Search redirect virus

Hello, When I search on google or yahoo I get redirected to a different site it
has been happening for a couple days now
I full scanned using Malwarebytes' Anti-Malware and it found a trojan and removed
it but it still redirects the links

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 10:45:46.04 on Thu 09/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.163 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.ALO.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [readericon10] c:\program files\multimedia card reader\readericon10.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Download All using 4shared Desktop
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\idmmbc.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.000\applic~1\mozilla\firefox\profiles\7s5vudf7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\administrator.alo.000\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\administrator.alo.000\application data\mozilla\firefox\profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-8-25 76768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-28 10640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-3 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-3 20952]
S0 cerc6;cerc6; [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 1.1.14.3, 06/11/2010;c:\windows\system32\drivers\libusb0.sys [2010-6-14 21504]

=============== Created Last 30 ================

2010-09-09 01:13:35 33 ----a-w- c:\windows\EasyRip.ini
2010-09-08 05:11:31 0 d-----w- c:\docume~1\alluse~1.win\applic~1\IObit
2010-09-07 23:13:51 0 d-----w- c:\docume~1\admini~1.000\applic~1\IObit
2010-09-07 23:13:50 0 d-----w- c:\program files\IObit
2010-09-07 22:55:17 0 d-----w- c:\docume~1\admini~1.000\applic~1\Auslogics
2010-09-07 22:52:18 0 d-----w- c:\program files\Auslogics
2010-09-05 07:18:38 0 d-----w- c:\docume~1\alluse~1.win\applic~1\MusicMP3Downloader
2010-09-05 07:18:38 0 d-----w- c:\docume~1\admini~1.000\applic~1\MusicMP3Downloader
2010-09-05 07:17:26 0 d-----w- c:\program files\MusicMp3Downloader
2010-09-04 04:08:46 0 d-----w- c:\docume~1\admini~1.000\applic~1\TuneUp Software
2010-09-04 04:08:12 0 d-----w- c:\docume~1\alluse~1.win\applic~1\TuneUp Software
2010-09-04 04:08:01 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-04 03:52:56 0 d-----w- c:\program files\CCleaner
2010-09-04 00:01:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 00:01:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 00:01:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-02 03:47:47 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-09-02 03:47:46 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-02 03:47:46 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-02 03:47:42 0 d-----w- c:\program files\ffdshow
2010-09-02 03:24:27 0 d-----w- c:\docume~1\admini~1.000\applic~1\BSplayer PRO
2010-09-02 03:24:25 0 d-----w- c:\program files\Webteh
2010-09-01 07:19:42 0 d-----w- c:\program files\LimeWire
2010-09-01 00:49:01 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-08-31 17:53:10 200704 ----a-w- c:\windows\Dtysya.exe
2010-08-31 17:52:50 75776 --sha-r- c:\windows\system32\nbtstatf.dll
2010-08-31 17:44:23 0 d-----w- c:\docume~1\admini~1.000\applic~1\Xilisoft
2010-08-31 09:26:23 69 ----a-w- c:\windows\NeroDigital.ini
2010-08-31 08:01:34 39 ----a-w- c:\windows\Irremote.ini
2010-08-31 07:22:28 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Nero
2010-08-31 06:32:35 87608 ----a-w- c:\docume~1\admini~1.000\applic~1\inst.exe
2010-08-31 06:32:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-31 06:32:35 47360 ----a-w- c:\docume~1\admini~1.000\applic~1\pcouffin.sys
2010-08-30 15:41:08 0 d--h--w- c:\windows\PIF
2010-08-30 07:43:51 0 d-----w- c:\docume~1\admini~1.000\applic~1\IDM
2010-08-30 07:11:25 33 ----a-w- c:\windows\DownloadStudioScheduleMonitor.INI
2010-08-30 05:28:47 0 d-----w- c:\program files\Internet Download Manager
2010-08-30 04:19:34 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab Setup Files
2010-08-30 01:28:50 0 d-----w- c:\docume~1\admini~1.000\applic~1\MozillaControl
2010-08-30 01:26:42 0 d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
2010-08-30 01:24:46 0 d-----w- C:\aidualc3
2010-08-29 22:51:21 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SpeedBit
2010-08-27 08:59:48 0 d-----w- c:\docume~1\admini~1.000\applic~1\DMCache
2010-08-25 14:40:03 76768 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-08-22 23:32:00 0 d-----w- c:\documents and settings\administrator.alo.000\dwhelper
2010-08-16 08:51:46 0 d-----w- c:\program files\Free M4a to MP3 Converter

