Links are being redirected

[snapple!]

Hello.
Today, I had downloaded some songs off of Bittorrent and usually no spyware/ads/viruses would come up. But this pop up "Spyware alert!" came up on my computer and I had to search it up to try to find a way to erase it from my computer. So I did, but I'm not sure if it would come back up again. Also, while searching for the cure to this fake spyware help pop up, I tried clicking on links on google, but it kept redirecting me to another site with the title "Jumping" and with the url as hxxp://tourantolayer.com/?q=spyware%20pop%20up%20removal.

I'm not sure what's wrong and it would be great if you could help! And if you could also help me clear all the unknown viruses from my computer it would be wonderful. I only use Spybot for protection so far.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Amy Le at 18:45:12.68 on Tue 06/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1059 [GMT -5:00]

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\navnt\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\navnt\Rtvscan.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\svchost.exe -k sys
F:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\PROGRA~1\navnt\vptray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Wireless LAN\WlanUtil.exe
svchost
C:\WINDOWS\system32\proquota.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\svchost.exe -k HPService
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
F:\Documents and Settings\Amy Le\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - f:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - f:\program files\aim toolbar\aimtb.dll
mWinlogon: Userinit=f:\windows\system32\userinit.exe,c:\windows\system32\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - f:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - f:\program files\aim toolbar\aimtb.dll
uRun: [Aim6]
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe"
uRun: [LowRiskFileTypes] f:\windows\sysguard.exe
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe
mRun: [vptray] c:\progra~1\navnt\vptray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] f:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "f:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\ieee80~1.lnk - f:\program files\wireless lan\WlanUtil.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AIM Toolbar Search - f:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - f:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\amyle~1\applic~1\mozilla\firefox\profiles\xmqw2s00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\adobe\acrobat 6.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: f:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 sysdrv;sysdrv;f:\program files\sys\sys.sys [2009-6-30 9344]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\navnt\Rtvscan.exe [2003-5-21 610304]
R2 SAVRoam;SAVRoam;c:\progra~1\symant~1\symant~1\savroam.exe [2002-7-30 139264]
R2 sys;sys;f:\windows\system32\svchost.exe -k sys [2004-8-4 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;f:\program files\viewpoint\common\ViewpointService.exe [2009-4-18 24652]
R3 NAVAP;NAVAP;c:\progra~1\navnt\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090617.003\NAVENG.sys [2009-6-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090617.003\NAVEX15.sys [2009-6-17 876144]
R3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);f:\windows\system32\drivers\ZD1211U.sys [2008-10-19 273408]
S3 npggsvc;nProtect GameGuard Service;f:\windows\system32\gamemon.des -service --> f:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-06-30 17:46 95 a------- f:\windows\wininit.ini
2009-06-30 17:37 <DIR> --d----- f:\program files\Spybot - Search & Destroy
2009-06-30 17:37 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-30 15:37 2 a------- f:\windows\0101120101465749.dat
2009-06-30 14:37 <DIR> --d----- f:\program files\sys
2009-06-30 14:37 2 a------- f:\windows\010112010146118114.dat
2009-06-15 16:26 132,880 a------- f:\windows\system32\MSINET.OCX
2009-06-15 16:26 108,336 a------- f:\windows\system32\MSWINSCK.OCX
2009-06-15 16:26 <DIR> --d----- f:\program files\Pokemon World Online
2009-06-14 15:42 <DIR> --d----- f:\program files\common files\Software Update Utility
2009-06-14 15:42 <DIR> --d----- f:\program files\AIM Toolbar
2009-06-14 15:42 <DIR> --d----- f:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-06-09 22:23 <DIR> --d----- f:\program files\Vpskeys
2009-06-08 14:48 <DIR> --d----- f:\program files\iPod
2009-06-04 22:31 2,849,757 a------- f:\windows\system32\GameMon.des
2009-06-04 22:31 5,174 a------- f:\windows\system32\nppt9x.vxd
2009-06-04 22:31 4,682 a------- f:\windows\system32\npptNT2.sys
2009-06-04 22:31 <DIR> --d----- f:\program files\common files\INCA Shared
2009-06-04 22:19 710,064 a------- f:\windows\system32\ijjiSetup.exe
2009-06-04 22:19 157,152 a------- f:\windows\system32\PubPlugin.dll
2009-06-04 22:19 58,800 a------- f:\windows\system32\ijjiProcessRestarter.exe
2009-06-04 22:19 58,800 a------- f:\windows\system32\ijjiPlugin2.dll
2009-06-04 22:19 <DIR> --d----- f:\program files\NHN USA
2009-06-02 15:14 <DIR> --d----- f:\windows\system32\LogFiles
2009-06-01 22:52 <DIR> --d----- f:\program files\Gpotato

==================== Find3M ====================

2009-05-29 13:36 2,060,288 a------- f:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- f:\windows\system32\drivers\usbaapl.sys
2009-05-21 11:33 410,984 a------- f:\windows\system32\deploytk.dll
2009-05-07 10:44 344,064 a------- f:\windows\system32\localspl.dll
2009-04-28 23:52 659,456 a------- f:\windows\system32\wininet.dll
2009-04-28 23:52 81,920 a------- f:\windows\system32\ieencode.dll
2009-04-17 07:21 178,670 a------- f:\windows\hpwins20.dat
2009-04-17 06:43 27,262,976 a------- F:\VIRTPART.DAT
2009-04-17 04:58 1,846,656 a------- f:\windows\system32\win32k.sys
2009-04-16 23:27 22,720 a------- f:\windows\system32\emptyregdb.dat
2009-04-15 10:11 584,192 a------- f:\windows\system32\rpcrt4.dll

============= FINISH: 18:45:32.53 ===============

[Blade81]

Quote:

Today, I had downloaded some songs off of Bittorrent and usually no spyware/ads/viruses would come up. But this pop up "Spyware alert!" came up on my computer and I had to search it up to try to find a way to erase it from my computer.

Hi,

It would be recommended to stop trying luck on those dubious downloads and uninstall P2P file sharing software that you have there (BitTorrent DNA with BitTorrent and DNA entry in add/remove programs). Nowadays big part of infections comes from P2P networks.

Whatever you decide to do keep P2P programs disabled so that any won't be running during the fixing operations.

After that cleaning can begin.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[snapple!]

Thank you for the response, but the viruses were consuming my computer so I just decided to reformat my computer. If anything else goes wrong, I'll come back and ask for help!

[Blade81]

Ok. Thanks for letting us know