Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect...


  • This topic is locked This topic is locked
2 replies to this topic

#1 messi_10

messi_10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 10 December 2010 - 07:11 PM

Everytime I clicked on a link on google, I will be redirected to a random site with /serve.php at the end and then back to google website. Anyone one know what is wrong with my computer?

DDS log


DDS (Ver_10-12-05.01) - NTFSx86
Run by Admin at 7:30:38.62 on Sat 11/12/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3038.1220 [GMT 8:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\SMINST\BLService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\fire\firefox.exe
C:\Program Files\Mozilla Firefox\fire\plugin-container.exe
C:\Users\Admin\Desktop\Auction Sniper Pro.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Admin\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Pavilion&pf=cnnb
uSearch Bar =
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\timeleft3\tlintergie.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BAEC8FFA-8FF3-48E3-B025-00F55119EBDB} = 10.47.64.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: cryptnet32 - cryptnet32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4jqjv2x4.default\
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\users\admin\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4jqjv2x4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\fire\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4jqjv2x4.default\extensions\firefox@tvunetworks.com
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\william\appdata\roaming\idm\idmmzcc3

---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - false
============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-6-1 77004]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-25 64288]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-4-19 20224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/23 08:41:14];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2010-4-20 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 26168]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-31 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-5 365952]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-12-30 57856]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-6-15 6638080]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-10-24 123496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-6-20 84832]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-5 228408]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-7-19 13224]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2009-12-29 4544]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-4-3 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-4-3 79360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c9f1b683af27f0;Google Update Service (gupdate1c9f1b683af27f0);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-27 296320]
S4 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-27 116096]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-4-14 53248]

=============== Created Last 30 ================

2010-12-06 12:11:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-06 12:11:22 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 12:03:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-06 07:05:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-06 07:05:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-06 07:04:19 -------- d-----w- c:\progra~2\Hitman Pro
2010-12-05 01:59:00 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2010-12-05 01:59:00 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-05 01:58:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-05 01:05:29 -------- d--h--w- C:\$AVG
2010-12-04 16:21:04 15256 ----a-w- c:\users\admin\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-12-04 15:37:32 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-04 08:47:25 229376 ----a-w- c:\windows\system32\drivers\sstBD6E.sys
2010-12-04 08:47:25 0 ----a-w- c:\windows\system32\drivers\sstBD6E.tmp
2010-12-03 14:27:13 -------- d-----w- c:\progra~2\firebird
2010-12-03 14:27:12 -------- d-----w- c:\progra~2\cladgenius.com
2010-12-03 14:26:42 -------- d-----w- c:\program files\CLADGenius
2010-12-03 14:19:03 -------- d-----w- c:\users\admin\appdata\local\Opera
2010-11-30 06:37:15 -------- d-----w- c:\users\admin\appdata\local\Auto-Mouse-Clicker
2010-11-30 06:34:10 -------- d-----w- c:\program files\Auto Mouse
2010-11-30 05:51:52 -------- d-----w- c:\program files\AutoKeyboard90
2010-11-30 05:49:05 -------- d-----w- c:\users\admin\appdata\roaming\GetRightToGo
2010-11-30 05:43:14 159744 ----a-w- c:\windows\QMDispatch.dll
2010-11-30 05:43:10 -------- d-----w- c:\program files\QMacro
2010-11-29 05:04:56 -------- d-----w- c:\users\admin\appdata\roaming\NVIDIA
2010-11-29 01:48:47 -------- d-----w- c:\users\admin\appdata\local\AskToolbar
2010-11-29 01:32:43 -------- d-----w- c:\users\admin\appdata\roaming\JAM Software
2010-11-28 15:09:14 -------- d-----w- c:\progra~2\hssff
2010-11-26 09:22:07 -------- d-----w- c:\program files\Ask.com
2010-11-26 09:21:04 -------- d-----w- c:\program files\The KMPlayer
2010-11-26 05:57:09 -------- d-----w- C:\New Folder
2010-11-26 05:19:12 -------- d-sh--w- C:\found.000
2010-11-25 17:50:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-25 15:34:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-25 15:34:22 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-25 15:27:26 -------- d-----w- c:\users\admin\appdata\local\Sunbelt Software
2010-11-25 15:26:29 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-25 15:01:32 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-11-25 15:01:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 15:01:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 15:01:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 15:01:20 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-25 14:52:20 -------- d-----w- c:\users\admin\appdata\local\Google
2010-11-25 14:50:53 -------- d-----w- c:\users\admin\appdata\roaming\AVG10
2010-11-25 14:49:32 -------- d--h--w- c:\progra~2\Common Files
2010-11-25 14:49:26 -------- d-----w- c:\progra~2\Alwil Software
2010-11-25 14:44:48 -------- d-----w- c:\progra~2\AVG10
2010-11-25 14:06:22 -------- d-----w- c:\progra~2\MFAData
2010-11-25 14:03:10 -------- d-----w- c:\progra~2\PC Tools
2010-11-21 02:17:36 -------- d-----w- c:\program files\iPod
2010-11-21 02:09:49 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-10-19 03:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 17:29:22 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-10-08 08:38:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-08 08:38:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-08 08:38:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-08 08:38:00 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-08 08:38:00 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-08 08:38:00 2911848 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-08 08:38:00 2666088 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-08 08:38:00 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-10-08 08:38:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-08 08:38:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-08 08:38:00 10021992 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-07 18:03:52 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-07 18:03:52 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-07 18:03:52 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-07 18:03:50 279144 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-07 18:03:46 3416680 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-07 18:03:40 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-07 04:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 04:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 07:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 7:38:29.27 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/3/2009 10:56:54 PM
System Uptime: 11/12/2010 6:13:58 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 30F8
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | CPU | 2400/1066mhz

