Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

seach links take me to random sites


  • This topic is locked This topic is locked
2 replies to this topic

#1 rincewind03060

rincewind03060

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 04 January 2009 - 06:43 PM

DDS (Version 1.1.0) - NTFSx86
Run by Robert Henderson at 18:37:17.95 on Sun 01/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert Henderson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: rightalumni.com\www
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\xhd4tcic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-4 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-4 26824]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-17 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-17 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-17 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-17 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-17 40488]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-4 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-4 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-4 76040]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-17 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-17 144704]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-4 33752]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-17 33832]

=============== Created Last 30 ================

2009-01-04 18:25 <DIR> --d----- c:\program files\Trend Micro
2009-01-04 17:10 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-04 17:10 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-04 17:10 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-04 17:10 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-04 17:10 <DIR> --d----- c:\program files\AVG
2009-01-04 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-04 15:36 456 a------- c:\windows\wininit.ini
2009-01-04 15:18 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-04 15:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-04 15:09 <DIR> --d----- c:\program files\Panda Security
2009-01-04 13:07 <DIR> --d----- c:\program files\common files\Scanner
2009-01-04 13:06 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy
2009-01-04 11:31 <DIR> --d----- C:\torrent
2008-12-31 17:45 934 a------- c:\windows\cdplayer.ini
2008-12-23 20:00 <DIR> --d----- c:\program files\common files\xing shared
2008-12-21 16:43 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-21 16:43 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-21 16:43 <DIR> --d----- c:\program files\common files\Real
2008-12-18 18:03 106,496 a------- c:\windows\SiSUSBrg.exe
2008-12-18 18:03 32,768 a------- c:\windows\SIS_LIB.DLL
2008-12-18 18:03 3,583 a------- c:\windows\SiSport.sys
2008-12-18 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2008-12-18 17:09 186,097 a------- c:\windows\system32\nvapps.xml
2008-12-18 17:09 446,464 a------- c:\windows\system32\nvudisp.exe
2008-12-18 17:09 18,070 a------- c:\windows\system32\nvdisp.nvu
2008-12-18 17:09 <DIR> --d----- c:\windows\nview
2008-12-18 17:09 446,464 a------- c:\windows\system32\NVUNINST.EXE
2008-12-18 17:00 <DIR> --d----- c:\program files\common files\SWF Studio
2008-12-18 16:50 <DIR> --d----- c:\program files\Conduit
2008-12-18 16:50 <DIR> --d----- c:\windows\Freecorder Toolbar
2008-12-18 16:49 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-12-18 16:48 <DIR> --d----- c:\windows\Applian FLV Player
2008-12-18 14:39 <DIR> --d----- c:\program files\Realtek Sound Manager
2008-12-18 14:39 <DIR> --d----- c:\program files\AvRack
2008-12-18 14:36 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-18 14:36 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-18 14:35 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-18 14:22 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-18 14:22 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-18 14:22 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-18 14:20 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-18 14:20 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-18 14:20 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-18 14:20 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-18 14:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-18 14:12 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-18 14:03 <DIR> --d----- C:\Wallpaper
2008-12-18 13:40 <DIR> --dsh--- c:\documents and settings\robert henderson\UserData
2008-12-18 13:39 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-18 13:39 23,856 a------- c:\windows\system32\spupdsvc.exe
2008-12-18 13:39 <DIR> --d-h--- c:\windows\$hf_mig$
2008-12-18 13:39 139,264 a------- c:\windows\system32\IDEproperty.dll
2008-12-18 13:39 49,024 a------- c:\windows\system32\drivers\sisidex.sys
2008-12-18 13:39 9,472 a------- c:\windows\system32\drivers\sisperf.sys
2008-12-18 13:38 304,128 a------- c:\windows\IsUninst.exe
2008-12-18 13:38 <DIR> --d----- c:\documents and settings\robert henderson\WINDOWS
2008-12-18 13:36 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-18 13:36 46,976 a------- c:\windows\system32\drivers\R8139n51.sys
2008-12-18 13:36 <DIR> --d----- c:\windows\OPTIONS
2008-12-18 13:35 <DIR> --d----- c:\program files\OpenOffice.org 2.4
2008-12-18 13:35 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-18 13:33 <DIR> --d----- c:\program files\NoteTab Light
2008-12-18 13:33 45,056 a------- c:\windows\bkuninst.exe
2008-12-18 13:33 <DIR> --d----- c:\program files\BK ReplaceEm
2008-12-18 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2008-12-18 13:32 <DIR> --d----- c:\program files\Mythicsoft
2008-12-18 13:31 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2008-12-18 13:31 <DIR> --d----- c:\program files\Belarc
2008-12-18 13:31 36,992 a------- c:\windows\system32\drivers\SISAGPX.SYS
2008-12-18 13:30 4,096 a------- c:\windows\system32\drivers\siside.sys
2008-12-17 20:33 57,344 -------- c:\windows\dvdrgn.exe
2008-12-17 20:33 <DIR> --d----- c:\program files\Ulead Systems
2008-12-17 20:33 <DIR> --d----- c:\program files\common files\Ulead Systems
2008-12-17 20:28 12,125 a------- c:\windows\system32\Config.MPF
2008-12-17 20:28 143,360 a------- c:\windows\system32\dunzip32.dll
2008-12-17 20:25 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-17 20:25 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-17 20:25 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-17 20:25 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-17 20:25 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2008-12-17 20:25 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-17 20:25 <DIR> --d----- c:\program files\McAfee.com
2008-12-17 20:25 <DIR> --d----- c:\program files\common files\McAfee
2008-12-17 20:25 <DIR> --d----- c:\program files\McAfee
2008-12-17 20:24 <DIR> --d----- c:\program files\Canon
2008-12-17 20:24 <DIR> --d-h--- c:\windows\system32\CanonMF Uninstaller Information
2008-12-17 20:24 <DIR> --d-h--- C:\CanonMF
2008-12-17 20:24 53,248 a------- c:\windows\system32\CNAS0MMK.DLL
2008-12-17 20:12 <DIR> --d----- c:\documents and settings\Robert Henderson
2008-12-17 20:12 13,588 a------- c:\windows\system32\wpa.bak
2008-12-17 20:12 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-17 20:11 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-17 20:11 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-17 20:07 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2008-12-17 20:06 188,480 ac------ c:\windows\system32\dllcache\cfgwiz.exe
2008-12-17 20:05 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-17 20:05 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-17 20:05 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-17 20:05 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-17 20:05 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-17 20:05 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-17 20:05 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-17 20:05 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-17 20:05 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-17 20:05 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-17 20:05 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-17 20:05 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-17 20:05 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-17 20:04 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-17 20:03 <DIR> --d----- c:\program files\Online Services
2008-12-17 20:03 <DIR> --d----- c:\program files\Messenger
2008-12-17 20:03 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-17 20:02 <DIR> --d----- c:\program files\Windows NT
2008-12-17 12:56 <DIR> --d----- c:\program files\common files\ODBC
2008-12-17 12:56 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-17 12:55 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-21 20:57 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-17 20:04 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 18:37:57.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rincewind03060

rincewind03060
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 14 January 2009 - 01:18 PM

I solved this problem by formatting the boot drive reinstalling the OS.

Not only would it misdirect search links, but it wouldn't allow me to get to the McAfee update link or install download link. Bad juju. Drastic measures were called for.

Thanks, anyway.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:37 AM

Posted 18 January 2009 - 04:03 AM

Thanks for informing us what you have done.

We get overwhelmed here at times.

Should you find other problems please start a new topic.

This thread is now closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users