Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • Please log in to reply
4 replies to this topic

#1 Paul Gibson

Paul Gibson

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 06 July 2009 - 05:57 AM

Hi Guys, First time on the forum. Been trying everywhere to fix my computer. Search results keep redirected. Downloaded a codec to watch a video on WMP and every since this has been the problem.
Hope you can help.

My log is as follows:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Paul Gibson at 11:49:06.10 on 06/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1059 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\lxcecoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Paul Gibson\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paul Gibson\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FlashFetcher: {16e8a050-74ce-43d5-8dc0-badd7347b2dd} - c:\program files\geovid\flashfetcher\FlashFetcher.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\users\paul gibson\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunServices: [Generic Host Process for Win32 Services] svchosts.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: {07174FC7-B4C1-4643-9C03-B4D2148EB057} - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - c:\program files\geovid\flashfetcher\FlashFetcher.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: NameServer = 85.255.112.140,85.255.112.132
TCP: {2F1E76D8-8643-4EAF-891B-E0B173EB1789} = 85.255.112.140,85.255.112.132
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\paulgi~1\appdata\roaming\mozilla\firefox\profiles\qpoqaxqs.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npBBCPlugin.dll
FF - plugin: c:\users\paul gibson\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-25 45848]

=============== Created Last 30 ================

2009-07-03 21:43 <DIR> --d----- C:\PDFZilla
2009-06-27 11:54 <DIR> --d----- c:\program files\Softinterface, Inc
2009-06-15 11:39 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-06-15 11:39 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-15 09:46 <DIR> --d----- c:\program files\Crawler
2009-06-14 19:11 128 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-06-14 16:06 169,539,796 a------- c:\windows\MEMORY.DMP
2009-06-14 09:57 <DIR> --d----- c:\program files\Trend Micro
2009-06-14 09:41 611,053 a------- c:\windows\system32\drivers\HOSTS
2009-06-12 20:46 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-07-04 22:18 792 a------- c:\users\paulgi~1\appdata\roaming\wklnhst.dat
2009-06-14 19:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 19:38 51,200 a------- c:\windows\inf\infpub.dat
2009-06-14 10:04 86,016 a------- c:\windows\inf\infstor.dat
2009-06-14 09:44 0 a------- c:\users\paul gibson\mvps.bat
2009-05-18 11:17 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-18 11:17 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 15:00 811,008 a------- c:\windows\system32\tx15.dll
2009-05-04 05:30 577,536 a------- c:\windows\system32\tx15_rtf.dll
2009-05-01 12:53 1,695,744 a------- c:\windows\system32\beconvlib.dll
2009-04-24 01:10 1,069,056 a------- c:\windows\system32\tx15_dox.dll
2009-04-23 13:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 13:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-22 03:00 626,688 a------- c:\windows\system32\tx15_htm.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-21 12:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-17 05:20 753,664 a------- c:\windows\system32\tx15_doc.dll
2008-11-13 21:59 22,328 a------- c:\users\paulgi~1\appdata\roaming\PnkBstrK.sys
2008-06-12 18:34 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-26 21:42 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-19 20:52 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-12-19 20:52 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-19 20:52 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-08-19 02:19 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:51:18.05 ===============



Thank you

Edited by Paul Gibson, 06 July 2009 - 05:58 AM.


BC AdBot (Login to Remove)

 


#2 Paul Gibson

Paul Gibson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 06 July 2009 - 02:20 PM

Bump :thumbsup:

#3 Paul Gibson

Paul Gibson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 08 July 2009 - 03:42 PM

Please help :thumbsup:

#4 Paul Gibson

Paul Gibson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 12 July 2009 - 02:11 PM

Bump

#5 Paul Gibson

Paul Gibson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 14 July 2009 - 02:27 AM

Last post guys.
Anyone able to help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users