==================== Find3M ====================

2010-08-22 20:38:48 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 03:43:28 37888 ----a-w- c:\windows\system32\libusb0.dll

============= FINISH: 10:46:35.48 ===============

Edited by alo, 09 September 2010 - 02:08 PM.

Good evening.

I see no sign of either an anti-virus or a third-party firewall installed on your system - how long has this been the case?

Thanks for the fast reply Noviciate

It has been four or five days since I deleted my anti-virus software because I just use
Malwarebytes' Anti-Malware and a firewall I do not know anything about that

Which AV were you using and was it still updating itself when you dumped it?

I was using Avira AntiVir and I did not update it much. I think I did not update
it for a week before I deleted it

The first thing you're going to need to do is to get an active anti-virus. The three usual options are:

AVG Free Edition: Available here.
avast! 4 Home Edition: Available here
AntiVir Personal Edition Classic : Available here

Pick your choice, update it and run a full system scan and allow it to delete whatever it finds. Once done, let me know and we'll take a look at whatever's left to deal with.

I downloaded avast! 4 Home Edition and ran a full scan it found 3 infected files
and was able to delete them

They were win32:buzus-amq,win32:malob-bx, and win32:spyware-gen

Edit: Also my computer just restarted itself randomly while on the internet

Edited by alo, 10 September 2010 - 04:38 AM.

Good evening.


That could be a symptom of the infection.

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

• Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
• When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
• Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

My computer is running about the same have not had a random crash in a couple hours
so all seems fine

Edit: My computer just restarted randomly again

Here is the log from combofix

ComboFix 10-09-09.04 - Administrator 09/10/2010 12:17:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.159 [GMT -7:00]
Running from: c:\documents and settings\Administrator.ALO.000\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.ALO.000\Application Data\inst.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\DiCMEBb0T.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\IR80F.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\N2011aqo.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\T5pVyc.jpg

