Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google misdirection


  • Please log in to reply
1 reply to this topic

#1 rawful

rawful

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 25 July 2009 - 10:03 PM

I just formatted the other day because I had this problem for months. Now a few days later it's back! I don't believe it. I also had a msa.exe problem, but I think MBAM has fixed it. Not sure if the two problems are connected.


DDS (Ver_09-06-26.01) - NTFSx86
Run by briand at 22:51:38.90 on Sat 07/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\briand\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [Aim6]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [VTTimer] VTTimer.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinPatrol] c:\program files\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: SpSubLSP.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248380827500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248412604187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\briand\applic~1\mozilla\firefox\profiles\z6jlxzs5.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-23 24652]
R3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-7-23 141056]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
RUnknown rnytl;rnytl; [x]
S2 mrtRate;mrtRate; [x]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2009-7-23 3584]

=============== Created Last 30 ================

2009-07-25 21:45 <DIR> --d----- c:\program files\Trend Micro
2009-07-25 01:18 921,600 a------- c:\windows\system32\vorbisenc.dll
2009-07-25 01:18 258,048 a------- c:\windows\system32\GplMpgDec.ax
2009-07-25 01:18 237,568 a------- c:\windows\system32\OggDS.dll
2009-07-25 01:18 188,416 a------- c:\windows\system32\vorbis.dll
2009-07-25 01:18 45,056 a------- c:\windows\system32\ogg.dll
2009-07-25 01:18 129,024 a------- c:\windows\system32\AVERM.dll
2009-07-25 01:18 28,672 a------- c:\windows\system32\AVEQT.dll
2009-07-25 01:18 <DIR> --d----- c:\program files\Allok Video to MP4 Converter
2009-07-24 23:15 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-24 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-24 21:12 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-24 21:12 <DIR> --d----- c:\docume~1\briand\applic~1\SUPERAntiSpyware.com
2009-07-24 21:12 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-24 17:39 <DIR> --d----- c:\program files\CCleaner
2009-07-24 17:04 <DIR> --d----- c:\docume~1\briand\applic~1\Dropbox
2009-07-24 17:03 <DIR> --d----- c:\program files\Dropbox
2009-07-24 13:14 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-24 13:14 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-24 00:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-24 00:30 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-24 00:19 <DIR> --d----- c:\documents and settings\briand\Tracing
2009-07-24 00:17 <DIR> --d----- c:\program files\Microsoft
2009-07-24 00:17 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-24 00:01 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-23 23:22 <DIR> --d----- c:\program files\The KMPlayer
2009-07-23 23:05 <DIR> --d----- c:\docume~1\briand\applic~1\WinPatrol
2009-07-23 23:05 <DIR> --d----- c:\program files\WinPatrol
2009-07-23 22:50 <DIR> --d----- c:\program files\uTorrent
2009-07-23 22:49 <DIR> --d----- c:\docume~1\briand\applic~1\uTorrent
2009-07-23 22:36 <DIR> --d----- c:\program files\Viewpoint
2009-07-23 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-07-23 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-07-23 22:36 <DIR> --d----- c:\program files\common files\AOL
2009-07-23 22:35 <DIR> --d----- c:\program files\AIM6
2009-07-23 22:35 455 a---h--- C:\IPH.PH
2009-07-23 21:56 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-07-23 21:56 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-07-23 21:53 <DIR> --d----- c:\program files\ESET
2009-07-23 21:39 <DIR> --d----- c:\docume~1\briand\applic~1\Malwarebytes
2009-07-23 21:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 21:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-23 21:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 21:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 21:21 <DIR> --dsh--- c:\documents and settings\briand\IECompatCache
2009-07-23 21:20 <DIR> --dsh--- c:\documents and settings\briand\PrivacIE
2009-07-23 21:20 <DIR> --dsh--- c:\documents and settings\briand\IETldCache
2009-07-23 21:17 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-23 21:16 <DIR> --d----- c:\windows\ie8updates
2009-07-23 21:16 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-23 21:16 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-23 21:16 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-23 21:16 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-23 21:15 <DIR> -cd-h--- c:\windows\ie8
