Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win xp, IE8, google redirects proxy 127.0.0.1:5555


  • This topic is locked This topic is locked
2 replies to this topic

#1 uncertainty

uncertainty

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 29 January 2010 - 08:21 PM

Hi,

I've been trying to get rid of this google redirect malware for afew weeks now and finally came across this site. Its the redirect malware that when you click on google searches it sometimes will redirect to 3rd party search engines (like searchsite.com). It does not happen often, only now and then. I have tried the lastest Malwarebyte but even the latest update is not finding the cause. I run mcafee which also has not found any problems. When I run hitman 3.5 it does find that the proxy server for IE has been set to 127.0.0.1:5555 and does fix it (the configuration for my proxy settings when I look in IE8s settings never show any proxy active).

This works until I try another google search using IE8's default search engine. When I run hitman 3.5 it again it finds the proxy has been activated with 127.0.0.1:5555 and again fixes it. This of course only lasts till I do another google search using it as the default search engine (btw does it with Bing also if I make bing default). Let me know if you need anymore information and thanks again for the help..

DDS.TXT

DDS (Ver_09-12-01.01) - NTFSx86
Run by uncertainty at 20:04:52.10 on Fri 01/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3007.1652 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\wargames\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\internet\Nessus\nessusd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\multimedia\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\multimedia\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\apps\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\multimedia\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\apps\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\multimedia\Logitech\SetPoint\SetPoint.exe
C:\Program Files\apps\SpeedFan\speedfan.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\apps\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\multimedia\MPTVclient\MPTvClient.exe
C:\Program Files\multimedia\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Files-2010\RootRepeal.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
G:\Files-2010\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTSysVol] c:\program files\multimedia\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\multimedia\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DU Meter] c:\program files\apps\du meter\DUMeter.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [RemoteControl] "c:\program files\multimedia\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\multimedia\powerdvd\language\Language.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RivaTunerStartupDaemon] "c:\program files\apps\rivatuner v2.24\RivaTuner.exe" /S
mRun: [RivaTuner] "c:\program files\apps\rivatuner v2.24\RivaTuner.exe" /T
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTXFIREG] CTxfiReg.exe /FAIL2
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\docume~1\uncert~1\startm~1\programs\startup\speedfan.lnk - c:\program files\apps\speedfan\speedfan.exe
StartupFolder: c:\docume~1\uncert~1\startm~1\programs\startup\styler.lnk - c:\docume~1\uncert~1\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\multimedia\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\apps\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139785423601
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B721B25D-E26C-433E-BF20-755C0E896728} = 68.87.64.150,68.87.75.198,209.191.0.1
TCP: {B78D71B1-ABEB-4560-8D8B-39A935A31967} = 167.206.245.8,167.206.245.7,209.191.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\uncert~1\applic~1\mozilla\firefox\profiles\mxwm7kbl.default\
FF - plugin: c:\documents and settings\uncertainty\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\multimedia\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\multimedia\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\multimedia\realplayer\netscape6\nprpjplug.dll
FF - HiddenExtension: XULRunner: {60825FE4-9CC4-4B0D-8DB3-367C5C4D0CB2} - c:\documents and settings\uncertainty\local settings\application data\{60825fe4-9cc4-4b0d-8db3-367c5c4d0cb2}\
FF - HiddenExtension: XULRunner: {7CC93105-2D2E-42CE-B663-7533566C9042} - c:\documents and settings\uncertainty\local settings\application data\{7CC93105-2D2E-42CE-B663-7533566C9042}
FF - HiddenExtension: XULRunner: {8618F703-4648-4745-B440-D52BB28475E9} - c:\documents and settings\uncertainty\local settings\application data\{8618F703-4648-4745-B440-D52BB28475E9}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-2-12 21851]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-28 12672]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2006-2-15 151476]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-28 144704]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2009-6-23 15896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2006-10-20 34944]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-28 40552]
R3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-7-9 176640]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-27 1087680]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-3-12 1175936]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\apps\pcanywhere\awhost32.exe [2007-5-11 132728]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-22 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2006-5-30 472644]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2006-5-24 30984]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-28 34248]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [2006-5-24 56576]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-3-7 223128]

