Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 MattC966

MattC966

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 19 June 2011 - 01:48 PM

Hi,

I'm having some problems where any links I click on a Google Search (or any other search engine page for that matter) link, it redirects me to advert sites that have nothing to do with what I've clicked on. I have little experience in how to deal with this, so any help would be appreciated!!!

DDS Log:


.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Matt at 20:02:49 on 2011-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3835.1704 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEKE.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [EPSON622633] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKE.EXE /FU "C:\Windows\TEMP\E_SC736.tmp" /EF "HKCU"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{538A4C50-9509-4EBC-92A5-824CF17A1DCE} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2AE0CB6-12B1-4335-A255-CCECBD18FD7A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2AE0CB6-12B1-4335-A255-CCECBD18FD7A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{C2AE0CB6-12B1-4335-A255-CCECBD18FD7A}\56573747F6E6 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-24 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-15 514232]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-16 821080]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-4-29 101048]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-15 2337144]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-10-9 14336]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-6-16 20336]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-6-16 33184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-6-16 21328]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-06-17 15:12:46 -------- d-----w- C:\VundoFix Backups
2011-06-16 21:26:59 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-16 21:26:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-16 21:21:37 -------- d-----w- C:\Program Files (x86)\IObit
2011-06-16 21:18:18 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A7ED14D-3C6D-4E2B-8659-0CA95C0FFEDC}\gapaengine.dll
2011-06-16 21:18:13 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60F92D43-A6C2-47D8-9F5D-CFE11020F249}\mpengine.dll
2011-06-16 21:17:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-06-16 21:17:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-16 20:52:05 -------- d-----w- C:\Users\Matt\AppData\Roaming\IObit
2011-06-16 20:38:54 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-06-16 20:29:56 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-06-16 20:29:18 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-16 20:29:15 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-16 19:41:12 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-06-16 18:55:56 -------- d-----w- C:\Adobe Photoshop CS5.1
2011-06-16 18:54:35 -------- d-----w- C:\Users\Matt\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-06-16 18:54:31 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2011-06-16 18:26:28 45056 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2011-06-16 18:26:24 45056 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2011-06-16 18:23:03 -------- d-----w- C:\Program Files (x86)\Macromedia
2011-06-16 18:23:03 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
2011-06-16 18:22:37 180224 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2011-06-16 18:22:36 409600 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2011-06-16 18:22:36 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2011-06-16 18:22:36 266240 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2011-06-16 18:22:36 172032 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2011-06-16 18:22:33 761856 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2011-06-16 18:22:33 540772 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2011-06-16 18:22:28 -------- d-----w- C:\Windows\Downloaded Installations
2011-06-16 17:46:59 -------- d-----w- C:\Users\Matt\AppData\Roaming\GetRightToGo
2011-06-16 15:40:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-06-16 15:40:59 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-06-16 15:40:51 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-16 15:40:51 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-16 15:40:49 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 15:40:49 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 15:40:49 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 15:40:47 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 15:40:47 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 15:40:45 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 15:40:45 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-16 14:28:52 1441584 ----a-w- C:\Users\Matt\TDSSKiller.exe
2011-06-15 18:39:58 -------- d-----w- C:\Program Files (x86)\Sibelius Software
2011-06-15 16:29:29 106496 --sha-r- C:\Windows\SysWow64\wmpcmr.dll
2011-06-15 16:21:15 605696 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}\IconC23B8C30.exe
2011-06-15 16:16:46 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-06-15 14:56:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 19:01:21 -------- d-----w- C:\Users\Matt\AppData\Local\Amazon
2011-06-13 19:01:14 -------- d-----w- C:\Program Files (x86)\Amazon
2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-03 17:22:57 -------- d-----w- C:\Users\Matt\AppData\Roaming\AnvSoft
2011-06-03 17:22:51 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-06-03 17:17:26 -------- d-----w- C:\ProgramData\AVS4YOU
2011-06-03 17:17:23 -------- d-----w- C:\Users\Matt\AppData\Roaming\AVS4YOU
2011-06-03 17:16:41 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-06-03 17:16:40 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2011-06-03 17:16:38 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-06-03 17:16:00 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-06-03 17:15:51 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-05-31 14:42:24 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2011-05-31 14:42:20 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-05-25 17:45:00 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-25 17:45:00 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-05-25 17:44:54 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-05-25 17:26:26 -------- d-----w- C:\Program Files (x86)\EA Games
2011-05-25 17:20:00 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 16:32:27 -------- d-----w- C:\Users\Matt\AppData\Local\LogMeIn Hamachi
.
==================== Find3M ====================
.
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 20:04:58.61 ===============
Attatchment:
Attached File  Attach.txt   12.93KB   1 downloads

Edited by MattC966, 19 June 2011 - 02:09 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:41 AM

Posted 26 June 2011 - 04:09 PM

Hi MattC966, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:41 AM

Posted 03 July 2011 - 05:09 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users