Google Redirect

June 26, 2009 at 06:28:37
Specs: Windows XP, 2.21 GHz/1 GB
I have the Google redirect virus and need help getting rid of this pesky thing. Thanks for your help. I really appreciate it. My logs are below.

HiJack This:
Logfile of HijackThis v1.99.1
Scan saved at 6:32:29 AM, on 6/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\websrvx\websrvx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\mstre19.exe
C:\windows\pp10.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\freddy48.exe
C:\Program Files\Malware Professional\Malware Professional.exe
C:\Program Files\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy48.exe
O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre19.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Drive...
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobi...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcapl...
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe

Malware Bytes:
Malware Professional 5.0

---------------------

Removing Spyware Tracking Cookie...

Removing Registry Tracking Cookie...

Removing RegValues Tracking Cookie...

Fixing RegValue dataTracking Cookie...

Removing Cookies Tracking Cookie...

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@interclick[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@a1.interclick[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ads.widgetbucks[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@chitika[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@media6degrees[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@iacas.adbureau[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@dmtracker[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@at.atwola[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ads.ad4game[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@cbs.112.2o7[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@247realmedia[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@2o7[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@aa[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@about[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ad.yieldmanager[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adbrite[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adinterax[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adlegend[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adopt.euroclick[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adopt.specificclick[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adrevolver[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ads.gamesbannernet[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ads.pointroll[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adserving.cpxinteractive[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@adtech[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@advertising[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@apmebf[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ask[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@atdmt[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@atwola[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@azjmp[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@bizrate[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@bluestreak[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@bs.serving-sys[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@burstnet[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@casalemedia[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@classmates[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@clickbank[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@collective-media[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@com[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@data.coremetrics[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@did-it[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@doubleclick[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@edge.ru4[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ehg-space.hitbox[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@entertainment[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@fastclick[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@go[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@hc2.humanclick[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@hc2.humanclick[3].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@hitbox[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ic-live[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@imrworldwide[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@insightexpressai[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@ivwbox[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@kontera[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@linksynergy[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@looksmart[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@m.webtrends[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@media.adrevolver[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@media.adrevolver[3].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@mediaplex[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@msnportal.112.2o7[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@nextag[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@nextstat[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@one-time-offer[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@overture[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@paypal.112.2o7[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@perf.overture[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@pro-market[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@questionmarket[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@realmedia[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@revenue[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@revsci[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@rotator.adjuggler[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@rotator.adjuggler[3].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@s.clickability[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@search.live[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@searchportal.information[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@server.iad.liveperson[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@server.iad.liveperson[3].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@server.iad.liveperson[4].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@serving-sys[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@smartadserver[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@specificclick[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@statcounter[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@stats1.clicktracks[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@stats2.clicktracks[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@statse.webtrendslive[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@tacoda[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@trafficmp[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@tribalfusion[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@tripod[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@united[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@web4.realtracker[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@www.burstbeacon[2].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@xiti[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@yadro[1].txt

[Deleted Cookie]

C:\Documents and Settings\Cadenhead\Cookies\cadenhead@zedo[1].txt

Removing Files Tracking Cookie...

Removing Folders Tracking Cookie...

Removing Spyware W32.Mytob.JN@mm...

Removing Registry W32.Mytob.JN@mm...

Removing RegValues W32.Mytob.JN@mm...

Fixing RegValue dataW32.Mytob.JN@mm...

Removing Cookies W32.Mytob.JN@mm...

Removing Files W32.Mytob.JN@mm...

[File Deleting...]

C:\WINDOWS\system32\winsys.exe

[File Deleted]

C:\WINDOWS\system32\winsys.exe

Removing Folders W32.Mytob.JN@mm...

Removing Spyware Downloader.Win32.PopCap.a...

Removing Registry Downloader.Win32.PopCap.a...

[Deleting Key...]

Key : HKEY_CLASSES_ROOT\\PopCapLoader.PopCapLoaderCtrl2

[Key Deleted]

Key : HKEY_CLASSES_ROOT\\PopCapLoader.PopCapLoaderCtrl2

[Deleting Key...]

Key : HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

[Key Deleted]

Key : HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

[Deleting Key...]

Key : HKEY_CLASSES_ROOT\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

[Key Deleted]

Key : HKEY_CLASSES_ROOT\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

[Deleting Key...]

Key : HKEY_CLASSES_ROOT\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

[Key Deleted]

Key : HKEY_CLASSES_ROOT\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

[Deleting Key...]

Key : HKEY_CLASSES_ROOT\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

[Key Deleted]

Key : HKEY_CLASSES_ROOT\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2

[Key Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

[Key Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

[Key Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

[Key Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

[Key Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

Removing RegValues Downloader.Win32.PopCap.a...

