Author Topic: [In Active] Redirect searches  (Read 7394 times)

0 Members and 1 Guest are viewing this topic.

Offline cedarguy

  • Bronze Member
  • Posts: 40
[In Active] Redirect searches
« on: April 06, 2010, 11:36:39 pm »
My computer got nailed by a virus called Win32/Alureon.G a couple of nights ago - Sunday, April 4. I got it by opening a bogus email. Microsoft Essentials caught the virus and flagged it - I ran the cleanup function until the virus was quarantined according to Microsoft Essentials. The anti-virus program took several "passes" to collect and neutralize the virus, then had me reboot, and found a couple more instances of the virus after the reboot. i did get an error message from Microsoft Essentials after it ran a full scan saying that there was a problem in decontaminating the computer. The message was Error 0x80070032.

I then ran a quick scan with AntimalwareBytes and also ran a free online scan from MicroTrend - both said my system was clean. But I'm getting redirected when I do searches online, I've seen it especially with IE Explorer. What happens is when I click on an item that I've searched for, I get redirected to other sides - mostly advertising related. I'm not sure if this happens with Firefox or other browsers - I tried Firefox briefly, seemed to be working okay but...

I use Microsoft Essentials for my primary anti-virus software and for my firewall. I'm running WindowsXP Home Service Pack 3. Qwest DSL and Qwest is my ISP - uses MSN and Windows Live for email.

Thanks in advance for any help you can give me. I appreciate it and I await your response...

Here's the log file that HijackThis pulled:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:27 PM, on 4/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe
C:\windows\System32\snmp.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\windows\system32\svchost.exe
C:\Documents and Settings\Doug Hovelson\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\windows\System32\ups.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Evernote\Evernote3\Evernote.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Live Favorites\wlfsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll
O2 - BHO: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AddThisHelper Class - {5BF4467F-BCB3-40F6-B6E3-C27900811DAC} - D:\Program Files\AddThis\AddThis Toolbar\AddThisToolBar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: IsoBuster Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O3 - Toolbar: Bing Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll
O3 - Toolbar: AddThis - {3710D257-884E-4CD0-B562-EE94AC159107} - D:\Program Files\AddThis\AddThis Toolbar\AddThisToolBar.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [RCUI] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Doug Hovelson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Doug Hovelson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; MSDigitalLocker; (R1 1.6); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.5.30428; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; msn OptimizedIE8;ENUS; AskTB5.5)" -"http://shell.skivehosting.com/MUS/multiplayer.aspx?ln=en&cn=en"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to  Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168637770359
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Apache\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - d:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (quickcare) (sprtsvc_quickcare) - SupportSoft, Inc. - C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (quickcare) (tgsrvc_quickcare) - SupportSoft, Inc. - C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
O23 - Service: Uvnc_service - Unknown owner - D:\Program Files\UltraVNC Addons\uvnc_service.exe

--
End of file - 14540 bytes
« Last Edit: April 27, 2010, 12:26:36 pm by K27 »



Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Re: Redirect searches
« Reply #1 on: April 06, 2010, 11:58:36 pm »
Hi cedarguy,

Welcome to SpywareHammer,

I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.


Please revert any changes IObit Advanced System Care has made to your system, I am not sure on the exact instructions but there should be a "Quaranteened" button somewhere and then you will need to "Restore" EVERYTHING it has removed.

After that please UNINSTALL Advanced System Care. If Advanced System Care has made no changes then please just uninstall it.

Please post back a fresh HJT log once you have done this.

