Help--search redirect virus?

jgarzanc · 02-03-2009, 07:12 AM

Hello. My problem is that every time I websearch either through Google, Yahoo or Live I am redirected to different sites when clicking the links in the websearch. I also cannot login to some websites. Login in will take me to the 'Internet Explorer cannot display this webpage' page or I get web certificate warnings on a website I frequent and have never had a problem with, like Blogger.com but that is only when attempting to log in.

Thanks for the help.

Jenn

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 8:33:11.35 on Tue 02/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1220 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\FarStone\GameDrive\GDTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QO9AG6W0\dds[1].com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page =
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\program files\mcafee\msk\mcapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\docume~1\owner\locals~1\tempor~1\content.ie5\totru47p\whitea~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\df9uxx8u\mermai~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\xqlfooy7\guitar~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\1be2p60u\waterf~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\n0ahz9va\angelk~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\totru47p\cockta~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\23vgyhpl\wish_b~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\2w35160s\boy_co~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\moc4fwz9\dreamq~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\fe9dssdc\blackw~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\2w35160s\imagin~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\926bra2g\serpen~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\xqlfooy7\machin~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\totru47p\porchs~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\2w35160s\skull_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\gv42o812\angelf~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\xqlfooy7\fever_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\df9uxx8u\redemp~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\0sqkgf7m\escape~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\n0ahz9va\fall_1~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\gv42o812\cassan~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\fe9dssdc\hunter~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\qxjzqccr\gothic~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\moc4fwz9\girl_1~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\926bra2g\daeva_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\926bra2g\ven2_1~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\23vgyhpl\nighte~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\2w35160s\averna~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\8zojrhkw\ironan~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\8zojrhkw\hunter~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\926bra2g\drowge~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\totru47p\demon_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\1be2p60u\scene6~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\23vgyhpl\scene2~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\0sqkgf7m\siblin~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\fe9dssdc\averna~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\1be2p60u\mageco~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\n0ahz9va\deepco~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\8zojrhkw\victor~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\agqbev08\wowcov~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\agqbev08\romero~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\agqbev08\valler~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\fe9dssdc\girl_c~2.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\qxjzqccr\scghos~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\23vgyhpl\scene6~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\moc4fwz9\unders~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\q1ftbeoo\space_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\n0ahz9va\drowge~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\qxjzqccr\gangre~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\gv42o812\embrac~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\qxjzqccr\pandor~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\0sqkgf7m\scene1~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\totru47p\whitef~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\df9uxx8u\scene4~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\gv42o812\twins_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\5p94arrt\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\i1b7b39t\ebay_q~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\mecrl9i2\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\ed7or551\tcode_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\k7fd8i3w\render~2.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\k7fd8i3w\__ord_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\tkwc3gmr\j%3d12~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\0lk88vfy\GENERI~1.SH!
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RegistryCleanerProMFCT] c:\program files\registrycleanerpro\StartApp.exe
uRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\docume~1\owner\locals~1\temp\tempfo~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\kdlu1wck\modera~2.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\xnokzseb\rearra~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\ya03dq7b\type_c~3.sh! c:\docume~1\owner\locals~1\temp\wer71b~2.sh! c:\docume~1\owner\locals~1\temp\wer71b~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\n1nmbxpx\__ord_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\mqst9bqf\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\dtpsydty\optn_6~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\chv1884k\__ord_~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\0ecy50rm\kellog~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\v93b8ldf\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\jepz8ks7\aim_ua~1.sh! c:\docume~1\owner\locals~1\temp\hsperf~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\olbph0cf\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\89xk0fqd\optn_6~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\gowqh9m5\aim_ua~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\lbfcr2gl\optn_6~2.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\nmme7sfa\zcpt13~1.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\d723ch0i\__ord_~4.sh! c:\docume~1\owner\locals~1\tempor~1\content.ie5\4lolsvkc\__ORD_~2.SH!
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] mHotkey.exe
mRun: [ledpointer] CNYHKey.exe
mRun: [showwnd] showwnd.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GameDrive] "c:\program files\farstone\gamedrive\GDTask.exe" /AutoRestore
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [Magnify] Magnify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com\office
Trusted Zone: navyfcu.org\myaccounts
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 k_jgosvjau;k_jgosvjau;c:\program files\common files\system\k_jgosvjau32.dll [2009-2-1 29184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-12 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-12 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-12 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-12 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-12 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-12 359248]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-12 144704]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-12 33832]

=============== Created Last 30 ================

2009-02-02 18:35 <DIR> --d----- c:\program files\CCleaner
2009-02-02 18:09 <DIR> --d----- c:\windows\LastGood.Tmp
2009-02-02 18:04 <DIR> --d----- c:\windows\system32\scripting
2009-02-02 18:04 <DIR> --d----- c:\windows\system32\en
2009-02-02 18:04 <DIR> --d----- c:\windows\system32\bits
2009-02-02 18:04 <DIR> --d----- c:\windows\l2schemas
2009-02-02 18:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-02 15:37 <DIR> --d----- c:\windows\McAfee.com
2009-02-02 15:14 0 a------- c:\windows\system32\MSVolume.dll
2009-02-02 15:14 <DIR> --d----- c:\program files\RegistryCleanerPro
2009-02-02 11:08 <DIR> --d----- c:\program files\Trend Micro
2009-02-02 11:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-02 09:32 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-02 09:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-02 09:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-02 09:08 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-02 09:08 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-01-23 09:35 <DIR> --d----- c:\docume~1\owner\applic~1\McAfee
2009-01-05 20:41 <DIR> --d----- c:\docume~1\owner\applic~1\Unity
2009-01-05 18:45 <DIR> --d----- c:\program files\Unity

==================== Find3M ====================

2009-02-02 18:07 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-01 20:55 6,390 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2006-12-08 11:03 774,144 a------- c:\program files\RngInterstitial.dll
2006-09-16 20:57 2,409,376 a------- c:\program files\xfire_installer_21654.exe
2007-10-17 21:42 88 ---shr-- c:\windows\system32\8C2BB948DE.sys
2007-10-17 21:42 1,368 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 8:34:02.34 ===============

tetonbob · 02-05-2009, 11:30 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

McAfee VirusScan:

Double-click the taskbar icon to open the Security Center
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right.

Please include the C:\ComboFix.txt in your next reply for further review.

tetonbob · 02-09-2009, 02:25 PM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

02-05-2009, 11:30 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,573 OS: 2000 Pro; XP Pro; XP Home	Re: Help--search redirect virus? Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. McAfee VirusScan: Double-click the taskbar icon to open the Security Center Click Advanced Menu (lower left) Click Configure (left) Click Computer & Files (upper left) VirusScan can be disabled on the right. Please include the C:\ComboFix.txt in your next reply for further review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-09-2009, 02:25 PM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,573 OS: 2000 Pro; XP Pro; XP Home	Re: Help--search redirect virus? Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009