2009-07-23 21:12 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-23 21:06 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-23 21:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-23 21:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-23 21:02 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-23 21:02 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-07-23 21:02 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-23 21:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-23 21:00 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-23 20:43 <DIR> --d----- c:\windows\system32\scripting
2009-07-23 20:43 <DIR> --d----- c:\windows\system32\en
2009-07-23 20:43 <DIR> --d----- c:\windows\l2schemas
2009-07-23 20:41 <DIR> --d----- c:\windows\network diagnostic
2009-07-23 20:34 208,896 -c------ c:\windows\system32\dllcache\unregmp2.exe
2009-07-23 20:06 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-07-23 19:13 3,885 a------- c:\windows\viassary-hp.reg
2009-07-23 19:06 <DIR> --d----- C:\WUTemp
2009-07-23 19:06 191,488 a------- c:\windows\system32\iuengine.dll
2009-07-23 19:06 4,078 a--shr-- c:\windows\system32\drivers\HP_DQ176A-ABA a430n_YC_Pavi_QMXM402_E41NAheBLU4_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.07_T031015_WXH1_L409_M1024_J160_7AMD_8Athlon XP 3200+_92.19_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE0181_O.MRK
2009-07-23 19:05 <DIR> --d----- c:\windows\peernet
2009-07-23 19:05 <DIR> --d----- c:\windows\provisioning
2009-07-23 19:04 33,792 a------- c:\windows\system32\msgsvc.dll
2009-07-23 19:04 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-23 19:02 <DIR> --d----- c:\program files\Multimedia Card Reader
2009-07-23 19:02 <DIR> --d----- c:\windows\Downloaded Installations
2009-07-23 19:01 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-07-23 19:01 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2009-07-23 19:00 <DIR> --d----- c:\windows\EHome
2009-07-23 18:59 182 a------- c:\windows\system\hpsysdrv.DAT
2009-07-23 18:40 <DIR> --d--r-- C:\Program Files
2009-07-23 18:40 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-07-23 18:40 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-07-23 18:38 <DIR> -cdshr-- c:\windows\system32\dllcache
2009-07-23 18:35 <DIR> --d----- C:\Download
2009-07-23 18:31 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-07-23 18:31 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-07-23 18:00 40,448 ac------ c:\windows\system32\dllcache\osuninst.exe
2009-07-23 17:57 113,222 ac------ c:\windows\system32\dllcache\zoneclim.dll
2009-07-23 17:57 41,029 ac------ c:\windows\system32\dllcache\zcorem.dll
2009-07-23 17:57 36,937 ac------ c:\windows\system32\dllcache\zclientm.exe
2009-07-23 17:57 29,760 ac------ c:\windows\system32\dllcache\znetm.dll
2009-07-23 17:57 13,894 ac------ c:\windows\system32\dllcache\zonelibm.dll
2009-07-23 17:57 8,261 ac------ c:\windows\system32\dllcache\zoneoc.dll
2009-07-23 17:57 4,677 ac------ c:\windows\system32\dllcache\zeeverm.dll
2009-07-23 17:57 338,432 a------- c:\windows\system32\zipfldr.dll
2009-07-23 17:57 9,522 a------- c:\windows\Zapotec.bmp
2009-07-23 17:57 707 a------- c:\windows\_default.pif
2009-07-23 17:55 1,817,687 ac------ c:\windows\system32\dllcache\bckgres.dll
2009-07-23 16:54 11,264 -------- c:\windows\system32\spnpinst.exe
2009-07-23 16:54 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-07-23 16:54 7,208 -------- c:\windows\system32\secupd.sig
2009-07-23 16:54 4,569 -------- c:\windows\system32\secupd.dat
2009-07-23 16:39 1,082,368 a------- c:\windows\system32\esent.dll
2009-07-23 16:30 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-23 16:30 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-23 16:29 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-23 16:29 <DIR> --d----- c:\windows\system32\bits
2009-07-23 16:28 354,304 a------- c:\windows\system32\winhttp.dll
2009-07-23 16:28 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-07-23 16:28 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-07-23 16:28 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-07-23 16:27 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-07-23 16:27 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-07-23 16:27 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-07-23 16:27 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-07-23 16:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-23 16:27 <DIR> --dsh--- c:\documents and settings\briand\UserData
2009-07-23 16:14 <DIR> --dshr-- C:\cmdcons
2009-07-23 16:14 <DIR> --d----- c:\windows\setup.pss
2009-07-23 16:13 <DIR> --d----- c:\windows\setupupd
2009-07-23 16:13 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-23 16:13 <DIR> --d----- c:\docume~1\briand\applic~1\Symantec
2009-07-23 16:13 <DIR> --d----- c:\documents and settings\briand\WINDOWS
2009-07-23 16:13 <DIR> --d----- c:\documents and settings\briand

==================== Find3M ====================

2009-07-23 20:46 80,795 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-23 19:08 28,928 a------- c:\windows\hpoins03.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\ieencode.dll
2004-02-01 00:57 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 22:53:12.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:42 PM

Posted 04 August 2009 - 08:57 PM

Hello rawful

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users