Thanks,
K27
SpywareHammer - Knowledgebase

The internet is the new age battle of the old age clash between good and evil

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #2 on: April 07, 2010, 02:23:24 am »
Hi k27. I did as you suggested and uninstalled Advanced System Care. I hadn't run it since getting this problem, so I just uninstalled it. Here's the fresh log file from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:44 AM, on 4/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Doug Hovelson\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\System32\snmp.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\windows\System32\ups.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll
O2 - BHO: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AddThisHelper Class - {5BF4467F-BCB3-40F6-B6E3-C27900811DAC} - D:\Program Files\AddThis\AddThis Toolbar\AddThisToolBar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Labpixies Toolbar - {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - C:\Program Files\Labpixies\tbLab0.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: IsoBuster Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
O3 - Toolbar: Bing Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll
O3 - Toolbar: AddThis - {3710D257-884E-4CD0-B562-EE94AC159107} - D:\Program Files\AddThis\AddThis Toolbar\AddThisToolBar.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RCUI] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Doug Hovelson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Doug Hovelson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; MSDigitalLocker; (R1 1.6); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.5.30428; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; msn OptimizedIE8;ENUS; AskTB5.5)" -"http://shell.skivehosting.com/MUS/multiplayer.aspx?ln=en&cn=en"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to  Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168637770359
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Apache\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - d:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (quickcare) (sprtsvc_quickcare) - SupportSoft, Inc. - C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (quickcare) (tgsrvc_quickcare) - SupportSoft, Inc. - C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
O23 - Service: Uvnc_service - Unknown owner - D:\Program Files\UltraVNC Addons\uvnc_service.exe

--
End of file - 14356 bytes

Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Re: [In Progress] Redirect searches
« Reply #3 on: April 07, 2010, 05:27:54 am »
cedarguy,

Please go to start (windows icon bottom left of screen) and copy/paste the bolded writing netsh winsock reset into the run box and hit enter, then please wait a minute and then please proceed with the next instructions.

I know you have already run MBAM but please follow these instructions for running it again:
  • Double click your Malwarebytes desktop icon
  • Click the UPDATE tab at the top
  • Scan for and install any updates it finds
  • Then choose the SCANNER tab and run a FULL SCAN
  • Once finished if MBAM found anything please click Show Results
  • Make sure EVERYTHING has a check in the box next to it and then click Remove Selected
  • Post the MBAM log results back to this thread
.
NOTE: If MBAM encounters a file that is hard to remove it will prompt for a delete on reboot, answer yes to this and once rebooted please run another scan and post that scan's log results along with the log results from before reboot which can be found under the LOGS tab of Malwarebytes.


.
I need to see some additional information about what is happening in your machine. 
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/past both logs into your next reply.

  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

.
YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:
  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done,  save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.


Please copy/paste the MBAM log, both DDS logs and the Anti Rootkit log

Thanks,
K27.
SpywareHammer - Knowledgebase

The internet is the new age battle of the old age clash between good and evil

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #4 on: April 07, 2010, 01:50:58 pm »
K27, I'm running the full Malwarebytes scan niow - it's taking a while. I ran that code you posted in my RUN component first. I've lost access to my keyboard apparently - so I'm writing this on my laptop. Hope I can keep going with the other computer...

Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Re: [In Progress] Redirect searches
« Reply #5 on: April 07, 2010, 02:34:20 pm »
That command has nothing to do with the keyboard, not sure why that has happened, please let the MBAM scan finish and after removing every thing it finds and after the reboot please let me know if the keyboard works again.

Thanks,
K27
SpywareHammer - Knowledgebase

The internet is the new age battle of the old age clash between good and evil

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #6 on: April 07, 2010, 06:17:13 pm »
K27 I ran the full Malwarebytes scan, log below. Keyboard is now functioning again! I'll run another Malwarebytes scan next - cedarguy

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3966

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/7/2010 7:06:26 PM
mbam-log-2010-04-07 (19-06-26).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 447492
Time elapsed: 5 hour(s), 42 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\My Downloads\codec_7.14.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #7 on: April 08, 2010, 12:40:17 am »
K27 here's the Anti-Malware log from when I ran the program after rebooting. Looks good so far. Now I'll proceed to run those next tests you suggested...


