Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random IE7 redirect (not google)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Retroboy

Retroboy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 August 2010 - 09:00 AM

OS - WINxp SP3
Browser - IE8, build 8.0.6001.18702
Antivirus - AVG (no problems detected) Norton (no problems detected)

Problem: about one in six times, my browser does not go to the intended URL. Instead, it goes to a different somewhat random site that appears to be a search result, somewhat as if I had typed a search topic into Google and then clicked the first link. When I click the Back button, it reverses not to my source site, but to Google itself, and hitting Back at that point remains at Google. However, if I click the Back button repeatedly as fast as I can, it will go back eventually to the sites that I was at previously to the hijack.

Example
I'm at microsoft.com, then type yahoo.com
Browser is now at yahoo.com. I type a search term.
Browser is now at yahoo.com proper search results. I click the first one, which is abcfurniture.com (for example)
Browser is now at abcfurniture.com. I click the forums button on that site (or any other button)
Browser jumps instead to an advertising site that sells furniture. I click the back button.
I am now at google.com. I click back again.
Still at google.com. I quadrupleclick back very quickly.
I am now at yahoo.com again

So it "sounds" like some variant of google redirect but it's taken over my browser itself, not just my google attempts.

After reading through some posts on this very helpful site, I have downloaded and run HijackThis and have the following log. [edit]I have also included the two log files from the preparatory steps noted in this forum's readme.

I HAVE BOLDED SEVEN SUSPICIOUS LINES IN THE O4 SECTION BELOW AND MARKED THEM WITH =====>>>
THESE DLL'S SHOW UP IN NO GOOGLE SEARCH RESULTS. I EXPECT THEY ARE RANDOMLY GENERATED NAMES.
GOING TO FIX THEM BUT WANTED TO CHECK TO SEE IF ANYONE HAS SEEN ANYTHING SIMILAR TO THESE BEFORE DELETING.

Thanks!
===============================================================
===============================================================
HIJACK THIS LOG
===============================================================
===============================================================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:59 AM, on 8/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesWireless Optical MouseMOffice.exe
C:Program FilesMultimedia keyboard utilityKbdAp32A.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesResearch In MotionAuto UpdateRIMAutoUpdate.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesWireless Optical MouseMOUSE32A.EXE
C:Program FilesDivXDivX UpdateDivXUpdate.exe
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:Program FilesInternet Exploreriexplore.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.theglobeandmail.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesWireless Optical MouseMOffice.exe
O4 - HKLM..Run: [FLMK08KB] C:Program FilesMultimedia keyboard utilityKbdAp32A.exe
O4 - HKLM..Run: [SoundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [AsusStartupHelp] C:Program FilesASUSAASP1.00.16AsRunHelp.exe
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [BlackBerryAutoUpdate] C:Program FilesCommon FilesResearch In MotionAuto UpdateRIMAutoUpdate.exe /background
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [DivXUpdate] "C:Program FilesDivXDivX UpdateDivXUpdate.exe" /CHECKNOW
O4 - HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
=========>>> O4 - HKLM..Run: [yaxxwvaudio] rundll32.exe "urpnkh.dll",s
=========>>> O4 - HKLM..Run: [wvvvspsys] rundll32.exe "rqpomk.dll",s

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [Steam] "c:program filessteamsteam.exe" -silent
O4 - HKCU..Run: [EA Core] "C:Program FilesElectronic ArtsEADMCore.exe" -silent
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [igndlm.exe] C:Program FilesDirect2Drive Download ManagerDLM.exe /windowsstart /startifwork
=========>>> O4 - HKCU..Run: [efdabcdrv] rundll32.exe "nnkkkl.dll",s
=========>>> O4 - HKCU..Run: [qonmnkaudio] rundll32.exe "urpnkh.dll",s

O4 - HKCU..RunOnce: [Shockwave Updater] C:WINDOWSsystem32AdobeSHOCKW~1SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://maidmarian.com/Sherwood.htm"
=========>>> O4 - HKUSS-1-5-18..Run: [dddcddaudio] rundll32.exe "urpnkh.dll",s (User 'SYSTEM')
=========>>> O4 - HKUSS-1-5-18..Run: [ddaaaysys] rundll32.exe "rqpomk.dll",s (User 'SYSTEM')
=========>>> O4 - HKUS.DEFAULT..Run: [dddcddaudio] rundll32.exe "urpnkh.dll",s (User 'Default user')

O4 - Startup: Impulse Now.lnk = C:Program FilesStardockImpulseNowImpulseNow.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://webmail.aliant.ca/eRoomSetup/,DanaI...java+client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174518666219
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.nbpower.com/dana-cached/set...perSetupSP1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - http://cnn-5.vo.llnwd.net/c1/static/client...er/gtplugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - c:program filessteamsteamappscommondragon age originsbin_shipDAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe (file missing)

--
End of file - 13162 bytes

==================================
==================================
==================================
DDS LOG
==================================
==================================
==================================