Fixing RegValue dataDownloader.Win32.PopCap.a...

Removing Cookies Downloader.Win32.PopCap.a...

Removing Files Downloader.Win32.PopCap.a...

Removing Folders Downloader.Win32.PopCap.a...

Removing Spyware KillApp.b...

Removing Registry KillApp.b...

Removing RegValues KillApp.b...

Fixing RegValue dataKillApp.b...

Removing Cookies KillApp.b...

Removing Files KillApp.b...

[File Deleting...]

C:\WINDOWS\system32\KILLAPPS.EXE

[MD5]=c54d81a16257c8c6e666fbf9fb58cc45

[File Removal]

C:\WINDOWS\system32\KILLAPPS.EXE

[MD5]=c54d81a16257c8c6e666fbf9fb58cc45

Removing Folders KillApp.b...

Can anyone recommend a good program to protect me from these things? My IT guy at work likes Kaspersky.

Thanks again


See More: Google Redirect

Report •


#1
June 26, 2009 at 07:39:13
Run a full scan with http://www.eset.com/onlinescan/
# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.

Illustrated tutorial: http://img155.imageshack.us/img155/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
June 26, 2009 at 09:59:16
Thanks for the quick response. I'll be out of town until Sunday.
I'll run the scan when I get back and post the results.

Report •

#3
June 28, 2009 at 14:30:43
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=15e89b431ecab249999326e20c8b3538
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-26 04:42:06
# local_time=2009-06-26 11:42:06 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=64758
# found=14
# cleaned=14
# scan_time=2194
C:\Documents and Settings\Cadenhead\Local Settings\Temp\ro_1245931983.exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Documents and Settings\Cadenhead\Local Settings\Temporary Internet Files\Content.IE5\1E6B9VZO\fb.48[1].exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Documents and Settings\Cadenhead\Local Settings\Temporary Internet Files\Content.IE5\QS9RJLAB\setup[1].exe a variant of Win32/Koobface.NBQ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Documents and Settings\Cadenhead\Local Settings\Temporary Internet Files\Content.IE5\YD03TC9U\pp.10[1].exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Documents and Settings\Cadenhead\Local Settings\Temporary Internet Files\Content.IE5\YL0RPAOO\fb.47[1].exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Documents and Settings\Cadenhead\Local Settings\Temporary Internet Files\Content.IE5\YL0RPAOO\websrvx2[1].exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Program Files\driver\driver.dll Win32/Tinxy.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\Program Files\websrvx\websrvx.exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000
C:\WINDOWS\freddy46.exe probably a variant of Win32/Koobface.NBG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\freddy47.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\freddy48.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\ld10.exe a variant of Win32/Koobface.NBQ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\mstre19.exe a variant of Win32/Koobface.NBQ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\pp10.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=15e89b431ecab249999326e20c8b3538
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-28 09:26:13
# local_time=2009-06-28 04:26:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=135360
# found=4
# cleaned=4
# scan_time=4745
C:\WINDOWS\ld11.exe Win32/Koobface.NBT worm (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\pp10.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000
D:\delete this\Documents and Settings\Cadenhead\Application Data\Sun\Java\Deployment\cache\6.0\50\298c6a72-3ce13efd Java/Exploit.Bytverify trojan (deleted - quarantined) 00000000000000000000000000000000
D:\delete this\Documents and Settings\Cadenhead\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2a73af85-74f4cefa.zip Java/Exploit.Bytverify trojan (deleted - quarantined) 00000000000000000000000000000000

Report •

Related Solutions

#4
June 28, 2009 at 14:56:44

Report •

#5
June 28, 2009 at 17:37:26
I did not get any pop-ups when I left it running earlier. I'll
check again shortly to confirm that. Can you recommend a
program to protect my PC without bogging it down?

Report •

#6
June 29, 2009 at 02:40:47
im going on with the same problem....i need help fast....i dont
want to have to go it the hard way...there has to be an easier
way...PLEASE HELP ME!!! PLUS WHEN I TRY TO EXIT
FROM THE INTERNET IT SAYS... Internet Explorer has
closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet
Explorer to close this webpage.
What you can do:
Go to your home page

Try to return to info.com



IT WON'T CLOSE DOWN NATURALLY...I LOST
NORTON...WHAT IS JUST AS GOOD...OR HOW CAN I GET
PASSED ALL THIS CRAP!!!...IS WINBLUESOFT A VIRUS?

Report •

#7
June 29, 2009 at 05:19:37
Easy way would keep scanning with online antivirus programs till its removed. Manual hard way would manually delete infected files. May be someone else has easy solution to your problem.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question