Tech Support Forum - View Single Post - Google link redirects; random computer freeze and BSOD

meekazoid · 06-27-2009, 05:03 PM

Hi,
A few months ago I did something pretty stupid (in hindsight I should say) and downloaded an application that promised to spoof IP addresses. I wanted to listen to Pandora again you see, and I can't anymore from the UK. Anyway, it seemed to work sort of OK, but very soon afterwards my gmail account was compromised and a spam mail was sent out from my account to my contacts list. This was pretty alarming for me, but I ran a computer scan which located a number of infections, and cleaned up my PC (or so I thought) and then uninstalled the dodgy application.
Things sort of seemed ok, but then I started to notice the every once in a while I would click on a link from Google, and I would go to a completely different site, quite often Myspace. I also began to notice that sometimes when I logged on to Windows, my Virgin PCGuard (virus/spyware checked provided by my ISP) would run, but then after this happened, everything would freeze, and I couldn't click on any icons, or anything.
Gradually, both these problems have become worse over time so that they are now unbearable, and I can't ignore them anymore. Quite often now, when I restart my laptop, it doesn't start up properly, it blue screens on me, and then I have to start it up in safe mode, and run a scan, delete the spyware that it finds, and then it starts up properly. And then it seems to be ok for a short while, but then the problems come back again and the cycle continues. And the google links redirecting is ubiquitous. But I can't seem to spot any particular pattern, or anything systematic.
So I started looking around on the internet, and I realised quite quickly after reading sites like this that I have some kind of malware problem. I tried to download Windows Defender, but I can't get onto windows download.com, same with Paretologic, and some of the other free spyware tools don't find anything.
So I thought I would come to you guys for some help!

Thanks so much in advance for anything you can tell me. I attach and enclose the files as detailed in your sticky instructions. Looking forward to hearing from you, and my apologies for adding to your workload.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Dike at 13:21:32.87 on 27/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.638 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
svchost.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "c:\documents and settings\dike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [B'sCLiP] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [DisplayManager] c:\program files\samsung\displaymanager\DMLoader.exe
mRun: [AVStation Premium 3.75] c:\program files\samsung\avstation premium 3.75\AVSAgent.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [PCguard] "c:\program files\virgin broadband\pcguard\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\virgin broadband\pcguard\ZkRunOnceR.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dike\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/0714/FileOpen.CAB
TCP: NameServer = 85.255.112.89,85.255.112.201
TCP: {2002D528-8B71-4D99-A749-6C6B5465F591} = 85.255.112.89,85.255.112.201
TCP: {242FB099-7491-4A01-BC3C-1AC882CB7C48} = 85.255.112.89,85.255.112.201
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dike\applic~1\mozilla\firefox\profiles\pl34ofi7.default\
FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2007-10-20 10368]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2007-10-20 164480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-10-20 4300]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-10-2 32512]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2005-11-28 19456]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-12-28 19840]

=============== Created Last 30 ================

2009-06-26 00:29 268 a---h--- C:\sqmdata03.sqm
2009-06-26 00:29 244 a---h--- C:\sqmnoopt03.sqm
2009-06-26 00:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-06-25 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Spyware
2009-06-25 23:23 <DIR> --d----- c:\program files\ParetoLogic
2009-06-25 22:20 <DIR> --d----- c:\docume~1\dike\applic~1\GlarySoft
2009-06-25 22:14 <DIR> --d----- c:\program files\Glary Utilities
2009-06-18 00:17 <DIR> --d----- c:\program files\MediaMonkey
2009-06-16 03:05 268 a---h--- C:\sqmdata02.sqm
2009-06-16 03:05 244 a---h--- C:\sqmnoopt02.sqm
2009-06-10 00:06 268 a---h--- C:\sqmdata01.sqm
2009-06-10 00:06 244 a---h--- C:\sqmnoopt01.sqm
2009-05-31 19:00 <DIR> --d----- c:\program files\PKR
2009-05-31 10:58 <DIR> --d----- c:\docume~1\dike\applic~1\Spotify
2009-05-31 10:58 <DIR> --d----- c:\program files\Spotify

==================== Find3M ====================

2009-05-18 19:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 00:18 87,608 a------- c:\docume~1\dike\applic~1\inst.exe
2009-04-23 00:18 47,360 a------- c:\docume~1\dike\applic~1\pcouffin.sys

============= FINISH: 13:22:30.65 ===============