Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches Are Redirected


  • This topic is locked This topic is locked
2 replies to this topic

#1 SKYflyer2

SKYflyer2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 July 2010 - 09:54 AM

Hi, I am using Mozilla Firefox on my Windows 7 machine. Sometimes, when I do a google search, I will click on a link in the search results, and instead of going to the website that google found, I will be redirected to a different website. For example, one link that I have been redirected to is: hxxp://www.intelius.com/search-name.php?searchform=name but there are many other pages that I have been redirected to.

If I press the "back" button on Firefox and try to go to the link again, I will go to the proper page that google found. I am not yet sure if this problem is specific to Firefox or if it is a problem with Internet Explorer also, although I am fairly certain that this problem only affects links from google.com

The GMER scan I ran found nothing, so I have not copied the (empty) log into this post. Maybe this is because I am running Windows 7 and GMER does not seem to be 100% compatible, as I was unable to check some of the required checkboxes, and an error message appeared when opening the program: "C:\Windows\system32\config\system: The system cannot find the file specified."

Thank you very much for any help.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Daniel at 10:28:43.55 on Fri 07/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.4627 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Daniel\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe
C:\Program Files (x86)\Pinnacle\Studio 14\Programs\PER.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Pinnacle\Studio 14\Programs\UMI.EXE
C:\Program Files (x86)\Pinnacle\Studio 14\Programs\RM.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pinnacle\Studio 14\Programs\PinnacleWebPublisher.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Daniel\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrssta.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Cmaudio8788] c:\windows\syswow64\rundll32.exe c:\windows\syswow64\cmicnfgp.dll,CMICtrlWnd
mRun-x64: [Cmaudio8788GX] c:\windows\syswow64\HsMgr.exe Envoke
mRun-x64: [Cmaudio8788GX64] c:\windows\system\HsMgr64.exe Envoke
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\szvchzjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://digg.com/
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\daniel\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-7 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-7 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-7 317520]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-4-10 1257472]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1255736]