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 11:28 . 2010-09-10 11:28 52224 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-10 11:28 . 2010-09-10 11:28 117760 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-10 11:28 . 2010-09-10 11:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-09-10 11:28 . 2010-09-10 11:28 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\SUPERAntiSpyware.com
2010-09-09 22:17 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-09 22:17 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-09 22:17 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-09 22:17 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-09 22:17 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-09 22:17 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-09 22:17 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-09 22:16 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-09 22:16 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-09 22:16 . 2010-09-09 22:16 -------- d-----w- c:\program files\Alwil Software
2010-09-09 17:29 . 2010-08-30 21:33 43008 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-09 17:29 . 2010-08-30 21:33 338944 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-09 17:29 . 2010-08-30 21:34 1496064 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-09 17:29 . 2010-08-30 21:33 346112 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-08 05:11 . 2010-09-08 05:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2010-09-08 03:25 . 2010-09-08 03:25 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Local Settings\Application Data\Microsoft Help
2010-09-08 03:24 . 2010-09-08 03:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-09-07 23:13 . 2010-09-07 23:39 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\IObit
2010-09-07 23:13 . 2010-09-07 23:13 -------- d-----w- c:\program files\IObit
2010-09-07 22:55 . 2010-09-09 01:52 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Auslogics
2010-09-07 22:52 . 2010-09-07 22:52 -------- d-----w- c:\program files\Auslogics
2010-09-05 07:18 . 2010-09-05 07:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MusicMP3Downloader
2010-09-05 07:18 . 2010-09-05 07:18 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\MusicMP3Downloader
2010-09-05 07:17 . 2010-09-05 07:18 -------- d-----w- c:\program files\MusicMp3Downloader
2010-09-04 15:50 . 2010-09-04 15:50 247136 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
2010-09-04 05:00 . 2010-09-04 05:00 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\TuneUp Software
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\TuneUp Software
2010-09-04 04:08 . 2010-09-07 21:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software
2010-09-04 04:08 . 2010-09-04 04:08 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-04 00:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 00:01 . 2010-09-04 00:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 00:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 03:47 . 2010-07-26 17:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-02 03:47 . 2010-09-02 03:47 -------- d-----w- c:\program files\ffdshow
2010-09-02 03:25 . 2009-08-12 04:21 1021440 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\BSplayer PRO\AC3 Filter\ac3filter_intl.dll
2010-09-02 03:24 . 2010-09-02 03:43 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\BSplayer PRO
2010-09-02 03:24 . 2010-09-02 03:43 -------- d-----w- c:\program files\Webteh
2010-09-01 07:19 . 2010-09-09 08:29 -------- d-----w- c:\program files\LimeWire
2010-09-01 00:49 . 2009-01-29 02:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-08-31 17:44 . 2010-08-31 17:44 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Local Settings\Application Data\Xilisoft
2010-08-31 17:44 . 2010-08-31 17:44 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Xilisoft
2010-08-31 09:19 . 2010-08-31 09:23 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Nero
2010-08-31 07:22 . 2010-08-31 12:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-08-31 06:32 . 2010-08-31 06:44 47360 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\pcouffin.sys
2010-08-31 06:32 . 2010-08-31 06:32 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-31 06:32 . 2010-08-31 06:44 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Vso
2010-08-30 15:41 . 2010-08-30 15:41 -------- d--h--w- c:\windows\PIF
2010-08-30 07:46 . 2010-09-04 15:50 251232 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-08-30 07:43 . 2010-09-05 20:15 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\IDM
2010-08-30 05:28 . 2010-09-07 23:35 -------- d-----w- c:\program files\Internet Download Manager
2010-08-30 04:19 . 2010-08-30 04:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-08-30 02:45 . 2010-09-07 23:35 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Local Settings\Application Data\WinAVI
2010-08-30 01:28 . 2010-09-02 01:33 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\MozillaControl
2010-08-30 01:26 . 2010-08-30 01:26 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
2010-08-30 01:24 . 2010-09-02 01:33 -------- d-----w- C:\aidualc3
2010-08-29 22:51 . 2010-08-29 22:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit
2010-08-27 08:59 . 2010-09-10 19:12 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\DMCache
2010-08-25 14:40 . 2010-08-25 14:36 76768 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-08-22 23:32 . 2010-08-22 23:35 -------- d-----w- c:\documents and settings\Administrator.ALO.000\dwhelper
2010-08-20 23:06 . 2010-08-20 23:06 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2010-08-16 08:51 . 2010-08-16 08:51 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-08-14 08:50 . 2010-08-14 08:50 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 08:50 . 2010-08-14 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 11:31 . 2009-09-04 14:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-10 09:36 . 2010-03-29 02:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-09-09 08:54 . 2010-03-07 02:40 471040 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v4jjs4oc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-09-09 08:54 . 2010-03-06 20:53 73728 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
2010-09-09 08:54 . 2010-03-06 20:53 102400 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2010-09-09 08:54 . 2010-03-06 20:53 8462336 ----a-w- c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
2010-09-09 00:27 . 2010-03-26 15:23 20408 ----a-w- c:\documents and settings\Administrator.ALO.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 02:47 . 2009-09-04 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 02:00 . 2010-04-26 05:15 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\vlc
2010-09-05 09:02 . 2010-07-26 00:17 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\dvdcss
2010-09-01 01:03 . 2010-07-13 09:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-31 19:54 . 2010-07-02 19:21 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Epson
2010-08-31 19:52 . 2010-07-02 17:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\EPSON
2010-08-31 00:55 . 2010-07-26 00:25 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\Media Player Classic
2010-08-22 20:38 . 2008-04-13 23:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-08-14 08:52 . 2010-03-06 21:56 -------- d-----w- c:\program files\QuickTime
2010-08-14 08:51 . 2010-04-14 06:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-08-14 01:18 . 2010-07-13 09:46 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-07 21:30 . 2010-08-07 06:57 1 ----a-w- c:\documents and settings\Administrator.ALO.000\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 06:56 . 2010-08-07 06:56 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\OpenOffice.org
2010-08-03 11:05 . 2010-07-13 09:12 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\AVS4YOU
2010-07-29 06:41 . 2010-07-10 04:52 64216 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-26 08:48 . 2010-07-26 08:48 -------- d-----w- c:\program files\Babylon
2010-07-26 00:01 . 2010-07-26 00:01 -------- d-----w- c:\program files\AC3Filter
2010-07-14 08:00 . 2010-07-14 08:00 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\DVDforger
2010-07-14 07:58 . 2010-07-14 07:58 -------- d-----w- c:\program files\Haali
2010-07-14 07:57 . 2010-04-03 05:52 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-14 07:52 . 2010-07-14 07:51 -------- d-----w- c:\documents and settings\Administrator.ALO.000\Application Data\avidemux
2010-07-13 09:46 . 2010-07-13 09:46 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-13 09:35 . 2010-07-13 09:16 -------- d-----w- c:\program files\Common Files\wsm
2010-07-13 09:12 . 2010-07-13 09:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2010-06-30 12:31 . 2008-04-13 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-13 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2008-04-13 23:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-13 23:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-13 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-03-26 12:57 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-13 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-08-25 14:36 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-10 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/9/2010 3:17 PM 165584]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [8/25/2010 7:40 AM 76768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2010 3:17 PM 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/28/2010 1:43 AM 10640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/3/2010 5:01 PM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/3/2010 5:01 PM 20952]
S0 cerc6;cerc6; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 1.1.14.3, 06/11/2010;c:\windows\system32\drivers\libusb0.sys [6/14/2010 9:13 PM 21504]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-07 21:11]

