Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect/ Restore Points Gone/ Random Restarts


  • This topic is locked This topic is locked
1 reply to this topic

#1 Mindriot07

Mindriot07

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 20 December 2010 - 01:15 AM

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Shane at 23:36:42.70 on Sun 12/19/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4058.2575 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Shane\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\unad5rpo.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://students.msbcollege.edu/
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\unad5rpo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shane\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Shane\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-11-20 56008]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-11-20 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-11-20 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-11-20 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-11-20 308136]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-6-19 14336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-22 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-22 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-11-20 517448]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-4-2 35840]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 SaiH0109;SaiH0109;C:\Windows\System32\drivers\SaiH0109.sys [2007-5-1 171144]
S3 SaiU0109;SaiU0109;C:\Windows\System32\drivers\SaiU0109.sys [2007-5-1 34304]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-22 12872]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== File Associations ===============

txtfile="C:\Program Files (x86)\e\e.exe" "%1"

=============== Created Last 30 ================

2010-12-20 05:33:00 -------- d-----w- C:\Users\Shane\AppData\Local\{672D1E0F-9699-4996-B14D-E353180574D8}
2010-12-20 05:13:03 -------- d-----w- C:\Program Files\iTunes
2010-12-20 05:13:03 -------- d-----w- C:\Program Files\iPod
2010-12-19 23:48:44 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2010-12-19 05:06:36 -------- d-----w- C:\Users\Shane\AppData\Local\{B3154136-773C-459E-8E30-05487B64A044}
2010-12-19 04:28:34 -------- d-----w- C:\cygwin
2010-12-19 04:27:27 -------- d-----w- C:\Users\Shane\AppData\Roaming\e
2010-12-19 04:27:13 -------- d-----w- C:\Program Files (x86)\e
2010-12-18 14:03:00 -------- d-----w- C:\Users\Shane\AppData\Local\{4FD4F403-F7A0-4234-BDF3-C06006CDF445}
2010-12-17 06:08:21 -------- d-----w- C:\Users\Shane\AppData\Local\{B3BF4528-85A9-4CA8-B7AC-E3C1AAF15F11}
2010-12-17 06:08:07 -------- d-----w- C:\Users\Shane\Tracing
2010-12-17 05:26:51 -------- d-----w- C:\Windows\en
2010-12-17 05:24:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-12-17 05:22:13 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-12-17 05:20:18 -------- d-----w- C:\Program Files (x86)\Microsoft
2010-12-17 05:20:13 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-12-17 05:19:52 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-12-17 05:18:00 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2010-12-17 05:18:00 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2010-12-17 05:17:59 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2010-12-17 05:17:59 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2010-12-17 05:16:33 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-12-17 05:16:33 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-12-17 05:16:32 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-12-17 05:16:31 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-12-17 05:16:31 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-12-17 05:16:30 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-12-17 05:16:30 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-12-17 05:16:15 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\85dd93e21cb9da907\InstallManager_WLE_WLE.exe
2010-12-17 05:16:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7e4901a81cb9da906\MeshBetaRemover.exe
2010-12-17 05:15:53 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\76ceae901cb9da905\DSETUP.dll
2010-12-17 05:15:53 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\76ceae901cb9da905\DXSETUP.exe
2010-12-17 05:15:53 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\76ceae901cb9da905\dsetup32.dll
2010-12-17 05:15:46 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e5b51d31cb9da904\DXSETUP.exe
2010-12-17 05:15:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e5b51d31cb9da904\DSETUP.dll
2010-12-17 05:15:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e5b51d31cb9da904\dsetup32.dll
2010-12-17 05:14:33 -------- d-----w- C:\Users\Shane\AppData\Local\Windows Live
2010-12-17 05:14:31 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-12-17 04:35:01 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A9E02D1E-25FB-4768-9C51-B63D32AF1B2D}\mpengine.dll
2010-12-15 06:03:22 -------- d-----w- C:\PROGRA~3\BioWare
2010-12-15 05:36:26 -------- d-----w- C:\Windows\SysWow64\AGEIA
2010-12-15 05:36:08 -------- d-----w- C:\PROGRA~3\Media Center Programs
2010-12-15 05:14:48 -------- d-----w- C:\Program Files (x86)\Dragon Age
2010-12-15 05:14:48 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2010-12-15 01:54:11 -------- d-----w- C:\Users\Shane\AppData\Local\GameSpy
2010-12-14 00:08:49 -------- d-----w- C:\Users\Shane\AppData\Local\ApplicationHistory
2010-12-13 22:57:06 -------- d-----w- C:\Program Files (x86)\Songbird
2010-12-13 21:23:30 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2010-12-12 15:14:47 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-12-07 01:41:56 -------- d-----w- C:\Users\Shane\AppData\Local\My Games
2010-12-07 01:30:59 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-12-07 01:13:21 -------- d--h--w- C:\Windows\msdownld.tmp
2010-12-07 01:13:06 -------- d-----w- C:\Windows\SysWow64\directx
2010-12-03 22:43:36 -------- d-----w- C:\Program Files (x86)\Firaxis Games
2010-12-03 22:42:39 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2010-12-03 22:42:38 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-12-03 22:42:38 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-12-03 22:42:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-12-03 22:42:38 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-12-03 22:42:38 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-12-03 22:42:34 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-12-03 22:42:34 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-12-03 21:15:06 -------- d-----w- C:\Users\Shane\AppData\Local\Jam11
2010-12-03 21:09:50 -------- d-----w- C:\Program Files (x86)\Jam11
2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-21 05:25:57 -------- d--h--w- C:\$AVG
2010-11-21 05:22:39 -------- d-----w- C:\Users\Shane\AppData\Local\AVG Security Toolbar
2010-11-21 05:16:36 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2010-11-21 05:16:29 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2010-11-21 04:36:50 -------- d-----w- C:\Users\Shane\AppData\Roaming\AVG9
2010-11-21 04:30:23 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-11-21 04:30:20 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-21 04:30:14 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-21 04:30:10 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-11-21 04:30:10 -------- d-----w- C:\Windows\System32\drivers\Avg
2010-11-21 04:30:08 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2010-11-21 04:29:33 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-21 04:29:32 -------- d-----w- C:\PROGRA~3\avg9