=============== Created Last 30 ================

2010-07-21 15:51:28 0 d-----w- c:\program files\iTunes
2010-07-21 15:51:28 0 d-----w- c:\program files\iPod
2010-07-21 15:51:28 0 d-----w- c:\program files (x86)\iTunes
2010-07-21 15:50:19 0 d-----w- c:\program files\Bonjour
2010-07-21 15:50:19 0 d-----w- c:\program files (x86)\Bonjour
2010-07-17 04:32:22 0 d-----w- c:\programdata\CyberLink
2010-07-16 22:29:25 0 d-----w- c:\program files (x86)\Total Video Converter
2010-07-16 15:29:22 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-14 03:37:36 0 d-----w- c:\users\daniel\appdata\roaming\Greyfirst
2010-07-14 03:35:16 0 d-----w- c:\program files (x86)\Celtx
2010-07-07 01:01:30 566814083 ----a-w- c:\windows\MEMORY.DMP
2010-07-07 00:57:49 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-07 00:57:49 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-07 00:57:49 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-07 00:57:49 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-07 00:18:32 65536 --sha-w- c:\users\daniel\ntuser.dat{1fe21c44-895d-11df-abf0-002618626f86}.TM.blf
2010-07-07 00:18:32 524288 --sha-w- c:\users\daniel\ntuser.dat{1fe21c44-895d-11df-abf0-002618626f86}.TMContainer00000000000000000002.regtrans-ms
2010-07-07 00:18:32 524288 --sha-w- c:\users\daniel\ntuser.dat{1fe21c44-895d-11df-abf0-002618626f86}.TMContainer00000000000000000001.regtrans-ms
2010-07-06 04:57:22 73728 ----a-w- c:\windows\system\vdremote.dll
2010-07-06 04:57:22 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-07-06 04:54:16 819200 ----a-w- c:\windows\syswow64\xvidcore.dll
2010-07-06 04:54:16 77824 ----a-w- c:\windows\syswow64\xvid.ax
2010-07-06 04:54:16 180224 ----a-w- c:\windows\syswow64\xvidvfw.dll
2010-07-06 04:54:16 0 d-----w- c:\program files (x86)\Xvid
2010-07-05 20:55:24 0 d-----w- c:\users\daniel\appdata\roaming\HandBrake
2010-07-05 20:55:21 0 d-----w- c:\program files (x86)\Handbrake
2010-07-05 19:38:25 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-07-05 05:19:29 0 d-----w- c:\program files\DivX
2010-07-05 05:18:56 0 d-----w- c:\program files (x86)\DivX
2010-07-05 05:17:48 0 d-----w- c:\programdata\DivX
2010-07-05 04:43:39 0 d-----w- c:\program files (x86)\virutaldub
2010-07-05 04:08:24 0 d-----w- c:\program files (x86)\fraps
2010-07-04 22:33:04 65536 --sha-w- c:\users\daniel\ntuser.dat{0e84e203-86d1-11df-9fbd-002618626f86}.TM.blf
2010-07-04 22:33:04 524288 --sha-w- c:\users\daniel\ntuser.dat{0e84e203-86d1-11df-9fbd-002618626f86}.TMContainer00000000000000000002.regtrans-ms
2010-07-04 22:33:04 524288 --sha-w- c:\users\daniel\ntuser.dat{0e84e203-86d1-11df-9fbd-002618626f86}.TMContainer00000000000000000001.regtrans-ms
2010-07-04 22:20:13 0 d---a-w- c:\programdata\TEMP
2010-07-04 05:38:19 0 d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2010-07-04 05:35:42 0 d-----w- c:\programdata\Studio 14
2010-07-04 05:35:42 0 d-----w- c:\programdata\Pinnacle Studio Plus
2010-07-04 05:35:42 0 d-----w- c:\program files (x86)\common files\Yahoo!
2010-07-04 05:35:42 0 d-----w- c:\program files (x86)\common files\Pegasus Imaging
2010-07-04 05:30:57 0 d-----w- c:\programdata\Pinnacle
2010-07-04 05:30:57 0 d-----w- c:\program files (x86)\Pinnacle
2010-07-03 17:46:33 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-03 17:46:33 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-03 17:46:33 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-03 17:46:33 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-03 17:46:33 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-03 17:46:33 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-03 17:46:33 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-03 17:46:33 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-03 17:46:33 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-03 17:46:33 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 21:12:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-30 21:10:42 0 d-----w- c:\programdata\Lavasoft
2010-06-30 07:28:22 0 d-----w- c:\program files (x86)\CCleaner
2010-06-28 13:46:45 0 d-----w- c:\windows\system32\appmgmt
2010-06-28 13:20:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-28 13:20:16 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-06-27 03:32:11 0 d-----w- c:\users\daniel\TruePianos Settings
2010-06-27 03:31:52 0 d-----w- c:\users\daniel\appdata\roaming\Cakewalk
2010-06-27 03:30:38 0 d-----w- c:\program files (x86)\common files\Native Instruments
2010-06-27 03:30:12 0 d-----w- c:\program files (x86)\Native Instruments
2010-06-27 03:29:51 0 d-----w- c:\programdata\Identities
2010-06-27 03:26:37 368640 ----a-w- c:\windows\syswow64\ReWire.dll
2010-06-27 03:25:22 0 d-----w- c:\programdata\Cakewalk
2010-06-27 03:25:22 0 d-----w- c:\program files\Cakewalk
2010-06-27 03:25:22 0 d-----w- C:\Cakewalk Projects

==================== Find3M ====================

2010-07-16 15:29:22 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-16 15:29:01 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-16 18:16:31 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-06-16 18:16:25 669184 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-06-16 18:16:25 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-06-07 21:21:00 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 21:21:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 21:20:58 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 21:20:58 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 21:20:58 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-03 17:54:20 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-10 23:04:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-10 23:04:23 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-05-10 23:04:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-10 23:04:23 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-02 01:11:14 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 00:55:05 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-04-27 00:55:03 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-04-27 00:55:03 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-04-27 00:54:48 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-04-27 00:54:48 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-04-27 00:54:48 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-10 17:14:38 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-18 23:34:06 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:29:38.30 ===============

Attached Files


Edited by Orange Blossom, 24 July 2010 - 12:59 AM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 31 July 2010 - 07:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.



In your reply, please post both OTL logs. GMER won't work since you're running 64 bit windows...but neither will rootkits it looks for.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 05 August 2010 - 06:37 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users