Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting links


  • This topic is locked This topic is locked
3 replies to this topic

#1 hco12

hco12

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 26 March 2009 - 01:11 PM

So lately when i search on google, it usually redirects me to a different link than which i clicked. I have searched for fixes on google and couldn't find any which have worked. My anti-virus and spyware programs doesn't show any problems. Please help =)



DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 14:06:01.62 on Thu 03/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1359 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\WPN111.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\{401797EA-AB3A-4D1C-AA3E-AA512FE4C38C}\Foundation Clock.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\animat~1.lnk - c:\documents and settings\hp_administrator\my documents\stardock\objectdock library\misc\Animated Cloud XM Blue Grey.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\animat~2.lnk - c:\documents and settings\hp_administrator\my documents\stardock\objectdock library\misc\Animated Cloud XM Grey.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\founda~1.lnk - c:\documents and settings\hp_administrator\my documents\stardock\objectdock library\misc\Foundation Clock.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\WPN111.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wpn111\WPN111.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nike_u~1.lnk - c:\program files\nike+ utility\Nike+ Utility.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - No File
STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - No File
STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - No File

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-7 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-5 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-5 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-5 144704]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-3-4 17149]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-5 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-5 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-5 40552]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2009-3-4 19020]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-2-17 362944]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-5 34216]

=============== Created Last 30 ================

2009-03-26 11:50 389,120 a------- c:\windows\system32\CF9978.exe
2009-03-26 11:50 <DIR> --d----- C:\ComboFix
2009-03-25 20:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-25 20:50 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-25 20:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-25 20:50 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-25 20:50 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-25 20:50 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-25 20:50 <DIR> --d----- C:\add572f9b6de07a0ca1690e33dcb
2009-03-25 20:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-25 20:50 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-25 20:50 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-19 12:41 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-19 12:41 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-19 12:41 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-03-19 12:41 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-18 15:04 <DIR> --d----- c:\program files\Nike+ Utility
2009-03-17 18:02 161,792 a------- c:\windows\SWREG.exe
2009-03-17 18:02 98,816 a------- c:\windows\sed.exe
2009-03-16 20:59 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-16 20:56 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HouseCall 6.6
2009-03-16 20:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-16 20:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 20:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 20:19 <DIR> --d----- c:\program files\VS Revo Group
2009-03-15 17:57 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Stardock
2009-03-15 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Stardock
2009-03-15 17:35 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Binary Fortress Software
2009-03-15 17:33 <DIR> --d----- c:\program files\DisplayFusion
2009-03-15 16:35 <DIR> --d----- c:\program files\Steam
2009-03-15 13:52 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-14 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 18:27 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-14 18:27 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-12 14:22 8 a------- c:\windows\system32\nvModes.dat
2009-03-12 14:17 <DIR> --d----- c:\windows\system32\AGEIA
2009-03-12 14:16 201,654 a------- c:\windows\system32\nvapps.xml
2009-03-12 14:16 453,152 a------- c:\windows\system32\nvudisp.exe
2009-03-12 14:16 18,477 a------- c:\windows\system32\nvdisp.nvu
2009-03-12 14:16 <DIR> --d----- c:\windows\nview
2009-03-12 14:16 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-11 18:15 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\NBC Direct
2009-03-11 18:15 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\IDM
2009-03-11 18:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-03-11 18:15 <DIR> --d----- c:\program files\Pando Networks
2009-03-11 18:15 <DIR> a-d----- c:\program files\NBC Direct
2009-03-11 18:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NBC Direct
2009-03-08 15:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-07 20:02 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-07 19:57 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-07 19:57 <DIR> --d----- c:\program files\Lavasoft
2009-03-07 09:04 <DIR> --d----- c:\windows\system32\scripting
2009-03-07 09:04 <DIR> --d----- c:\windows\system32\en
2009-03-07 09:04 <DIR> --d----- c:\windows\system32\bits
2009-03-06 18:05 20,992 -------- c:\windows\system32\spupdwxp.exe
2009-03-06 18:04 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-03-05 22:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-05 22:21 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-05 22:21 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-03-05 22:21 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-05 22:21 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-05 22:21 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-05 22:21 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-03-05 22:21 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-03-05 22:21 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-05 20:02 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-03-05 17:06 11,895 a------- c:\windows\system32\Config.MPF
2009-03-05 17:04 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-05 17:04 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-05 17:04 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-05 17:04 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-05 17:03 <DIR> --d----- c:\program files\common files\McAfee
2009-03-05 17:03 <DIR> --d----- c:\program files\McAfee.com
2009-03-05 17:03 <DIR> --d----- c:\program files\McAfee
2009-03-05 17:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-05 16:45 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-05 16:45 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 16:32 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-05 16:32 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-05 16:31 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-03-05 16:31 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-03-05 16:31 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-03-05 16:31 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-05 16:30 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-05 16:30 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-05 16:30 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-05 16:30 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-05 16:29 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-05 16:27 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-03-05 01:05 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-04 21:25 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-04 21:24 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-03-04 21:19 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-03-04 21:12 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-04 21:12 651,264 a------- c:\windows\system32\libeay32.dll
2009-03-04 21:12 147,456 a------- c:\windows\system32\ssleay32.dll
2009-03-04 21:12 94,208 a------- c:\windows\system32\DNIN50.dll
2009-03-04 21:12 17,149 a------- c:\windows\system32\DNINDIS5.sys
2009-03-04 21:11 <DIR> --dshr-- C:\cmdcons
2009-03-04 21:06 1,869 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ER883AA-ABA M7470N_YC_0Pavi_QMXK610_E62NAemMPA1_48_IAMETHYST-M_SMSI_V1.0_B3.47_T060303_WXP2_L409_M2047_J300_7AMD_8Athlon 64 X2 Dual Core_92.19_#060415_N10EC8139_Z11C10620_G10027183.MRK
2009-03-04 21:06 3,107,788 a----r-- c:\windows\system32\ativvaxx.dat
2009-03-04 21:06 2,096 a----r-- c:\windows\system32\drivers\ativdkxx.vp
2009-03-04 21:04 8,192 a------- c:\windows\system32\edb.chk
2009-03-04 21:03 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-03-04 21:03 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-03-04 21:03 <DIR> --d----- c:\documents and settings\HP_Administrator
2009-03-04 20:56 <DIR> --dsh--- c:\documents and settings\hp_administrator\UserData
2009-03-04 20:56 25,088 a------- c:\windows\system32\msxml3a.dll
2009-03-04 20:53 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-04 20:53 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-04 20:53 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-04 20:53 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-04 20:13 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-04 19:19 <DIR> --dshr-- c:\windows\system32\dllcache
2009-03-04 19:07 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\The Creative Assembly
2009-03-04 18:28 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-04 18:28 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-04 18:26 <DIR> --d----- c:\windows\Logs
2009-03-04 18:19 19,020 a------- c:\windows\system32\drivers\Razerlow.sys
2009-03-04 18:19 162,900 -------- c:\windows\system32\drivers\USBICP.sys
2009-03-04 18:19 69,632 a------- c:\windows\system32\razer.cpl
2009-03-04 18:18 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-03 11:53 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-03-03 00:59 0 a------- c:\windows\mqcd.dbt
2009-03-02 00:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-02 00:50 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-03-01 22:27 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-03-01 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-26 19:59 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-02-26 16:47 <DIR> --d----- c:\documents and settings\hp_administrator\.thumbnails
2009-02-26 16:46 <DIR> --d----- c:\documents and settings\hp_administrator\.gimp-2.4
2009-02-25 22:56 <DIR> --d----- c:\program files\Tansee iPod Transfer Photo