==================== Find3M ====================

2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-28 21:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 21:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-21 20:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

============= FINISH: 23:38:00.22 ===============

The Problem
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Here is my problem. For about the last week now I have been getting redirected to some random different sites just about everytime I click on any search link. It does not matter what search engine I use. It does it an equal amount not matter what I do. Also, I noticed that I have no System Restore Points. I have not tried making any but, I figured that would not really matter seems how it is already screwed. Then, my last not so normal thing my computer is doing is, if i leave it on of night to run a scan or complete a download I will come back to it in the morning and I will have an error that say my computer recovered from and internal error and everything is restarted. I do not know if that is something maleware/spyware/virus's can do but, it seemed important. I guess I could tell you that my games tend to freeze up for no reason at all but, then again my computer is not anything to be proud about. I will post those other 2 files now. Thank you for considering my problem. I am going to school now and my computer is my only means of getting anything done!
-Mindriot07

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-19 23:59:15
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xAF 0x28 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xEC 0xD4 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x06 0xF8 0xED 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0x21 0x5F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0x7D 0x02 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x64 0xFD 0x91 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFD 0xFB 0x36 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xAF 0x28 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xEC 0xD4 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x06 0xF8 0xED 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0x21 0x5F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0x7D 0x02 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x64 0xFD 0x91 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFD 0xFB 0x36 0x71 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{477F921B-0067-5B28-D08D-D064B6E581C7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{477F921B-0067-5B28-D08D-D064B6E581C7}@bbdpfajcgcmdllncjolbagmgfdigfccjbioi 0x61 0x62 0x65 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{477F921B-0067-5B28-D08D-D064B6E581C7}@abdpfajcgcmdllncjoibjoobbeefhmcbgn 0x61 0x62 0x66 0x6F ...

---- EOF - GMER 1.0.15 ---

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 30 December 2010 - 02:48 AM

picked up first topic
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users