malware and redirects

Last week, a fake internet warning box kept popping up. I kept declining it, but then my internet started running slow. In my processes, there is a process called dl32.exe. It constantly crashes, and it is associated with the internet. When it crashes, I lose internet access. I have to manually click new task to open it up for internet again. This process was not there before. I have tried running virus scans, but none fix the problem. Also, whenever i visit a search engine: if i click a link, it redirects me to a random page. The only way to get to the page i want is to right click and open in new tab. Just looking for some help to fix this problem =].

Thanks!

Here is the DDS

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nick at 12:28:49.84 on Sat 05/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.548 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dl32.exe
C:\Documents and Settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicholas Laidlaw\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DL32] DL32
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\nicholas laidlaw\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - {57F02779-3D88-4958-8AD3-83C12D86ADC7}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121798764390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: jkhhe - jkhhe.dll
AppInit_DLLs: c:\windows\system32\potibubi.dll c:\windows\system32\gizehure.dll c:\windows\system32\rawuyona.dll c:\windows\system32\nagomone.dll,c:\windows\system32\wukaripa.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\potibubi.dll c:\windows\system32\wukaripa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nichol~1\applic~1\mozilla\firefox\profiles\l7493hpz.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\nicholas laidlaw\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - HiddenExtension: XUL Cache: {8F505A93-C9D2-41D8-913E-25ACE2208559} - c:\documents and settings\nicholas laidlaw\local settings\application data\{8F505A93-C9D2-41D8-913E-25ACE2208559}
FF - HiddenExtension: XUL Cache: {5BF1DE73-0A14-4B68-AFB1-1ABE1CB6E07C} - c:\windows\system32\config\systemprofile\local settings\application data\{5bf1de73-0a14-4b68-afb1-1abe1cb6e07c}\

============= SERVICES / DRIVERS ===============

R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-6-25 19072]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 IerusO;IerusO;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 xjsjcevf;Disk Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-9-3 20608]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2005-4-9 19677]
S4 Windows Action Script;Windows Action Script; [x]

=============== Created Last 30 ================

2009-05-07 20:37 14,848 a------- c:\windows\system32\DL32.EXE
2009-04-30 16:03 <DIR> --d----- c:\docume~1\nichol~1\applic~1\poydodkg
2009-04-30 15:55 0 a------- c:\windows\mqcd.dbt
2009-04-30 15:50 7,680 a------- C:\celkadaa.exe
2009-04-30 15:50 577,536 a------- c:\windows\system32\sfjjysilyf
2009-04-29 17:20 28,672 a------- c:\windows\system32\inqby.sr
2009-04-29 17:20 32,768 a------- c:\windows\system32\ferryl.cbv
2009-04-29 17:20 32,768 a------- c:\windows\system32\fairy.an
2009-04-29 17:20 79,360 a------- c:\windows\system32\ashl.nq
2009-04-29 17:20 28,672 a------- c:\windows\system32\dolman.zt
2009-04-29 17:17 <DIR> --d----- c:\windows\system32\796525
2009-04-29 17:16 205,824 a------- C:\pdtivk.exe
2009-04-29 17:16 2 a------- C:\-1473622793
2009-04-28 21:15 1,434,891 ---sh--- c:\windows\system32\odinayey.ini
2009-04-28 09:15 1,434,904 ---sh--- c:\windows\system32\olagiboy.ini
2009-04-27 21:15 1,428,359 ---sh--- c:\windows\system32\adahozum.ini
2009-04-27 09:15 1,428,359 ---sh--- c:\windows\system32\uhahimim.ini
2009-04-26 21:15 1,407,582 ---sh--- c:\windows\system32\iyawamik.ini
2009-04-26 09:15 1,407,582 ---sh--- c:\windows\system32\uhebejir.ini
2009-04-25 21:15 1,407,582 ---sh--- c:\windows\system32\igebijot.ini
2009-04-25 09:16 2,713 ---sh--- c:\windows\system32\leyiwuni.dll
2009-04-25 09:15 2,713 ---sh--- c:\windows\system32\hililomi.dll
2009-04-25 09:15 47,616 a--sh--- c:\windows\system32\yugafuga.exe
2009-04-24 21:15 1,407,582 ---sh--- c:\windows\system32\ehavewiv.ini
2009-04-24 09:14 1,407,302 ---sh--- c:\windows\system32\owokapos.ini
2009-04-23 21:14 1,407,212 ---sh--- c:\windows\system32\usozoven.ini
2009-04-16 16:34 0 a------- c:\windows\Hyiviwup.bin
2009-04-16 15:55 157,696 a------- c:\windows\obugizoyowohow.dll
2009-04-14 22:27 <DIR> --dsh--- C:\found.001
2009-04-14 22:06 1,407,757 ---sh--- c:\windows\system32\iheluboh.ini
2009-04-10 19:00 <DIR> --d----- C:\My Videos
2009-04-10 16:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MemeoCommon
2009-04-10 16:38 <DIR> --d----- c:\docume~1\nichol~1\applic~1\Memeo
2009-04-10 16:32 <DIR> --d----- c:\program files\Picasa2
2009-04-10 16:31 <DIR> --d----- c:\program files\Western Digital
2009-04-10 16:30 <DIR> --d----- c:\program files\common files\eSellerate
2009-04-10 16:30 <DIR> --d----- c:\program files\Memeo
2009-04-10 16:29 <DIR> --d----- c:\program files\Western Digital Corporation

