Solved Google redirect - on every PC in the house

[merm8fan]

Latest MBR check, pre-reboot

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BAB000 aliide.sys
0xF7BAD000 cmdide.sys
0xF7BAF000 toside.sys
0xF7BB1000 viaide.sys
0xF7BB3000 intelide.sys
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7AC7000 cpqarray.sys
0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75F8000 atapi.sys
0xF7ACB000 aha154x.sys
0xF7937000 sparrow.sys
0xF7ACF000 symc810.sys
0xF76D7000 aic78xx.sys
0xF7AD3000 dac960nt.sys
0xF76E7000 ql10wnt.sys
0xF7AD7000 amsint.sys
0xF793F000 asc.sys
0xF7ADB000 asc3550.sys
0xF7947000 mraid35x.sys
0xF794F000 i2omp.sys
0xF7ADF000 ini910u.sys
0xF76F7000 ql1240.sys
0xF7707000 aic78u2.sys
0xF7957000 symc8xx.sys
0xF795F000 sym_hi.sys
0xF7967000 sym_u3.sys
0xF796F000 ABP480N5.SYS
0xF7977000 asc3350p.sys
0xF7BB5000 cd20xrnt.sys
0xF7717000 ultra.sys
0xF75DF000 adpu160m.sys
0xF797F000 dpti2o.sys
0xF7727000 ql1080.sys
0xF7737000 ql1280.sys
0xF7747000 ql12160.sys
0xF7987000 perc2.sys
0xF7BB7000 perc2hib.sys
0xF798F000 hpn.sys
0xF7AE3000 cbidf2k.sys
0xF75B3000 dac2w2k.sys
0xF7757000 disk.sys
0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7593000 fltMgr.sys
0xF7581000 sr.sys
0xF755D000 Fastfat.sys
0xF7546000 KSecDD.sys
0xF7519000 NDIS.sys
0xF7777000 sisagp.sys
0xF7787000 viaagp.sys
0xF74FF000 Mup.sys
0xF7797000 alim1541.sys
0xF77A7000 amdagp.sys
0xF77B7000 agp440.sys
0xF77C7000 agpCPQ.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6C9E000 \SystemRoot\system32\DRIVERS\athw.sys
0xF6C87000 \SystemRoot\system32\DRIVERS\jmcr.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CDF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C04000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BE1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6B83000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
0xF7887000 \SystemRoot\system32\drivers\drmk.sys
0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D46000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7907000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF745D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA22F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AAF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D29000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9DA6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9B0F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9875000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9A87000 \SystemRoot\system32\drivers\sysaudio.sys
0xA94AE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA90AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA1CF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
676 C:\WINDOWS\System32\smss.exe
736 csrss.exe
760 C:\WINDOWS\System32\winlogon.exe
804 C:\WINDOWS\System32\services.exe
816 C:\WINDOWS\System32\lsass.exe
980 C:\WINDOWS\System32\svchost.exe
1044 svchost.exe
1104 C:\WINDOWS\System32\svchost.exe
1188 svchost.exe
1272 svchost.exe
1444 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1792 C:\WINDOWS\System32\spoolsv.exe
516 svchost.exe
664 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
724 C:\WINDOWS\Explorer.EXE
820 C:\Program Files\Bonjour\mDNSResponder.exe
1140 C:\Program Files\Java\jre6\bin\jqs.exe
244 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1528 C:\WINDOWS\System32\svchost.exe
556 C:\WINDOWS\System32\wuauclt.exe
1264 C:\WINDOWS\RTHDCPL.EXE
1228 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1888 C:\Program Files\Launch Manager\QtZgAcer.EXE
2148 C:\Program Files\iTunes\iTunesHelper.exe
2160 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2192 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2236 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2252 C:\WINDOWS\System32\ctfmon.exe
2348 C:\WINDOWS\System32\igfxext.exe
2388 C:\WINDOWS\System32\igfxsrvc.exe
2660 alg.exe
2900 C:\Program Files\iPod\bin\iPodService.exe
3180 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
2540 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

[merm8fan]