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2010 1:18:49 AM
mbam-log-2010-04-08 (01-18-49).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 447362
Time elapsed: 5 hour(s), 45 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #8 on: April 08, 2010, 01:16:01 am »
K27 here are the logs from the DDS runs (I had to break them up into two posts because of length)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/7/2007 6:26:47 PM
System Uptime: 4/7/2010 7:11:54 PM (7 hours ago)

Motherboard:          |  | K7VM3
Processor: AMD Athlon(tm) XP 1500+ | Socket-A | 1282/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 34.341 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 48.29 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 153 GiB total, 143.209 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
Service:

==== System Restore Points ===================

RP1073: 2/25/2010 10:48:39 AM - Software Distribution Service 3.0
RP1074: 2/25/2010 5:00:26 PM - Software Distribution Service 3.0
RP1075: 2/25/2010 6:07:51 PM - Software Distribution Service 3.0
RP1076: 2/26/2010 5:00:25 PM - Software Distribution Service 3.0
RP1077: 2/26/2010 6:07:25 PM - Software Distribution Service 3.0
RP1078: 2/27/2010 5:00:25 PM - Software Distribution Service 3.0
RP1079: 2/27/2010 6:07:53 PM - Software Distribution Service 3.0
RP1080: 2/28/2010 2:01:46 AM - Software Distribution Service 3.0
RP1081: 2/28/2010 5:00:27 PM - Software Distribution Service 3.0
RP1082: 2/28/2010 6:07:33 PM - Software Distribution Service 3.0
RP1083: 3/1/2010 5:00:43 PM - Software Distribution Service 3.0
RP1084: 3/1/2010 5:06:49 PM - Software Distribution Service 3.0
RP1085: 3/2/2010 5:00:32 PM - Software Distribution Service 3.0
RP1086: 3/2/2010 5:21:32 PM - Software Distribution Service 3.0
RP1087: 3/3/2010 2:40:12 AM - Microsoft Antimalware Checkpoint
RP1088: 3/3/2010 3:33:16 AM - Software Distribution Service 3.0
RP1089: 3/3/2010 5:00:27 PM - Software Distribution Service 3.0
RP1090: 3/4/2010 3:19:57 PM - Software Distribution Service 3.0
RP1091: 3/4/2010 5:00:26 PM - Software Distribution Service 3.0
RP1092: 3/5/2010 3:20:37 PM - Software Distribution Service 3.0
RP1093: 3/5/2010 5:00:29 PM - Software Distribution Service 3.0
RP1094: 3/6/2010 1:05:39 AM - Software Distribution Service 3.0
RP1095: 3/6/2010 9:29:53 PM - Software Distribution Service 3.0
RP1096: 3/7/2010 1:39:39 AM - Software Distribution Service 3.0
RP1097: 3/7/2010 5:00:28 PM - Software Distribution Service 3.0
RP1098: 3/7/2010 9:25:43 PM - Software Distribution Service 3.0
RP1099: 3/8/2010 5:00:43 PM - Software Distribution Service 3.0
RP1100: 3/8/2010 9:26:11 PM - Software Distribution Service 3.0
RP1101: 3/9/2010 5:02:24 AM - Software Distribution Service 3.0
RP1102: 3/9/2010 5:00:29 PM - Software Distribution Service 3.0
RP1103: 3/10/2010 10:32:02 AM - Software Distribution Service 3.0
RP1104: 3/10/2010 5:00:32 PM - Software Distribution Service 3.0
RP1105: 3/11/2010 5:00:44 PM - Software Distribution Service 3.0
RP1106: 3/11/2010 6:03:54 PM - Software Distribution Service 3.0
RP1107: 3/12/2010 5:00:30 PM - Software Distribution Service 3.0
RP1108: 3/12/2010 6:03:48 PM - Software Distribution Service 3.0
RP1109: 3/13/2010 3:49:21 AM - Software Distribution Service 3.0
RP1110: 3/13/2010 5:00:21 PM - Software Distribution Service 3.0
RP1111: 3/14/2010 2:47:13 AM - Software Distribution Service 3.0
RP1112: 3/14/2010 5:00:51 PM - Software Distribution Service 3.0
RP1113: 3/15/2010 1:33:10 PM - Software Distribution Service 3.0