==================== Find3M ====================

2009-05-05 23:26 2,522 a------- c:\docume~1\nichol~1\applic~1\wklnhst.dat
2009-04-30 15:50 14,336 a------- c:\windows\system32\SVCHOST.EXE
2009-04-30 15:49 47,104 a--sh--- c:\windows\system32\fidofepu.exe
2009-04-29 17:16 577,536 a------- c:\windows\system32\user32.DLL
2009-04-29 17:16 577,536 a------- c:\windows\system32\dllcache\user32.dll
2009-04-27 09:15 46,592 a--sh--- c:\windows\system32\pokeyupa.exe
2009-04-26 21:15 46,592 a--sh--- c:\windows\system32\tazinege.exe
2009-04-26 09:15 46,592 a--sh--- c:\windows\system32\teyanaze.exe
2009-04-25 21:15 46,592 a--sh--- c:\windows\system32\suyariye.exe
2009-04-24 21:14 47,616 a--sh--- c:\windows\system32\gilagapa.exe
2009-04-24 09:14 46,592 a--sh--- c:\windows\system32\tupopazo.exe
2009-04-23 21:14 46,080 a--sh--- c:\windows\system32\fayabopi.exe
2009-04-19 18:58 47,104 a--sh--- c:\windows\system32\nusoyeta.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2008-10-18 12:55 30 a------- c:\documents and settings\nicholas laidlaw\jagex_runescape_preferences.dat
2008-05-06 16:39 143,072 a------- c:\docume~1\nichol~1\applic~1\GDIPFONTCACHEV1.DAT
2006-11-05 19:25 164 a---h--- c:\documents and settings\all users\hpothb07.dat
2006-11-05 19:25 0 a---h--- c:\documents and settings\nicholas laidlaw\hpothb07.dat
2005-11-26 16:01 32 a--sh--- c:\windows\{7A9B4061-1BD3-4EB1-AB70-DF0377A29313}.dat
2005-09-15 15:10 408,121 a--sh--- c:\windows\security\logs\elosii.bak1
2006-01-16 18:09 439,662 a--sh--- c:\windows\security\logs\elosii.bak2
2006-01-07 22:28 453,919 a--sh--- c:\windows\security\logs\elosii.ini2
2005-11-26 16:01 32 a--sh--- c:\windows\system32\{CDF7DBB0-9EE7-417A-9AF9-DAC0464C51D8}.dat

============= FINISH: 12:29:29.29 ===============

Attached Files

Attach.zip (5.7 KB)