Redirecting on google

Every time I search something on google. My computer keeps redirecting me. I need to know how I can stop this.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Michael A Borosky II at 12:11:51.05 on Tue 03/29/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2425 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Michael A Borosky II\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\michael a borosky ii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\users\michae~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-2 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-3 517448]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2011-1-2 16896]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-29 12:02:53 -------- d-----w- c:\users\michae~1\appdata\roaming\HpUpdate
2011-03-29 12:02:42 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-25 18:59:22 -------- d-----w- c:\program files\iPod
2011-03-25 18:59:20 -------- d-----w- c:\program files\iTunes
2011-03-18 23:36:58 -------- d-----w- c:\users\michae~1\appdata\local\Scansoft
2011-03-18 23:26:34 73728 ------w- c:\windows\system32\BRCrypt.dll
2011-03-18 23:26:16 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-03-18 23:26:16 118784 ------w- c:\windows\system32\BrMfNt.dll
2011-03-18 23:26:15 70656 ------w- c:\windows\system32\BrWiaNCp.dll
2011-03-18 23:26:15 70144 ------w- c:\windows\system32\BrNetSti.dll
2011-03-18 23:26:15 44032 ------w- c:\windows\system32\Brnsplg.dll
2011-03-18 23:26:15 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2011-03-18 23:25:56 73728 ------w- c:\windows\system32\BrDctF2.dll
2011-03-18 23:25:56 5120 ------w- c:\windows\system32\BrDctF2L.dll
2011-03-18 23:25:56 3072 ------w- c:\windows\system32\BrDctF2S.dll
2011-03-18 23:25:56 176128 ------w- c:\windows\system32\BroSNMP.dll
2011-03-18 23:25:54 1530880 ----a-w- c:\windows\system32\BrWia08b.dll
2011-03-18 23:25:53 57344 ----a-w- c:\windows\system32\brprtink.dll
2011-03-18 23:25:50 167936 ------w- c:\windows\system32\NSSearch.dll
2011-03-18 23:25:50 -------- d-----w- c:\program files\Brother
2011-03-18 23:24:11 -------- d-----w- c:\program files\Nuance
2011-03-18 23:22:26 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-03-18 23:22:21 -------- d-----w- c:\program files\ScanSoft
2011-03-18 23:21:12 -------- d-----w- c:\progra~2\Brother
2011-03-18 22:55:12 -------- d-----w- c:\program files\Search Toolbar
2011-03-18 22:53:51 -------- d-----w- c:\program files\Quick Web Player
2011-03-17 21:39:05 0 ----a-w- c:\users\michae~1\appdata\local\Ykizukayeju.bin
2011-03-17 21:39:03 -------- d-----w- c:\users\michae~1\appdata\local\{3488B216-B314-4A81-A9D3-5F77A00D97B5}
2011-03-09 12:35:42 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 12:35:42 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 12:35:42 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 12:35:42 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 12:35:39 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 12:35:38 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 02:13:31 -------- d--h--w- C:\$AVG
2011-03-04 00:42:36 -------- d-----w- c:\users\michae~1\appdata\roaming\AVG10
2011-03-04 00:41:14 -------- d--h--w- c:\progra~2\Common Files
2011-03-04 00:40:45 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-03-04 00:37:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 00:37:46 -------- d-----w- c:\progra~2\AVG10
2011-03-04 00:34:28 -------- d-----w- c:\program files\AVG
2011-03-04 00:20:34 -------- d-----w- c:\progra~2\MFAData
2011-03-01 12:31:18 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e772e5cb-f97e-4fd7-8081-23a4a7e337ba}\mpengine.dll
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 21:12:05 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-01-02 21:12:04 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-02 18:34:50 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-01-02 04:27:57 23552 ----a-w- c:\windows\system32\lpk.dll
2011-01-02 04:27:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-02 04:25:46 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-02 04:25:43 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-02 04:23:41 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-02 04:23:41 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-02 04:19:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-02 04:19:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-02 04:19:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-02 04:19:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-02 04:19:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-02 04:19:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-02 04:19:53 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-02 04:19:53 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-02 04:16:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-02 04:16:02 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-02 04:16:02 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-02 04:16:02 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-02 04:16:02 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-01-02 04:16:02 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-02 04:15:59 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-01-02 04:14:45 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-01-02 04:14:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-02 04:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-02 04:13:30 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-02 04:11:08 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-02 04:11:08 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-02 04:11:08 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-02 04:07:40 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-01-02 04:06:32 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-02 04:00:57 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-02 03:59:49 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-02 03:59:49 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-01-02 03:56:31 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-01-02 03:50:33 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-01-02 03:46:18 623616 ----a-w- c:\windows\system32\localspl.dll
2011-01-02 03:41:43 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-01-02 03:40:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-01-02 03:40:41 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-02 03:40:40 9728 ----a-w- c:\windows\system32\lsass.exe
2011-01-02 03:40:40 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-02 03:40:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-02 03:32:53 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-01-02 03:30:07 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-02 03:30:07 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-02 03:28:19 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-02 03:24:00 98304 ----a-w- c:\windows\system32\cabview.dll
2011-01-02 03:23:09 37888 ----a-w- c:\windows\system32\printcom.dll
2011-01-02 03:20:32 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-01-02 03:19:33 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-01-02 03:19:33 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-01-02 03:19:33 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-01-02 03:19:31 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-01-02 03:19:30 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-01-02 03:19:30 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-01-02 03:18:20 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-01-02 03:18:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-01-02 03:18:20 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-01-02 03:18:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-01-02 03:18:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-01-02 03:18:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-01-02 03:18:19 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-01-02 03:18:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-01-02 03:18:19 471552 ----a-w- c:\windows\system32\secproc.dll
2011-01-02 02:34:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HTS542525K9SA00 rev.BBFOC32P -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x854DF439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x854e57d0]; MOV EAX, [0x854e584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E48912] -> \Device\Harddisk0\DR0[0x854BF4D8]
3 CLASSPNP[0x8A5B38B3] -> ntkrnlpa!IofCallDriver[0x81E48912] -> [0x852C6B58]
5 acpi[0x824126BC] -> ntkrnlpa!IofCallDriver[0x81E48912] -> [0x8530C8A0]
\Driver\atapi[0x854C1678] -> IRP_MJ_CREATE -> 0x854DF439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#5&f552377&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.

--- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe[256] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00080010
IAT C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe[644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00180010
IAT C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe[1492] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00180010
IAT C:\Users\Michael A Borosky II\AppData\Local\Google\Chrome\Application\chrome.exe[1736] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00080010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#5&f552377&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\michael a borosky ii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\users\michae~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-2 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-3 517448]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2011-1-2 16896]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-29 12:02:53 -------- d-----w- c:\users\michae~1\appdata\roaming\HpUpdate
2011-03-29 12:02:42 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-25 18:59:22 -------- d-----w- c:\program files\iPod
2011-03-25 18:59:20 -------- d-----w- c:\program files\iTunes
2011-03-18 23:36:58 -------- d-----w- c:\users\michae~1\appdata\local\Scansoft
2011-03-18 23:26:34 73728 ------w- c:\windows\system32\BRCrypt.dll
2011-03-18 23:26:16 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-03-18 23:26:16 118784 ------w- c:\windows\system32\BrMfNt.dll
2011-03-18 23:26:15 70656 ------w- c:\windows\system32\BrWiaNCp.dll
2011-03-18 23:26:15 70144 ------w- c:\windows\system32\BrNetSti.dll
2011-03-18 23:26:15 44032 ------w- c:\windows\system32\Brnsplg.dll
2011-03-18 23:26:15 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2011-03-18 23:25:56 73728 ------w- c:\windows\system32\BrDctF2.dll
2011-03-18 23:25:56 5120 ------w- c:\windows\system32\BrDctF2L.dll
2011-03-18 23:25:56 3072 ------w- c:\windows\system32\BrDctF2S.dll
2011-03-18 23:25:56 176128 ------w- c:\windows\system32\BroSNMP.dll
2011-03-18 23:25:54 1530880 ----a-w- c:\windows\system32\BrWia08b.dll
2011-03-18 23:25:53 57344 ----a-w- c:\windows\system32\brprtink.dll
2011-03-18 23:25:50 167936 ------w- c:\windows\system32\NSSearch.dll
2011-03-18 23:25:50 -------- d-----w- c:\program files\Brother
2011-03-18 23:24:11 -------- d-----w- c:\program files\Nuance
2011-03-18 23:22:26 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-03-18 23:22:21 -------- d-----w- c:\program files\ScanSoft
2011-03-18 23:21:12 -------- d-----w- c:\progra~2\Brother
2011-03-18 22:55:12 -------- d-----w- c:\program files\Search Toolbar
2011-03-18 22:53:51 -------- d-----w- c:\program files\Quick Web Player
2011-03-17 21:39:05 0 ----a-w- c:\users\michae~1\appdata\local\Ykizukayeju.bin
2011-03-17 21:39:03 -------- d-----w- c:\users\michae~1\appdata\local\{3488B216-B314-4A81-A9D3-5F77A00D97B5}
2011-03-09 12:35:42 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 12:35:42 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 12:35:42 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 12:35:42 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 12:35:39 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 12:35:38 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 02:13:31 -------- d--h--w- C:\$AVG
2011-03-04 00:42:36 -------- d-----w- c:\users\michae~1\appdata\roaming\AVG10
2011-03-04 00:41:14 -------- d--h--w- c:\progra~2\Common Files
2011-03-04 00:40:45 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-03-04 00:37:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 00:37:46 -------- d-----w- c:\progra~2\AVG10
2011-03-04 00:34:28 -------- d-----w- c:\program files\AVG
2011-03-04 00:20:34 -------- d-----w- c:\progra~2\MFAData
2011-03-01 12:31:18 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e772e5cb-f97e-4fd7-8081-23a4a7e337ba}\mpengine.dll
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 21:12:05 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-01-02 21:12:04 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-02 18:34:50 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-01-02 04:27:57 23552 ----a-w- c:\windows\system32\lpk.dll