MBR check, post reboot.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BAB000 aliide.sys
0xF7BAD000 cmdide.sys
0xF7BAF000 toside.sys
0xF7BB1000 viaide.sys
0xF7BB3000 intelide.sys
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7AC7000 cpqarray.sys
0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75F8000 atapi.sys
0xF7ACB000 aha154x.sys
0xF7937000 sparrow.sys
0xF7ACF000 symc810.sys
0xF76D7000 aic78xx.sys
0xF7AD3000 dac960nt.sys
0xF76E7000 ql10wnt.sys
0xF7AD7000 amsint.sys
0xF793F000 asc.sys
0xF7ADB000 asc3550.sys
0xF7947000 mraid35x.sys
0xF794F000 i2omp.sys
0xF7ADF000 ini910u.sys
0xF76F7000 ql1240.sys
0xF7707000 aic78u2.sys
0xF7957000 symc8xx.sys
0xF795F000 sym_hi.sys
0xF7967000 sym_u3.sys
0xF796F000 ABP480N5.SYS
0xF7977000 asc3350p.sys
0xF7BB5000 cd20xrnt.sys
0xF7717000 ultra.sys
0xF75DF000 adpu160m.sys
0xF797F000 dpti2o.sys
0xF7727000 ql1080.sys
0xF7737000 ql1280.sys
0xF7747000 ql12160.sys
0xF7987000 perc2.sys
0xF7BB7000 perc2hib.sys
0xF798F000 hpn.sys
0xF7AE3000 cbidf2k.sys
0xF75B3000 dac2w2k.sys
0xF7757000 disk.sys
0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7593000 fltMgr.sys
0xF7581000 sr.sys
0xF755D000 Fastfat.sys
0xF7546000 KSecDD.sys
0xF7519000 NDIS.sys
0xF7777000 sisagp.sys
0xF7787000 viaagp.sys
0xF74FF000 Mup.sys
0xF7797000 alim1541.sys
0xF77A7000 amdagp.sys
0xF77B7000 agp440.sys
0xF77C7000 agpCPQ.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6C9E000 \SystemRoot\system32\DRIVERS\athw.sys
0xF6C87000 \SystemRoot\system32\DRIVERS\jmcr.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CDF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C04000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BE1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6B83000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
0xF7887000 \SystemRoot\system32\drivers\drmk.sys
0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D46000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7907000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF745D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA233000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AAF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D29000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9DA6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9A97000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA96CB000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79E7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA9396000 \SystemRoot\system32\drivers\wdmaud.sys
0xA97AA000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7C49000 \SystemRoot\system32\drivers\splitter.sys
0xA9373000 \SystemRoot\system32\drivers\aec.sys
0xA97DA000 \SystemRoot\system32\drivers\swmidi.sys
0xAA25F000 \SystemRoot\system32\drivers\DMusic.sys
0xA9348000 \SystemRoot\system32\drivers\kmixer.sys
0xF7CC4000 \SystemRoot\system32\drivers\drmkaud.sys
0xA9215000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
676 C:\WINDOWS\System32\smss.exe
732 csrss.exe
756 C:\WINDOWS\System32\winlogon.exe
800 C:\WINDOWS\System32\services.exe
812 C:\WINDOWS\System32\lsass.exe
980 C:\WINDOWS\System32\svchost.exe
1044 svchost.exe
1100 C:\WINDOWS\System32\svchost.exe
1164 svchost.exe
1264 svchost.exe
1448 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1784 C:\WINDOWS\System32\spoolsv.exe
540 svchost.exe
572 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
604 C:\Program Files\Bonjour\mDNSResponder.exe
600 C:\Program Files\Java\jre6\bin\jqs.exe
1156 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1212 C:\WINDOWS\System32\svchost.exe
500 alg.exe
2540 C:\WINDOWS\Explorer.EXE
2820 C:\WINDOWS\RTHDCPL.EXE
2860 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2872 C:\Program Files\Launch Manager\QtZgAcer.EXE
2976 C:\Program Files\iTunes\iTunesHelper.exe
2992 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3016 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3052 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3076 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3092 C:\WINDOWS\System32\ctfmon.exe
3184 C:\WINDOWS\System32\igfxext.exe
3248 C:\WINDOWS\System32\igfxsrvc.exe
3484 C:\Program Files\iPod\bin\iPodService.exe
3596 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
2768 C:\Program Files\Mozilla Firefox\firefox.exe
3420 C:\Program Files\Mozilla Firefox\plugin-container.exe
2032 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[crunchie]

XP CD would be nice. We can then use it to repair the MBR.