RP1114: 3/15/2010 5:00:21 PM - Software Distribution Service 3.0
RP1115: 3/16/2010 2:07:09 AM - Software Distribution Service 3.0
RP1116: 3/16/2010 5:00:27 PM - Software Distribution Service 3.0
RP1117: 3/17/2010 2:24:24 AM - Software Distribution Service 3.0
RP1118: 3/17/2010 2:14:39 PM - Software Distribution Service 3.0
RP1119: 3/17/2010 5:00:21 PM - Software Distribution Service 3.0
RP1120: 3/18/2010 2:08:40 PM - Software Distribution Service 3.0
RP1121: 3/18/2010 5:00:25 PM - Software Distribution Service 3.0
RP1122: 3/19/2010 2:08:59 PM - Software Distribution Service 3.0
RP1123: 3/19/2010 5:00:25 PM - Software Distribution Service 3.0
RP1124: 3/20/2010 2:21:06 AM - Software Distribution Service 3.0
RP1125: 3/20/2010 4:03:32 PM - Software Distribution Service 3.0
RP1126: 3/20/2010 5:00:19 PM - Software Distribution Service 3.0
RP1127: 3/21/2010 2:03:22 AM - Software Distribution Service 3.0
RP1128: 3/21/2010 3:58:50 PM - Software Distribution Service 3.0
RP1129: 3/21/2010 5:00:50 PM - Software Distribution Service 3.0
RP1130: 3/22/2010 2:54:11 AM - Software Distribution Service 3.0
RP1131: 3/22/2010 5:00:30 PM - Software Distribution Service 3.0
RP1132: 3/23/2010 12:08:46 PM - Software Distribution Service 3.0
RP1133: 3/23/2010 5:00:30 PM - Software Distribution Service 3.0
RP1134: 3/24/2010 12:11:32 PM - Software Distribution Service 3.0
RP1135: 3/24/2010 5:00:32 PM - Software Distribution Service 3.0
RP1136: 3/25/2010 12:08:34 PM - Software Distribution Service 3.0
RP1137: 3/25/2010 5:00:42 PM - Software Distribution Service 3.0
RP1138: 3/26/2010 4:00:53 AM - Software Distribution Service 3.0
RP1139: 3/26/2010 5:00:34 PM - Software Distribution Service 3.0
RP1140: 3/27/2010 9:37:58 AM - Software Distribution Service 3.0
RP1141: 3/27/2010 5:00:33 PM - Software Distribution Service 3.0
RP1142: 3/28/2010 2:13:55 AM - Software Distribution Service 3.0
RP1143: 3/28/2010 5:00:29 PM - Software Distribution Service 3.0
RP1144: 3/29/2010 12:26:25 AM - Installed Open XML SDK 2.0 August 2009 CTP for Microsoft Office
RP1145: 3/29/2010 11:20:06 AM - Software Distribution Service 3.0
RP1146: 3/29/2010 5:00:28 PM - Software Distribution Service 3.0
RP1147: 3/30/2010 11:20:56 AM - Software Distribution Service 3.0
RP1148: 3/30/2010 5:00:50 PM - Software Distribution Service 3.0
RP1149: 3/31/2010 3:08:12 AM - Software Distribution Service 3.0
RP1150: 3/31/2010 1:46:03 PM - Software Distribution Service 3.0
RP1151: 3/31/2010 5:00:26 PM - Software Distribution Service 3.0
RP1152: 4/1/2010 1:42:00 PM - Software Distribution Service 3.0
RP1153: 4/1/2010 5:00:44 PM - Software Distribution Service 3.0
RP1154: 4/2/2010 5:00:28 PM - Software Distribution Service 3.0
RP1155: 4/3/2010 11:33:44 AM - Software Distribution Service 3.0
RP1156: 4/3/2010 5:00:30 PM - Software Distribution Service 3.0
RP1157: 4/4/2010 1:48:06 AM - Software Distribution Service 3.0
RP1158: 4/4/2010 11:38:49 AM - Software Distribution Service 3.0
RP1159: 4/4/2010 1:15:38 PM - Software Distribution Service 3.0
RP1160: 4/5/2010 4:04:50 PM - System Checkpoint
RP1161: 4/5/2010 5:00:24 PM - Software Distribution Service 3.0
RP1162: 4/5/2010 11:24:14 PM - Software Distribution Service 3.0
RP1163: 4/6/2010 4:55:15 AM - Software Distribution Service 3.0
RP1164: 4/6/2010 5:03:18 PM - Software Distribution Service 3.0
RP1165: 4/6/2010 8:46:09 PM - Software Distribution Service 3.0
RP1166: 4/7/2010 1:05:06 PM - Software Distribution Service 3.0
RP1167: 4/7/2010 5:01:06 PM - Software Distribution Service 3.0

