Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to unusual sites


  • This topic is locked This topic is locked
3 replies to this topic

#1 wsp

wsp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 August 2009 - 09:51 PM

Note you describe ensuring firewall is on but mine is off and I am unable to change it despite having admin rights

Searching from the tool bar works Clicking on a search result takes me to a wrong site often via traffsource.net

Spybot. SuperAntispyware and Malawarebytes have been run in safe mode but problem not fixed


DDS (Ver_09-07-30.01) - NTFSx86
Run by spaxton at 19:01:14.95 on Fri 08/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1423 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Novadigm\radexecd.exe
c:\Program Files\Novadigm\radsched.exe
c:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\T-Mobile Internet Manager\UIExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\spaxton.NAM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com
mDefault_Page_URL = hxxp://hub.slb.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Password Reminder] remind.vbs
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GetInfo] c:\program files\mcafee\common framework\GetInfo.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RUNRADTRAY] c:\progra~1\novadigm\radtray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IDTSysTrayApp]
mRun: [TLogonPath] "c:\program files\timbuktu pro\Tb2Logon.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229702934381
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.gateway.slb.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: slbScCertProp - c:\windows\system32\ScCertProp.dll
Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [2008-4-30 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-6-29 33664]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-7-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-7-16 54608]
R2 MSSQL$DRILLING;SQL Server (DRILLING);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
R2 radexecd;HP OVCM Notify Daemon;c:\program files\novadigm\radexecd.exe [2007-2-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\program files\novadigm\radsched.exe [2008-4-30 172210]
R2 Radstgms;HP OVCM MSI Redirector;c:\program files\novadigm\Radstgms.exe [2007-3-20 315570]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2009-8-9 241664]
R2 vddidecr;Digital Delivery Decrypting Device;c:\windows\system32\drivers\vddidecr.sys [2007-5-7 109312]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-5-7 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-5-7 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-5-7 174952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 R72_NT4;R72_NT4;c:\windows\system32\drivers\r72_nt4.sys --> c:\windows\system32\drivers\R72_NT4.sys [?]
S2 R72V2NT4;R72V2NT4; [x]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-8-9 9728]

=============== Created Last 30 ================

2009-08-21 19:01 <DIR> --d----- c:\temp\RarSFX0
2009-08-21 18:58 5,587,370 a------- c:\temp\SAB14.ZIP
2009-08-21 18:45 <DIR> --d----- c:\temp\WPDNSE
2009-08-21 15:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 15:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-21 15:02 <DIR> --d----- c:\temp\{943B6738-4801-4982-90EC-0442EF7AEB16}
2009-08-21 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-21 12:00 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-21 11:14 <DIR> --d----- c:\windows\pss
2009-08-21 10:58 158,960 a------- c:\temp\SSUPDATE.EXE
2009-08-21 10:17 294,828 a------- c:\temp\ExchangePerflog_8484fa318100001fe1a1c0a0.dat
2009-08-21 09:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-20 17:22 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Malwarebytes
2009-08-20 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 17:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 09:45 1,429 a------- c:\windows\ex1234.dat
2009-08-19 09:44 1 ----h--- c:\windows\mmsmark2.dat
2009-08-19 09:44 1 ----h--- c:\windows\ex23567.dat
2009-08-19 08:44 1 a------- c:\windows\fdgg34353edfgdfdf
2009-08-18 18:19 <DIR> --d----- C:\Quarantine
2009-08-17 14:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-17 14:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-17 14:34 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\SUPERAntiSpyware.com
2009-08-17 11:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-17 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-11 11:29 7,070 a------- C:\NetworkCfg.xml
2009-08-09 11:59 56,532 a---h--- c:\windows\system32\mlfcache.dat
2009-08-09 11:42 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-08-09 08:59 105,344 a------- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-08-09 08:59 104,960 a------- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-08-09 08:59 104,960 a------- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-08-09 08:59 9,728 a------- c:\windows\system32\drivers\massfilter.sys
2009-08-09 08:59 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Program Files
2009-08-09 08:59 719,360 a------- c:\windows\system32\bmutil.dll
2009-08-09 08:59 471,040 a------- c:\windows\system32\bmnet.dll
2009-08-09 08:59 294,912 a------- c:\windows\system32\bminstall.dll
2009-08-09 08:59 126,976 a------- c:\windows\system32\bmdumpd.bin
2009-08-09 08:59 22,528 a------- c:\windows\system32\drivers\BMLoad.sys
2009-08-09 08:59 18,816 a------- c:\windows\system32\drivers\tcpipBM.sys
2009-08-09 08:59 <DIR> --d----- c:\windows\system32\SupportAppCB
2009-08-09 08:59 <DIR> --d----- c:\program files\T-Mobile Internet Manager
2009-08-07 14:22 7 a------- c:\windows\system32\DF_RMS
2009-08-05 04:12 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Xerox

==================== Find3M ====================

2009-08-21 18:40 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-20 19:22 170,780 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-08-09 17:59 295,997 a------- c:\windows\system32\nvModes.dat
2009-07-02 09:20 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-07-02 09:20 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-29 15:32 5 a------- c:\windows\system32\drivers\DELL_WOR_M90.MRK
2009-06-29 15:32 5 a------- c:\windows\system32\drivers\1028_DELL_WOR_M90.MRK
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-06-11 17:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-09-17 15:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-10-03 16:47 32,768 a--sh--- c:\windows\temp\history\history.ie5\mshist012008100320081004\index.dat

============= FINISH: 19:01:40.23 ===============


ark.txt


DDS (Ver_09-07-30.01) - NTFSx86
Run by spaxton at 19:01:14.95 on Fri 08/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1423 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Novadigm\radexecd.exe
c:\Program Files\Novadigm\radsched.exe
c:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\T-Mobile Internet Manager\UIExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\spaxton.NAM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com
mDefault_Page_URL = hxxp://hub.slb.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Password Reminder] remind.vbs
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GetInfo] c:\program files\mcafee\common framework\GetInfo.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RUNRADTRAY] c:\progra~1\novadigm\radtray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IDTSysTrayApp]
mRun: [TLogonPath] "c:\program files\timbuktu pro\Tb2Logon.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229702934381
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.gateway.slb.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: slbScCertProp - c:\windows\system32\ScCertProp.dll
Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [2008-4-30 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-6-29 33664]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-7-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-7-16 54608]
R2 MSSQL$DRILLING;SQL Server (DRILLING);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
R2 radexecd;HP OVCM Notify Daemon;c:\program files\novadigm\radexecd.exe [2007-2-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\program files\novadigm\radsched.exe [2008-4-30 172210]
R2 Radstgms;HP OVCM MSI Redirector;c:\program files\novadigm\Radstgms.exe [2007-3-20 315570]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2009-8-9 241664]
R2 vddidecr;Digital Delivery Decrypting Device;c:\windows\system32\drivers\vddidecr.sys [2007-5-7 109312]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-5-7 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-5-7 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-5-7 174952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 R72_NT4;R72_NT4;c:\windows\system32\drivers\r72_nt4.sys --> c:\windows\system32\drivers\R72_NT4.sys [?]
S2 R72V2NT4;R72V2NT4; [x]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-8-9 9728]

=============== Created Last 30 ================

2009-08-21 19:01 <DIR> --d----- c:\temp\RarSFX0
2009-08-21 18:58 5,587,370 a------- c:\temp\SAB14.ZIP
2009-08-21 18:45 <DIR> --d----- c:\temp\WPDNSE
2009-08-21 15:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 15:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-21 15:02 <DIR> --d----- c:\temp\{943B6738-4801-4982-90EC-0442EF7AEB16}
2009-08-21 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-21 12:00 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-21 11:14 <DIR> --d----- c:\windows\pss
2009-08-21 10:58 158,960 a------- c:\temp\SSUPDATE.EXE
2009-08-21 10:17 294,828 a------- c:\temp\ExchangePerflog_8484fa318100001fe1a1c0a0.dat
2009-08-21 09:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-20 17:22 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Malwarebytes
2009-08-20 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 17:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 09:45 1,429 a------- c:\windows\ex1234.dat
2009-08-19 09:44 1 ----h--- c:\windows\mmsmark2.dat
2009-08-19 09:44 1 ----h--- c:\windows\ex23567.dat
2009-08-19 08:44 1 a------- c:\windows\fdgg34353edfgdfdf
2009-08-18 18:19 <DIR> --d----- C:\Quarantine
2009-08-17 14:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-17 14:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-17 14:34 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\SUPERAntiSpyware.com
2009-08-17 11:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-17 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-11 11:29 7,070 a------- C:\NetworkCfg.xml
2009-08-09 11:59 56,532 a---h--- c:\windows\system32\mlfcache.dat
2009-08-09 11:42 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-08-09 08:59 105,344 a------- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-08-09 08:59 104,960 a------- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-08-09 08:59 104,960 a------- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-08-09 08:59 9,728 a------- c:\windows\system32\drivers\massfilter.sys
2009-08-09 08:59 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Program Files
2009-08-09 08:59 719,360 a------- c:\windows\system32\bmutil.dll
2009-08-09 08:59 471,040 a------- c:\windows\system32\bmnet.dll
2009-08-09 08:59 294,912 a------- c:\windows\system32\bminstall.dll
2009-08-09 08:59 126,976 a------- c:\windows\system32\bmdumpd.bin
2009-08-09 08:59 22,528 a------- c:\windows\system32\drivers\BMLoad.sys
2009-08-09 08:59 18,816 a------- c:\windows\system32\drivers\tcpipBM.sys
2009-08-09 08:59 <DIR> --d----- c:\windows\system32\SupportAppCB
2009-08-09 08:59 <DIR> --d----- c:\program files\T-Mobile Internet Manager
2009-08-07 14:22 7 a------- c:\windows\system32\DF_RMS
2009-08-05 04:12 <DIR> --d----- c:\docume~1\spaxton.nam\applic~1\Xerox

==================== Find3M ====================

2009-08-21 18:40 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-20 19:22 170,780 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-08-09 17:59 295,997 a------- c:\windows\system32\nvModes.dat
2009-07-02 09:20 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-07-02 09:20 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-29 15:32 5 a------- c:\windows\system32\drivers\DELL_WOR_M90.MRK
2009-06-29 15:32 5 a------- c:\windows\system32\drivers\1028_DELL_WOR_M90.MRK
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-06-11 17:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-09-17 15:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-10-03 16:47 32,768 a--sh--- c:\windows\temp\history\history.ie5\mshist012008100320081004\index.dat

============= FINISH: 19:01:40.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 wsp

wsp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 25 August 2009 - 06:37 AM

Any ideas yet ?

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:38 PM

Posted 01 September 2009 - 10:19 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:38 PM

Posted 06 September 2009 - 06:48 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users