Jump to content

Search Redirect


Recommended Posts

Hi,

This does not happen very often, but it does happen from time to time and I am sure there is something on my system hidden.

Malwarebyte's shows 0 infections, and the computer runs just fine, but the odd search will take me to an undesired page. Usually a page trying to use my search terms to show content on their site. Clicking back and searching again takes me to the search results as expected.

I have attached my MBAM, DDS and GMER logs.

Thank you in advance. :)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5424

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

30/12/2010 4:28:39 PM

mbam-log-2010-12-30 (16-28-39).txt

Scan type: Quick scan

Objects scanned: 166088

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFSx86

Run by Nick at 16:32:00.26 on 30/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.894.325 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Symantec\pcAnywhere\Winaw32.exe

C:\Program Files\Symantec\pcAnywhere\SessionController.exe

C:\Program Files\Symantec\pcAnywhere\awrem32.exe

C:\Program Files\Symantec\pcAnywhere\awrem32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.softmoc.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:55636

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\nick\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [u5hBRj8JOP] control.exe "c:\program files\jupr3nnm\U5hBRj8JOP.cpl",0,1

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [bell Canada Connection Manager] "c:\program files\bell\mobile connect\BellCanadaCM.exe" -a

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://100.100.100.110/DVROcxEx.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217860603866

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {A2DE4D02-9D26-41BB-B366-7BC60B6B8DA2} = 100.100.100.35,100.100.100.35

Notify: AtiExtEvent - Ati2evxx.dll

Notify: PCANotify - PCANotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: WinLiveContact - {b6ca44c3-5f6e-4080-816a-91e7d0fc015f} - c:\program files\common files\win\WinLiveContact.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\15ux4vlc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\nick\application data\mozilla\firefox\profiles\15ux4vlc.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\documents and settings\nick\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org

FF - Ext: OpenDownload: {210249CE-F888-11DD-B868-4CB456D89593} - %profile%\extensions\{210249CE-F888-11DD-B868-4CB456D89593}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]

R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-8-27 143248]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-8-27 41936]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-11-20 82944]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504]

R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]

S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-6-8 17408]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174592]

S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2010-5-23 169240]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-9-26 36928]

S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2010-5-23 120088]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 100560]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-24 14:42:26 315904 ----a-w- c:\windows\IsUninst.exe

2010-12-22 17:45:09 -------- d-----w- c:\program files\Outlook Recovery Toolbox

2010-12-22 17:41:41 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Recovery Toolbox for Outlook

2010-12-22 17:41:34 140824 ----a-w- c:\windows\system32\secman.dll

2010-12-21 21:31:52 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Secunia PSI

2010-12-21 21:31:15 -------- d-----w- c:\program files\Secunia

2010-12-21 21:24:14 2910208 ----a-w- c:\windows\system32\Redemption.dll

2010-12-21 21:10:14 -------- d-----w- c:\program files\JuPR3NNm

2010-12-21 20:54:56 -------- d-----w- c:\program files\SysTools OST Recovery

2010-12-21 20:53:38 -------- d-----w- c:\docume~1\nick\applic~1\Kernel Ost to Pst (Evaluation Version)

2010-12-21 20:51:37 -------- d-----w- c:\program files\common files\Win

2010-12-18 05:25:09 -------- d--h--w- c:\windows\PIF

2010-12-01 22:21:49 -------- d-----w- c:\program files\Oracle

2010-12-01 18:44:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-01 18:44:12 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-12-01 06:51:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt

2010-12-01 06:45:02 -------- d-----w- c:\docume~1\nick\applic~1\TrueCrypt

2010-12-01 06:44:05 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-12-01 06:43:58 -------- d-----w- c:\program files\TrueCrypt

==================== Find3M ====================

2010-12-30 15:50:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-12-29 21:24:04 57752 ----a-w- c:\windows\system32\rpcnet.dll

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:32:16.50 ===============

attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Link to post
Share on other sites