==================== Find3M ====================

2009-03-07 09:08 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-07 09:07 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-03-07 09:07 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-03-07 09:07 217,088 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-03-07 09:07 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-03-07 09:07 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-03-07 09:07 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-03-07 09:07 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-03-07 09:07 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-03-07 09:07 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-03-05 19:32 139,264 a------- c:\windows\system32\hpzjrd01.dll
2009-03-04 00:37 107,008 ac------ c:\windows\UninstallFirefox.exe
2009-03-04 00:37 73,216 a------- c:\windows\ST6UNST.EXE
2009-03-04 00:37 577,536 a------- c:\windows\soundman.exe
2009-03-04 00:37 249,856 a------- c:\windows\Setup1.exe
2009-03-04 00:37 126,976 a----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-04 00:37 315,392 a------- c:\windows\alcupd.exe
2009-03-04 00:37 217,088 a------- c:\windows\Alcrmv.exe
2009-02-17 19:44 1,490,367 a------- c:\windows\cursors\uninstall.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 14:07:30.00 ===============

BC AdBot (Login to Remove)

 


#2 hco12

hco12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 27 March 2009 - 11:17 PM

bump?

#3 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 31 March 2009 - 01:43 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,hco12. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.


Step1

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.


Step2

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

@Echo off
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\look.txt
START C:\look.txt

Name the file as check.bat, making sure save as type is set to " All Files ". It should look like Posted Image
Double click on check.bat & allow it to run. Copy and paste the content in your next reply (If the file does not open please check here for the file C:\look.txt.).


Step3

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step4
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please post back:

1.Goored log
2.Look.txt
3.GMER log
4.RSIT log.txt and info.txt. Thanks.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 10 April 2009 - 01:24 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users