2011-01-02 04:27:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-02 04:25:46 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-02 04:25:43 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-02 04:23:41 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-02 04:23:41 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-02 04:19:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-02 04:19:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-02 04:19:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-02 04:19:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-02 04:19:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-02 04:19:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-02 04:19:53 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-02 04:19:53 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-02 04:16:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-02 04:16:02 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-02 04:16:02 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-02 04:16:02 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-02 04:16:02 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-01-02 04:16:02 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-02 04:15:59 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-01-02 04:14:45 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-01-02 04:14:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-02 04:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-02 04:13:30 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-02 04:11:08 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-02 04:11:08 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-02 04:11:08 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-02 04:07:40 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-01-02 04:06:32 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-02 04:00:57 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-02 03:59:49 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-02 03:59:49 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-01-02 03:56:31 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-01-02 03:50:33 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-01-02 03:46:18 623616 ----a-w- c:\windows\system32\localspl.dll
2011-01-02 03:41:43 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-01-02 03:40:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-01-02 03:40:41 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-02 03:40:40 9728 ----a-w- c:\windows\system32\lsass.exe
2011-01-02 03:40:40 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-02 03:40:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-02 03:32:53 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-01-02 03:30:07 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-02 03:30:07 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-02 03:28:19 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-02 03:24:00 98304 ----a-w- c:\windows\system32\cabview.dll
2011-01-02 03:23:09 37888 ----a-w- c:\windows\system32\printcom.dll
2011-01-02 03:20:32 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-01-02 03:19:33 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-01-02 03:19:33 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-01-02 03:19:33 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-01-02 03:19:31 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-01-02 03:19:30 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-01-02 03:19:30 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-01-02 03:18:20 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-01-02 03:18:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-01-02 03:18:20 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-01-02 03:18:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-01-02 03:18:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-01-02 03:18:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-01-02 03:18:19 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-01-02 03:18:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-01-02 03:18:19 471552 ----a-w- c:\windows\system32\secproc.dll
2011-01-02 02:34:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HTS542525K9SA00 rev.BBFOC32P -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x854DF439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x854e57d0]; MOV EAX, [0x854e584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E48912] -> \Device\Harddisk0\DR0[0x854BF4D8]
3 CLASSPNP[0x8A5B38B3] -> ntkrnlpa!IofCallDriver[0x81E48912] -> [0x852C6B58]
5 acpi[0x824126BC] -> ntkrnlpa!IofCallDriver[0x81E48912] -> [0x8530C8A0]
\Driver\atapi[0x854C1678] -> IRP_MJ_CREATE -> 0x854DF439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#5&f552377&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 12:14:23.46 ===============
============= FINISH: 12:14:23.46 ===============

This post has been edited by mikemusic: 29 March 2011 - 12:17 PM
Reason for edit: Moved from Vista forum to Malware Removal Logs.

BleepingComputer.com: Redirecting on google

Forum Guidelines

Redirecting on google I search on google and when I click on the link it redirects me.

#1 mikemusic

#2 SweetTech

#3 SweetTech

Share this topic:

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats