Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results links redirected to ad pages


  • This topic is locked This topic is locked
2 replies to this topic

#1 chipfrank

chipfrank

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 December 2009 - 03:14 AM

When I click on the link for a search result from Google, Yahoo, etc. I'm redirected to an advertisement page instead. Also, when I click on a favorites link in Internet Explorer, I'm redirected to an ad page. Here's a copy of my DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Appraiser at 1:50:02.37 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2220 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Zecter\ZumoDrive\ZumoDrive.exe
C:\Program Files\Pandora\Pandora.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Moffsoft FreeCalc\MoffFreeCalc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Appraiser\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Second Copy] "c:\progra~1\seccopy\SecCopy.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\apprai~1\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259939285578
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\apprai~1\applic~1\mozilla\firefox\profiles\cko3i192.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-4 207792]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-12-4 24064]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-12-5 147416]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-12-19 583640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-4 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-4 1141712]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-12-4 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-12-4 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-12-4 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-12-4 677128]
R3 hpusbwdm;HP DVD Movie Writer;c:\windows\system32\drivers\hpusbwdm.sys [2009-12-5 1080832]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-12-4 176640]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-12-4 335376]
S0 cerc6;cerc6; [x]

=============== Created Last 30 ================

2009-12-20 03:18:00 5960125 ------w- c:\windows\Desktop Hijack Fix.CAB
2009-12-20 03:18:00 3747 ----a-w- c:\windows\SETUP.LST
2009-12-20 03:18:00 1595 ----a-w- c:\windows\ST6UNST.000
2009-12-20 03:17:24 249856 ------w- c:\windows\Setup1.exe
2009-12-20 03:17:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-20 03:00:05 0 ----a-w- c:\windows\system32\8104297.jun
2009-12-20 03:00:00 0 d-----w- c:\program files\Browser Hijack Recover
2009-12-20 00:09:52 0 d-----w- c:\docume~1\apprai~1\applic~1\Registry Mechanic
2009-12-19 23:45:28 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2009-12-19 23:45:28 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2009-12-19 23:45:27 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2009-12-15 23:42:08 0 dc-h--w- c:\windows\ie8
2009-12-14 20:15:52 0 d-----w- c:\program files\FARES
2009-12-14 20:15:14 299520 ----a-w- c:\windows\uninst.exe
2009-12-14 20:14:24 0 d-----w- c:\documents and settings\appraiser\WINDOWS
2009-12-13 23:37:17 0 d-----w- c:\temp\DVD
2009-12-13 22:46:29 0 d-----w- C:\temp
2009-12-13 04:18:20 0 d-----w- c:\program files\Xilisoft
2009-12-13 02:09:07 0 d-----w- c:\program files\SmartDVDCreator
2009-12-12 09:40:53 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-12 09:40:53 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-10 18:47:17 0 d-----w- c:\program files\common files\DivX Shared
2009-12-10 18:47:16 0 d-----w- c:\program files\DivX
2009-12-10 16:20:56 0 d-----w- c:\docume~1\apprai~1\applic~1\FrostWire
2009-12-10 16:20:35 0 d-----w- c:\program files\FrostWire
2009-12-10 08:24:32 0 d-----w- c:\program files\common files\xing shared
2009-12-10 08:24:06 0 d-----w- c:\program files\common files\Real
2009-12-08 19:46:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-08 19:46:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-08 19:46:23 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-08 19:46:16 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-08 19:44:44 0 d-----w- c:\program files\Canon
2009-12-06 05:31:46 0 d-----w- c:\program files\PFConfig
2009-12-06 05:19:38 0 d-----w- c:\program files\uTorrent
2009-12-06 05:18:32 0 d-----w- c:\docume~1\apprai~1\applic~1\uTorrent
2009-12-06 04:19:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2009-12-06 04:18:08 0 d-----w- c:\program files\common files\SureThing Shared
2009-12-06 04:17:19 0 d-----w- c:\program files\common files\Sonic Shared
2009-12-06 04:16:33 0 d-----w- c:\program files\Roxio
2009-12-06 03:57:23 0 d-----w- c:\docume~1\apprai~1\applic~1\ZumoDrive
2009-12-06 03:57:20 147416 ----a-w- c:\windows\system32\drivers\cbfs.sys
2009-12-06 03:57:15 0 d-----w- c:\program files\Zecter
2009-12-06 03:38:24 0 d-----w- c:\program files\Rhapsody
2009-12-06 03:29:20 0 d-----w- c:\program files\Moffsoft FreeCalc
2009-12-05 22:46:27 0 d-----w- c:\docume~1\apprai~1\applic~1\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
2009-12-05 22:46:21 0 d-----w- c:\program files\Pandora
2009-12-05 18:24:03 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-05 18:23:48 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-05 18:23:33 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-05 18:23:33 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-05 18:22:08 3252 ----a-w- c:\windows\system32\wbem\Outlook_01ca75d7db094d1e.mof
2009-12-05 18:10:11 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-05 18:10:11 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-05 18:09:29 0 d-----w- c:\program files\iPod
2009-12-05 18:09:26 0 d-----w- c:\program files\iTunes
2009-12-05 18:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-05 18:09:03 0 d-----w- c:\program files\Bonjour
2009-12-05 18:07:56 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-05 18:07:56 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-05 17:41:48 0 d-----w- c:\docume~1\apprai~1\applic~1\Office Genuine Advantage
2009-12-05 17:36:18 3252 ----a-w- c:\windows\system32\wbem\Outlook_01ca75d173978a2a.mof
2009-12-05 17:25:26 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-12-05 17:25:07 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-05 15:51:07 93 ----a-w- c:\windows\brpcfx.ini
2009-12-05 15:51:07 227 ----a-w- c:\windows\Brpfx04a.ini
2009-12-05 15:50:37 52224 ------w- c:\windows\system32\brinsstr.dll
2009-12-05 15:50:30 86016 ------w- c:\windows\system32\BrWebIns.dll
2009-12-05 15:50:30 69632 ------w- c:\windows\system32\BRWEBUP.EXE
2009-12-05 15:50:30 188416 ------w- c:\windows\system32\PDRVINST.DLL
2009-12-05 15:50:25 6224 ------w- c:\windows\CVRPAGE.BMP
2009-12-05 15:50:25 0 d-----w- C:\Brother
2009-12-05 15:50:22 126976 ------w- c:\windows\system32\BrfxD05a.dll
2009-12-05 15:50:21 163840 ------w- c:\windows\system32\NSSearch.dll
2009-12-05 15:50:21 0 ----a-w- c:\windows\brdfxspd.dat
2009-12-05 15:50:20 53248 ------w- c:\windows\system32\BrMfNt.dll
2009-12-05 15:50:20 147456 ----a-w- c:\windows\brunin03.dll
2009-12-05 15:50:20 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2009-12-05 15:50:20 0 d-----w- c:\program files\Brother
2009-12-05 15:49:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother
2009-12-05 15:36:41 0 d-----r- c:\docume~1\apprai~1\applic~1\Brother
2009-12-05 15:26:52 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-12-05 15:26:52 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-05 15:26:30 65 ----a-w- c:\windows\system32\BD8860DN.DAT
2009-12-05 15:26:30 410 ----a-w- c:\windows\BRWMARK.INI
2009-12-05 15:22:01 0 d--h--w- C:\BJPrinter
2009-12-05 15:22:00 7680 ----a-w- c:\windows\system32\CNMVS64.DLL
2009-12-05 15:21:58 116736 ----a-w- c:\windows\system32\CNMLM64.DLL
2009-12-05 15:18:41 1080832 ----a-r- c:\windows\system32\drivers\hpusbwdm.sys
2009-12-05 15:18:35 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2009-12-05 15:18:35 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2009-12-05 15:18:35 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2009-12-05 15:18:35 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-12-05 15:18:35 28672 -c--a-w- c:\windows\system32\dllcache\vidcap.ax
2009-12-05 15:18:35 28672 ----a-w- c:\windows\system32\vidcap.ax
2009-12-05 15:18:34 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-05 15:18:34 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-05 15:18:32 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2009-12-05 15:18:32 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-12-05 15:12:40 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-05 15:12:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-05 15:12:26 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-05 15:12:26 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-04 22:07:18 376 ----a-w- c:\windows\ODBC.INI
2009-12-04 22:00:19 0 d-----w- c:\program files\common files\Borland Shared
2009-12-04 21:59:55 0 d-----w- c:\windows\ShellNew
2009-12-04 21:59:37 0 d-----w- c:\program files\common files\Corel
2009-12-04 21:59:36 0 d-----w- c:\program files\WordPerfect Office 12
2009-12-04 21:50:41 0 d-----w- c:\windows\system32\appmgmt
2009-12-04 21:43:18 0 d-----w- c:\docume~1\apprai~1\applic~1\GoodSync
2009-12-04 21:18:03 0 d-----w- c:\program files\Microsoft Streets & Trips 2009
2009-12-04 21:15:12 0 d-----w- c:\program files\MSECache
2009-12-04 21:10:19 0 d-----w- c:\program files\Microsoft Digital Image 10
2009-12-04 21:02:30 0 d-----w- c:\program files\Siber Systems
2009-12-04 20:47:03 2304 ----a-w- c:\windows\system32\Machnm32.sys
2009-12-04 20:47:01 62009 ----a-w- c:\windows\system32\WPFB.DLL
2009-12-04 20:47:01 11323 ----a-w- c:\windows\system32\drivers\pivotmou.sys
2009-12-04 20:46:58 17465 ----a-w- c:\windows\system32\drivers\pivot.sys
2009-12-04 20:46:57 0 d-----w- c:\program files\Portrait Displays
2009-12-04 20:03:02 497496 ----a-w- c:\windows\system32\XceedZip.dll
2009-12-04 20:03:02 0 d-----w- c:\program files\SecCopy
2009-12-04 19:59:25 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-04 19:25:33 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-04 19:24:08 0 d-----w- c:\windows\system32\LogFiles
2009-12-04 16:39:24 147456 ----a-w- c:\windows\system32\hpcpn5r1.dll
2009-12-04 16:35:07 0 d-----w- C:\HP LJ4200-4300 Series PCL6 Driver
2009-12-04 16:23:55 0 d-----w- c:\windows\system32\Service
2009-12-04 16:19:00 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-04 16:18:57 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-04 16:18:57 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-04 16:18:53 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-04 16:11:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-04 16:11:36 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-04 16:11:36 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-04 16:11:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-04 16:11:30 0 d-----w- c:\program files\common files\PC Tools
2009-12-04 16:11:26 0 d-----w- c:\program files\Spyware Doctor
2009-12-04 16:11:26 0 d-----w- c:\docume~1\apprai~1\applic~1\PC Tools
2009-12-04 16:11:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-04 15:44:44 0 d-sh--w- c:\documents and settings\appraiser\PrivacIE
2009-12-04 15:41:43 0 d-sh--w- c:\documents and settings\appraiser\IETldCache
2009-12-04 15:37:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-12-04 15:37:13 0 d-----w- c:\program files\Trend Micro
2009-12-04 15:36:02 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2009-12-04 15:35:46 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-12-04 15:35:46 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-12-04 15:35:46 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-12-04 15:35:46 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-12-04 15:35:46 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-12-04 15:30:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-04 15:30:46 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-04 15:23:31 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-04 15:19:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 15:17:00 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-04 15:16:58 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-04 15:16:57 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-04 15:09:30 0 d-----w- c:\windows\system32\PreInstall
2009-12-04 15:09:28 0 d--h--w- c:\windows\$hf_mig$
2009-12-04 15:06:38 0 d-----w- c:\windows\system32\XPSViewer
2009-12-04 15:06:15 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-04 15:06:12 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-04 15:06:12 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-04 15:06:12 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-04 15:06:12 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-04 15:06:12 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-04 15:06:12 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 15:06:12 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-04 15:00:13 0 d-sh--w- c:\documents and settings\appraiser\UserData
2009-12-04 14:55:25 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-04 14:51:19 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-04 14:51:03 176640 ----a-w- c:\windows\system32\drivers\k57xp32.sys
2009-12-04 14:48:46 0 d-----w- c:\program files\Broadcom
2009-12-04 14:45:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-04 14:42:00 0 d-----w- c:\windows\system32\ReinstallBackups
2009-12-04 14:41:58 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-04 14:41:50 0 d-----w- C:\Intel
2009-12-04 14:27:11 0 d--h--w- c:\windows\PIF
2009-12-04 14:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2009-12-04 14:26:23 0 d-----w- c:\windows\Downloaded Installations
2009-12-04 14:22:55 0 d-----w- c:\program files\att-nap
2009-12-04 14:22:50 0 d-----w- c:\program files\common files\Motive
2009-12-04 14:19:11 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-04 13:59:22 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-04 13:41:19 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-12-04 13:41:10 0 d-----w- c:\program files\ATI Technologies
2009-12-04 13:39:59 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2009-12-04 13:39:47 0 d-----w- c:\program files\Analog Devices
2009-12-04 13:36:41 0 d-----w- c:\windows\system32\vmm32
2009-12-04 13:36:41 0 d-----w- c:\program files\Dell
2009-11-30 19:25:14 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-30 19:25:01 0 d--h--w- c:\program files\WindowsUpdate
2009-11-30 19:24:33 0 d-----w- c:\program files\common files\MSSoap
2009-11-30 19:23:22 0 d-----w- c:\program files\Online Services
2009-11-30 19:23:17 0 d-----w- c:\program files\Messenger
2009-11-30 19:23:14 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-30 19:22:49 0 d-----w- c:\program files\Windows NT
2009-11-30 14:12:45 0 d-----w- c:\program files\common files\ODBC
2009-11-30 14:12:43 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-30 14:12:24 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-17 07:04:39 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-10 04:26:05 120274 ----a-w- c:\windows\fonts\AdobeFnt07.lst
2009-11-30 19:23:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 1:51:33.03 ===============

Attached Files


Edited by chipfrank, 20 December 2009 - 11:08 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:29 AM

Posted 01 January 2010 - 02:43 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:29 AM

Posted 07 January 2010 - 02:55 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users