:08:11 AM

What exactly do you mean add things? Like download? we Have MBAM. Do you we need them all? CAN we have them all?

--Susie

SafeSurf means security related Add-ons for Firefox like e.g. NoScript.
asyn

Title: Re: I think I have the Google redirect virus what do I do?
Post by: SafeSurf on December 13, 2010, 10:33:46 AM

Quote from: Asyn on December 13, 2010, 07:28:10 AM

SafeSurf means security related Add-ons for Firefox like e.g. NoScript.

Exactly. If you look at my Signature and other Evangelist's Signatures, you will see that they have add-on's in their browsers to help protect them. I use Firefox (FF) so the add-on's are for FF. Others use IE, and there are add-on's for IE although IE also has some internal protective features.

Please let me know if you have any questions and I'd be happy to help you. Thank you.

Title: Add ons
Post by: Shayleigh on December 16, 2010, 11:42:27 AM

Okay so how do I know which add ons to add? Is there some web site with recommended programs? Thank you.

Title: Re: I think I have the Google redirect virus what do I do?
Post by: Pondus on December 16, 2010, 11:47:05 AM

Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/

just ask the google man, and you will find ;)