Try this instead:

Please download Mebrootfix.exe by noahdfear and save to your desktop
Close out all other open programs and windows.
Double-click on it to run the tool and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, go to > Run..., and in the Open dialog box, type: helpasst -mbrt
Make sure you leave a space between helpasst -mbrt.
Click OK or press Enter.
HelpAsst fix will create and open a log when done.
Copy and paste the contents of that log into your next reply.
In the event the tool does not detect an mbr infection and completes, do this:
Go to > Run> in the Open dialog box type: mbr -f
Click OK or press Enter.
Now, please do the Start > Run > mbr -f command a second time.
Shut down the computer (do not restart, but shut it down). Wait about five minutes, then start it back up.
After restart go to > Run > in the Open dialog box, type: helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt.
Click OK or press Enter.
HelpAsst fix will create and open a log when done.
Copy and paste the contents of that log into your next reply.

 

[merm8fan]

The url for the download at the start of your last post results in a 'Bad Request / 404 Not Found' message.

 

[crunchie]

Try now...........

 

[merm8fan]

Tool did not detect an infection, proceeded with scenario 2

C:\Documents and Settings\Mar\Desktop\HelpAsst_mebroot_fix.exe
Tue 09/07/2010 at 2:25:15.25

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~


HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Tue 09/07/2010 at 2:44:47.07

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

 

[crunchie]

Looks like the MBR is ok. Are you still being re-directed on this PC?

Have you run Bootkit Remover on the other PC's?

 

[merm8fan]

Yes, still being redirected

Clicking a Google search result for an ESPN (go.espn.com) article resulted in a new browser tab being opened. The 'activity' info on the bottom left of the browser window said 'waiting for results5.google.com' and the actual url for the tab went through a few different identities before ending up at a Liberty Mutual page for a coach of the year contest (http://www.coachoftheyear.com/?src=lmcm-s-lks1005000394) - actually one of the more legitimate sites it has ever redirected to, but still not what I clicked on.

As for my other PCs, no - I have not run bootkit on them. Is that recommended, when it failed to fix the issue on this netbook? I figured that it would be easier to diagnose an issue on this machine, with far less programs, files, data, etc. than it would be to run the various scans on the 'bigger' PCs.

Let me know if you want me to switch to a different machine or go ahead and run bootkit on the others. I am a bit curious as to why the issue is common amongst all of them, and is still happening on this one, too.

Thanks again for all of your help so far!

 

[crunchie]

No worries.

Are these machines networked together? If so, they can end up re-infecting each other.

=======

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

============

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

 

[merm8fan]

We do not have a home network set up. We have a single DSL modem and a single router for wired and wireless internet, though, so all PCs connect to the web via the same modem/router pair.

I will run the two new downloads now.

 

[merm8fan]

GooredFix log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 03:46 on 07/09/2010 (Mar)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:21 23/05/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [03:20 14/06/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [03:54 16/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [05:39 20/08/2010]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [06:35 05/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [06:58 13/11/2009]

C:\Documents and Settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [05:06 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:23 09/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:19 14/06/2009]

-=E.O.F=-

 

[merm8fan]

SecurityCheck log

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[crunchie]

Looks ok.

Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.

Reboot and check for the re-directs again.

 

[merm8fan]

OK, I am feeling pretty dense here. The DelDomains.inf only saves as a txt file, which does not have an 'install' option when right-clicked. I also tried saving as type All Files, and it still ended up a txt, and I tried opening in Explorer, but still no 'install' option.

What am I missing?

 

[crunchie]

Right click the file to download and then save it to a destination. Mine is the desktop.
Which browser are you using to download? SS's are from IE.

 

[merm8fan]

I use Firefox as a default, I will try again with IE. It was saving to my desktop fine, just as a .txt file. BRB

 

[merm8fan]

OK, the DelDomains file worked as expected via IE, but upon reboot and recheck of the browser - the redirects are still happening. Checked in both IE and Firefox, and was still redirected off google and yahoo results.

