Inactive Redirecting and crashing on search

[melv1985]

Hello,
My name is Mario, and I am working on my job pc. Our tech person is not coming regularly to work so I'm trying to fix it. I've been having problems when browsing online. I have google chrome and it has been redirecting my search from time to time and now its been crashing from time to time too. The Antivirus on this pc is Microsoft Security Essentials and I can not open it because its blocked. I guess I have some sort of spyware. I try to follow the 8 step spyware removal but after the steps I still have the same problem. Anyway I can fix this by my own with some help?

Thanks

 

[Bobbye]

Welcome to TechSpot Mario. It is not unusual for the preliminary scans not to handle all malware- but it's a start. If you ran the scans, I need to see the logs. Please paste them in your next reply.

If you need the links again:
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[melv1985]

Thanks

here are the logs


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-04 09:41:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD8000AARS-00Y5B1 rev.80.00A80
Running: ueffewdr.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxlyypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? kykravx.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB58A0000, 0x2326C7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

---- EOF - GMER 1.0.15 ----

next one is:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2010 6:16:00 AM
System Uptime: 5/4/2011 10:21:18 AM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 880GM-E43 (MS-7596)
Processor: AMD Athlon(tm) II X2 210e Processor | CPU1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 648 GiB total, 605.093 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 97.596 GiB free.
E: is CDROM ()
Q: is NetworkDisk (NTFS) - 931 GiB total, 751.093 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&102BC33E&0&0001
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&102BC33E&0&0001
Service:
.
==== System Restore Points ===================
.
RP1: 4/25/2011 8:21:17 AM - System Checkpoint
RP2: 4/25/2011 9:13:58 AM - Software Distribution Service 3.0
RP3: 4/26/2011 1:16:49 PM - System Checkpoint
RP4: 4/27/2011 2:38:47 PM - System Checkpoint
RP5: 4/27/2011 3:52:45 PM - Software Distribution Service 3.0
RP6: 4/29/2011 9:36:40 AM - System Checkpoint
RP7: 5/2/2011 10:58:44 AM - System Checkpoint
RP8: 5/3/2011 10:16:45 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Reader X (10.0.1)
AMD Processor Driver
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Crystal Reports 2008 Runtime SP1
CutePDF Writer 2.8
FormatFactory 2.60
Free M4a to MP3 Converter 6.2
Freecorder
Freecorder Toolbar
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
InfraRecorder
iTunes
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.7)
Peachtree Accounting 2011
PeachTree Signature Ready Forms
Pervasive PSQL v10 SP2 Workgroup (32-bit)
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Sage Exchange
Sage Integration Services
Sage Message Center
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB982132)
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
VLC media player 1.1.5
WD Align - Powered by Acronis
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Internet Explorer 8
Windows Media Format 11 runtime
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/4/2011 9:51:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Fips MpFilter
5/4/2011 9:16:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Pervasive PSQL Workgroup Engine service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 8:52:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/2/2011 3:11:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


and last one i do not have which is malaware bytes I have uninstalled

 

[melv1985]

Sorry

But After using the 8 step and not seeing improvement I spoke with some friends and one suggested me spyware doctor or something like that. I installed it and did but It asked to register so I uninstalled it.

 

[Bobbye]

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry

It is not unusual for the preliminary scan to find and remove all malware. But the logs from the scans show us what is on the system and help us determine what should be done next.

Please find the other log for DDS, named DDS.txt and paste intro your next reply.
=======================================================

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware from from HERE
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
  * When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  [o] If you accidentally close it, the log file is saved here and will be named like this:
  [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

========================
I don't have enough information to determine if the redirects and crashes are related. Please follow the instructions I have given.