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 13:42:45.87 on Sun 08/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1491 [GMT -3:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesWireless Optical MouseMOffice.exe
C:Program FilesMultimedia keyboard utilityKbdAp32A.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesWireless Optical MouseMOUSE32A.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesResearch In MotionAuto UpdateRIMAutoUpdate.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:Program FilesDivXDivX UpdateDivXUpdate.exe
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5LKM7QV2Idds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theglobeandmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar2.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:program filescommon filesinstallshieldupdateserviceISUSPM.exe" -scheduler
uRun: [Steam] "c:program filessteamsteam.exe" -silent
uRun: [EA Core] "c:program fileselectronic artseadmCore.exe" -silent
uRun: [Google Update] "c:documents and settingsuserlocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [igndlm.exe] c:program filesdirect2drive download managerDLM.exe /windowsstart /startifwork
uRun: [efdabcdrv] rundll32.exe "nnkkkl.dll",s
uRun: [qonmnkaudio] rundll32.exe "urpnkh.dll",s
uRunOnce: [Shockwave Updater] c:windowssystem32adobeshockw~1SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://maidmarian.com/Sherwood.htm"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [dla] c:windowssystem32dlatfswctrl.exe
mRun: [FLMOFFICE4DMOUSE] c:program fileswireless optical mouseMOffice.exe
mRun: [FLMK08KB] c:program filesmultimedia keyboard utilityKbdAp32A.exe
mRun: [SoundMAX] "c:program filesanalog devicessoundmaxSmax4.exe" /tray
mRun: [AsusStartupHelp] c:program filesasusaasp1.00.16AsRunHelp.exe
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:program filescommon filesresearch in motionauto updateRIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [SoundMAXPnP] c:program filesanalog devicescoresmax4pnp.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW
mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui
mRun: [yaxxwvaudio] rundll32.exe "urpnkh.dll",s
mRun: [wvvvspsys] rundll32.exe "rqpomk.dll",s
dRun: [dddcddaudio] rundll32.exe "urpnkh.dll",s
dRun: [ddaaaysys] rundll32.exe "rqpomk.dll",s
StartupFolder: c:docume~1userstartm~1programsstartupimpuls~1.lnk - c:program filesstardockimpulsenowImpulseNow.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
Trusted Zone: nbpower.comconnect
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://webmail.aliant.ca/eRoomSetup/,DanaInfo=www.eroomirvingoil.com,SSL,CT=java+client.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174518666219
DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} - hxxp://www.nanoscan.com/cabs/nanoinst.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.nbpower.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} - hxxp://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:windowssystem32ieframe.dll
LSA: Authentication Packages = msv1_0 rqpomk.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2008-4-3 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2008-4-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-27 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-27 40384]
R3 Eacfilt;Eacfilt Miniport;c:windowssystem32driverseacfilt.sys [2007-6-1 11113]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:windowssystem32driversamdacpi.sys --> c:windowssystem32driversAmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:windowssystem32driversamdtools.sys --> c:windowssystem32driversamdtools.sys [?]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-5-22 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:program filessteamsteamappscommondragon age originsbin_shipdaupdatersvc.service.exe [2010-3-8 25832]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:windowssystem32driversipsecw2k.sys [2007-6-1 216459]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-15 14:21:48 160 ----a-w- c:documents and settingsuserdefogger_reenable
2010-08-15 12:44:07 0 d-----w- c:program filesTrend Micro
2010-08-13 09:07:16 0 d-----w- c:windowssystem32driversNSS
2010-08-13 09:07:15 0 d-----w- c:program filesNortonInstaller
2010-07-28 14:08:16 0 d-----w- c:program filesStarCraft II
2010-07-28 14:08:16 0 d-----w- c:docume~1alluse~1applic~1Blizzard Entertainment
2010-07-27 22:59:10 92672 ---ha-w- c:windowssystem32urpnkh.dll
2010-07-27 22:52:09 38848 ----a-w- c:windowsavastSS.scr
2010-07-27 22:51:51 0 d-----w- c:docume~1alluse~1applic~1Alwil Software
2010-07-23 15:42:16 3735920 ----a-w- c:windowssystem32GameMon.des
2010-07-23 15:41:52 4682 ----a-w- c:windowssystem32npptNT2.sys
2010-07-23 15:41:51 5174 ----a-w- c:windowssystem32nppt9x.vxd
2010-07-23 15:41:26 0 d-----w- c:program filescommon filesINCA Shared
2010-07-23 13:57:55 0 d-----w- c:docume~1alluse~1applic~1PMB Files
2010-07-23 13:57:11 0 d-----w- c:program filesPando Networks
2010-07-22 23:07:37 68096 ---ha-w- c:windowssystem32khebbx.dll

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:windowssystem32msxml3.dll
2008-11-02 16:40:36 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008110220081103index.dat

============= FINISH: 13:43:31.99 ===============

Hi, saw from a different post that mbrcheck could be useful, and it appeared to find something??? Here is the log.

Please, what should my next steps be?
=========================================================================

MBRCheck, version 1.2.3
2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

.C: --> .PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB .PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Press ENTER to exit...

EDIT: Posts merged ~BP

Attached Files


Edited by Retroboy, 15 August 2010 - 06:47 PM.


BC AdBot (Login to Remove)

 


#2 Retroboy

Retroboy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 18 August 2010 - 03:25 PM

Hello. After I cleared cookies and rebooted, the problem has not recurred. I'm "closing" this request but have bookmarked and will reopen if it does recur.

Cheers,
-- Retro

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 AM

Posted 18 August 2010 - 05:10 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users