==== Disk Partitions =========================

B: is FIXED (NTFS) - 12 GiB total, 0.508 GiB free.
C: is FIXED (NTFS) - 286 GiB total, 4.418 GiB free.
D: is CDROM (UDF)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0C6\7&C91F959&0&001EDC04BDB8_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0C6\7&C91F959&0&001EDC04BDB8_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0C6\7&C91F959&0&001EDC04BDB8_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0C6\7&C91F959&0&001EDC04BDB8_C00000000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Age of Empires III
Age of Wonders
AhnLab Online Security
Alps Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AuditionSEA
Auto-Keyboard 9.0
Auto Mouse 1.3
Auto Shutdown
avast! Free Antivirus
AVG 2011
AviSynth 2.5
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Business Contact Manager for Outlook 2007 SP2
CCleaner
Chinese Chess Giant
Client for XiangQi.CC
CyberLink DVD Suite
DivX Setup
Dragonica
ENE CIR Receiver Driver (12/30/2008 2.7.2.0)
ESU for Microsoft Vista
FLV to MP3 Converter 1.5
Football Manager 2010
Free M4a to MP3 Converter 6.2
Futuremark SystemInfo
Game Booster
Garena
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GOM Player
Google Chrome
Google Update Helper
GunboundS2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.56
HP Active Support Library
HP Advisor
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Games
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Print Diagnostic Utility
HP Product Detection
hp psc 1200 series
HP Quick Launch Buttons
HP Total Care Setup
HP Update
HP User Guides 0125
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Intel® Rapid Storage Technology
Internet Download Manager
iTunes
Java™ 6 Update 17
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 5.6.1 (Standard)
LabelPrint
Left 4 Dead Standalone Patch
LightScribe System Software
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ Most Wanted
NeoKwinto
Norton Internet Security
NVIDIA Control Panel 260.89
NVIDIA Graphics Driver 260.89
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Opera 10.63
Power2Go
PowerDirector
Pro Evolution Soccer 2010
ProtectSmart Hard Drive Protection
PVSonyDll
Qianhong 3.5.1
QLBCASL
QuickTime
Real Alternative 2.0.2
Realtek Ethernet Controller Driver For Windows Vista
RollerCoaster Tycoon® 3
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
SoftStylus
SopCast 3.2.9
Speed Gear v7.1
SPORE Creature Creator Trial Edition
Starcraft 2 - Beta Launcher
Starcraft Brood War (RAZOR 1911)
StarCraft Brood War by Monikon 1.16.1
StarCraft II Beta
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab for Intel
The Battle for Middle-earth ™ II
The KMPlayer (remove only)
Theme Hospital
TimeLeft
Total Video Converter 3.61 100319
TreeSize Professional 5.2.3
TVUPlayer 2.5.3.1
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update Service
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.0
Warcraft III
Warcraft III: All Products
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.2.8
WinZip 12.0
Yacc 0.4.0.3
ZD Soft Screen Recorder 4.1.3.0

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 AM

Posted 18 December 2010 - 10:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 AM

Posted 23 December 2010 - 06:55 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users