Here is the DDS as requested. Thanks again. You guys Rock.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Nick at 12:08:12.20 on 31/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.894.474 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.softmoc.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\nick\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [u5hBRj8JOP] control.exe "c:\program files\jupr3nnm\U5hBRj8JOP.cpl",0,1

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [bell Canada Connection Manager] "c:\program files\bell\mobile connect\BellCanadaCM.exe" -a

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://100.100.100.110/DVROcxEx.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217860603866

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: PCANotify - PCANotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: WinLiveContact - {b6ca44c3-5f6e-4080-816a-91e7d0fc015f} - c:\program files\common files\win\WinLiveContact.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\15ux4vlc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\nick\application data\mozilla\firefox\profiles\15ux4vlc.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\documents and settings\nick\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org

FF - Ext: OpenDownload: {210249CE-F888-11DD-B868-4CB456D89593} - %profile%\extensions\{210249CE-F888-11DD-B868-4CB456D89593}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]

R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-8-27 143248]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-8-27 41936]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-11-20 82944]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]

S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-6-8 17408]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174592]

S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2010-5-23 169240]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-9-26 36928]

S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2010-5-23 120088]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 100560]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-24 14:42:26 315904 ----a-w- c:\windows\IsUninst.exe

2010-12-22 17:45:09 -------- d-----w- c:\program files\Outlook Recovery Toolbox

2010-12-22 17:41:41 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Recovery Toolbox for Outlook

2010-12-22 17:41:34 140824 ----a-w- c:\windows\system32\secman.dll

2010-12-21 21:31:52 -------- d-----w- c:\docume~1\nick\locals~1\applic~1\Secunia PSI

2010-12-21 21:31:15 -------- d-----w- c:\program files\Secunia

2010-12-21 21:24:14 2910208 ----a-w- c:\windows\system32\Redemption.dll

2010-12-21 21:10:14 -------- d-----w- c:\program files\JuPR3NNm

2010-12-21 20:54:56 -------- d-----w- c:\program files\SysTools OST Recovery

2010-12-21 20:53:38 -------- d-----w- c:\docume~1\nick\applic~1\Kernel Ost to Pst (Evaluation Version)

2010-12-21 20:51:37 -------- d-----w- c:\program files\common files\Win

2010-12-18 05:25:09 -------- d--h--w- c:\windows\PIF

2010-12-01 22:21:49 -------- d-----w- c:\program files\Oracle

2010-12-01 18:44:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-01 18:44:12 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

==================== Find3M ====================

2010-12-31 16:55:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-12-31 16:55:27 57752 ----a-w- c:\windows\system32\rpcnet.dll

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 12:08:44.82 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 04/08/2008 12:09:27 AM

System Uptime: 31/12/2010 11:54:51 AM (1 hours ago)

Motherboard: Dell Inc. | | 0UW744

Processor: AMD Athlon 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 54 GiB total, 35.088 GiB free.

D: is FIXED (NTFS) - 57 GiB total, 11.11 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 440x 10/100 Integrated Controller

Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&B216F0A&0&00A4

Manufacturer: Broadcom

Name: Broadcom 440x 10/100 Integrated Controller

PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&B216F0A&0&00A4

Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VirtualBox Host-Only Ethernet Adapter

Device ID: ROOT\NET\0001

Manufacturer: Oracle Corporation

Name: VirtualBox Host-Only Ethernet Adapter

PNP Device ID: ROOT\NET\0001

Service: VBoxNetAdp

==== System Restore Points ===================

RP43: 21/12/2010 5:29:28 PM - System Checkpoint

RP44: 23/12/2010 3:21:40 AM - System Checkpoint

RP45: 23/12/2010 9:57:31 AM - Installed Java 6 Update 23

RP46: 24/12/2010 1:16:16 PM - System Checkpoint

RP47: 26/12/2010 2:47:52 AM - System Checkpoint

RP48: 27/12/2010 4:36:17 AM - System Checkpoint

RP49: 28/12/2010 4:04:01 PM - System Checkpoint

RP50: 30/12/2010 1:05:41 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 9.20

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

AMD Processor Driver

ASDM on 100.100.100.1

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Display Driver

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.