=============== Created Last 30 ================

2010-01-28 23:04:26 0 d-----w- c:\program files\common files\Mobipocket Shared
2010-01-28 22:54:59 0 d-----w- c:\docume~1\uncert~1\applic~1\Mobipocket
2010-01-28 20:46:14 152 ----a-w- c:\documents and settings\uncertainty\.gitconfig
2010-01-23 07:34:52 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-01-23 07:34:52 1080 ----a-w- c:\windows\system32\settings.sfm
2010-01-23 03:45:30 30528 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20021102}.rfx
2010-01-23 03:45:30 11564 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20021102}.rfx
2010-01-23 03:45:21 4931715 ------w- c:\windows\{00000004-00000000-00000002-00001102-00000004-20021102}.BAK
2010-01-23 03:44:05 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-23 03:42:47 0 d-----w- c:\windows\system32\Data
2010-01-23 02:26:39 0 d-sha-r- C:\cmdcons
2010-01-23 02:26:03 98816 ----a-w- c:\windows\sed.exe
2010-01-23 02:26:03 77312 ----a-w- c:\windows\MBR.exe
2010-01-23 02:26:03 261632 ----a-w- c:\windows\PEV.exe
2010-01-23 02:26:03 161792 ----a-w- c:\windows\SWREG.exe
2010-01-23 01:35:19 344 ----a-w- c:\windows\system32\.crusader
2010-01-23 01:27:41 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-23 01:27:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-01-23 01:27:29 0 d-----w- c:\program files\Hitman Pro 3.5
2010-01-22 22:05:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-18 21:00:53 0 d-----w- c:\windows\Cache
2010-01-14 20:12:17 0 d-----w- c:\program files\Microsoft Research
2010-01-13 21:35:47 0 d-----w- c:\program files\SoundSpectrum
2010-01-12 21:11:48 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:39:31 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-09 20:02:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-09 20:00:45 0 d-----r- c:\program files\Skype
2010-01-07 21:13:41 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-06 21:26:35 0 d-sh--w- c:\documents and settings\uncertainty\IECompatCache
2010-01-06 21:26:20 0 d-sh--w- c:\documents and settings\uncertainty\PrivacIE
2010-01-06 21:25:01 0 d-sh--w- c:\documents and settings\uncertainty\IETldCache
2010-01-06 21:22:45 0 d-----w- c:\windows\ie8updates
2010-01-06 21:21:46 0 dc-h--w- c:\windows\ie8
2010-01-06 21:11:37 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2010-01-06 21:11:36 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-06 21:11:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-06 21:11:29 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-06 01:12:45 61440 ----a-w- c:\windows\system32\digitbox.ocx
2010-01-05 20:12:46 0 d-----w- c:\windows\system32\AGEIA
2010-01-05 20:12:34 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-04 21:09:39 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-04 21:09:39 1409 ----a-w- c:\windows\QTFont.for
2010-01-04 00:15:31 298496 ----a-w- c:\windows\uninst.exe
2010-01-03 17:43:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-03 17:43:18 22328 ----a-w- c:\docume~1\uncert~1\applic~1\PnkBstrK.sys
2010-01-03 17:43:14 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-03 17:42:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-03 17:42:58 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-02 23:54:02 0 d-----w- c:\windows\system32\xlive
2010-01-02 23:46:04 149040 ----a-w- c:\windows\system32\ImageDrive.cpl
2010-01-02 18:12:56 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-01-02 17:06:03 32 ----a-w- c:\windows\__$tofn$__
2010-01-01 01:33:45 120 ----a-w- c:\windows\Utujeqovuzito.dat
2010-01-01 01:33:45 0 ----a-w- c:\windows\Ayidewu.bin
2009-12-31 01:50:28 0 d-----w- c:\windows\SxsCaPendDel

==================== Find3M ====================

2010-01-23 03:43:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-23 03:43:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-22 22:04:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 00:05:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 02:34:54 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34:54 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34:54 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34:54 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34:54 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34:54 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34:54 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 01:32:14 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32:14 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32:14 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32:14 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32:10 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-20 02:42:56 592488 ----a-w- c:\windows\system32\NVUninst.exe
2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 20:05:11.62 ===============

Attached Files


Edited by uncertainty, 29 January 2010 - 08:41 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,444 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:40 PM

Posted 07 February 2010 - 09:04 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,444 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:40 PM

Posted 12 February 2010 - 01:09 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users