 

[crunchie]

Ok. Please delete the version of combofix you have on there now, then download the latest and we will see if anything else is picked up.
Same link as before will work.

 

[merm8fan]

ComboFix deleted and re-downloaded, log below

ComboFix 10-09-08.01 - Mar 09/08/2010 22:14:52.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.667 [GMT -6:00]
Running from: c:\documents and settings\Mar\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-06 21:25 . 2010-09-06 21:25 -------- d-----w- c:\program files\7-Zip
2010-09-06 02:33 . 2010-09-06 02:33 -------- d-----w- c:\program files\ESET
2010-09-05 21:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 21:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 05:40 . 2010-08-20 05:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 06:02 . 2010-08-16 06:02 503808 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcp71.dll
2010-08-16 06:02 . 2010-08-16 06:02 499712 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\jmc.dll
2010-08-16 06:02 . 2010-08-16 06:02 348160 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcr71.dll
2010-08-16 06:02 . 2010-08-16 06:02 61440 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-sse.dll
2010-08-16 06:02 . 2010-08-16 06:02 12800 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 22:10 . 2010-01-13 05:33 284 ----a-w- c:\documents and settings\Mar\Application Data\wklnhst.dat
2010-09-05 05:45 . 2009-05-14 04:21 90112 ----a-w- c:\windows\DUMP2c01.tmp
2010-08-30 03:16 . 2010-04-30 07:19 63488 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 03:16 . 2010-04-30 07:18 117760 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-06 06:04 . 2010-08-06 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-17 11:00 . 2010-04-16 03:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2008-11-27 01:22 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-08-06 06:06 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-05-14 05:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-14 05:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-14 05:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-14 05:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-14 05:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-14 05:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-14 05:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-14 05:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:15 . 2008-11-27 01:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-11-27 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-11-27 01:21 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2008-11-27 01:22 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-27 01:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-11-27 01:21 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-11-27 01:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2008-11-27 01:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-05_21.58.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-08 05:01 . 2010-09-08 05:01 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-05 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2009 11:34 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2009 11:34 PM 17744]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/26/2008 7:22 PM 96856]
.
Contents of the 'Scheduled Tasks' folder

2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 22:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(660)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-08 22:23:14
ComboFix-quarantined-files.txt 2010-09-09 04:23
ComboFix2.txt 2010-09-05 22:01

Pre-Run: 393,228,288 bytes free
Post-Run: 403,537,920 bytes free

- - End Of File - - E0E8F5150DA70B58660032EA9277F1C0

 

[crunchie]

Any difference?

 

[merm8fan]

Sorry for the delayed response!

No change - in fact, even just clicking the techspot 'post reply' button resulted in a new IE window being opened. This is another type of redirect that I run into. The original window/tab goes to the intended destination, but something pops a whole new window/tab and that one redirects just as if I had clicked a Google/Yahoo/Bing search result link.

The URL was first: http://results.googlesyndication.com/

And ended up at Argosy University: http://www.argosy.edu/LP/1208/education.aspx?source=LKSMT&cid=SERCH_AUWA_096_SRCH_003&keyword=[*searchterm*]&publisherSite=DS[*Part_Site*]&DS_KWID=[*KeywordID*]

 

[crunchie]

Please go to: Start | Run and type cmd then hit enter. At the C prompt type ipconfig /flushdns and hit enter.

Please update MBA-M and do a full scan and post the results.

 

[merm8fan]

Did the flushdns, but am still unable to update MBAM - same error of 'MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)'

I was able to uninstall and reinstall MBAM, which resulted in a newer version, though. Here's the log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/15/2010 3:26:15 PM
mbam-log-2010-09-15 (15-26-15).txt

Scan type: Quick scan
Objects scanned: 111289
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[merm8fan]

Ooops! Here's the log of the FULL scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/15/2010 3:54:54 PM
mbam-log-2010-09-15 (15-54-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 141900
Time elapsed: 20 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[crunchie]

Try a manual update from http://malwarebytes.gt500.org/ and also have a look here:
http://forums.malwarebytes.org/index.php?showtopic=10138