2010-09-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-09-07 18:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: &Download All using 4shared Desktop
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrator.ALO.000\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator.ALO.000\Application Data\Mozilla\Firefox\Profiles\7s5vudf7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\f2b15147-976a-4cc2-b4a4-d9f3168ecbbb.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 12:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{148c1a30-91e2-428c-b867-0575c5c799f6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f1
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):52,c1,bb,99,4f,5c,1d,a5,2c,87,8f,35,b7,db,6c,6e,83,3b,e1,85,d2,
e0,59,4b,75,1a,5f,0b,03,85,19,ea,bb,a9,17,13,db,29,0f,f7,00,00,00,00,00,00,\
.
Completion time: 2010-09-10 12:27:19
ComboFix-quarantined-files.txt 2010-09-10 19:27

Pre-Run: 27,067,564,032 bytes free
Post-Run: 27,800,248,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 742B363E893C762CB668D9D78FF3A3DC

Edited by alo, 10 September 2010 - 03:03 PM.

When the PC blue screens, what error code does it give?

It does not blue screen just restarts like a normal restart but at random times
and it only happens when I am on the internet if I am offline it never restarts
itself

Edited by alo, 11 September 2010 - 01:05 AM.

Good evening.

Try the following:

• Right-click My Computer.
• Select Properties.
• Select the Advanced tab.
• Under Startup and Recovery, click Settings.
• Under System failure, clear the option to Automatically restart.
• Click OK.

Unless the box is already unchecked, the next time your PC shuts down it should display an error message which i'll want to know about - there should be a code number indicating the general cause.

It says

IRQL_NOT_LESS_OR_EQUAL
Stop 0x0000000A(0x393038CD,0x00000001,0x804E2EBD)

How long has it been since the machine started these restarts?

It has been about 2 days since it started

Edited by alo, 11 September 2010 - 08:32 PM.