==== Installed Programs ======================

1-2-3 PayPal Website Payments
AAScripter v2.0
Acrobat.com
ActivePerl 5.10.0 Build 1005
ActivePerl 5.6.1 Build 630
AddThis Toolbar
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AdsenseCoder
Anfy
Apache HTTP Server 2.0.58
Apache Tomcat 6.0.18
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Automotix (remove only)
AutoSum Add-in for Microsoft FrontPage
AutoXray EZ-Update (remove only)
AutoXray USB to SDL Serial Cable 531563
AVG Anti-Rootkit Free
AVS Audio Editor version 4.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bing Bar
Bing Bar Platform
Bing Toolbar
BitMeter
Bonjour
Book Search Pro
Browser Defender 2.0.6.10
CallingID
Carl Zeiss
CCleaner (remove only)
Clipboard Live
CloudBerry Twitter Plug-in for IE 1.0
Code Snippet Editor
CodeSnap Classic
Compatibility Pack for the 2007 Office system
CopyWriter 3.00
Coupon Printer for Windows
Creative Commons Add-in for Microsoft Office
Critical Update for Windows Media Player 11 (KB959772)
Customizable Alerts
Danere StyleMaker v1.4
del.icio.us Buttons for Internet Explorer
DHTML Help Add-In for Microsoft FrontPage
Dia (remove only)
Digital Locker Assistant
DIGOpt
Disk Manager
Document Selector Add-in
Driver Genius Professional Edition 2007
Dropbox
EditRocket 3.4.1
Egg
EPSON Printer Software
Evernote
FBIde 0.4.6 + FreeBASIC 0.15
FOREXTrader
Form Fill (Windows Live Toolbar)
FOX News Live
FreeSpell+ProSpell (remove only)
FrontLook Site Search Engine
FrontPage Theme Cleaner
GIMP 2.6.6
Global ProBiz Business Card Maker
Google Chrome
Google Chrome Frame
Google Gears
Google Update Helper
Google Updater
GPL Ghostscript 8.63
Hidden Utilities XP
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB948127)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
How-To Series Windows Forms Controls VB 08
IIS Diagnostics Toolkit January 2006 (x86)
Image Components
ImageWorkerSetup
Inkscape 0.46
Insert File Plugin for Windows Live Writer
Internet Information Services (IIS) 7.0 Manager
IrfanView (remove only)
IsoBuster 2.6
iTunes
Java (TM) 7
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 7
Jimco Meta
Jimco Open Web
Jimco Scripter 2.0
Jimco Style Sheet Links
Junk Mail filter update
Labpixies Toolbar
Live Writer Code Prettify Plugin
LocalCooling 1.04
Magic Map (North America Edition)
magicBlock
Malwarebytes' Anti-Malware
Management-Ware Mass Mailing News
Map Button (Windows Live Toolbar)
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft ASP.NET MVC RC
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Color Control Panel Applet for Windows XP
Microsoft Default Manager
Microsoft Device Emulator version 3.0 - ENU
Microsoft Direct Mail Manager
Microsoft Document Explorer 2008
Microsoft Expression Media 2 SP2
Microsoft FrontPage 2000 SR-1
Microsoft FxCop 1.35
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2000 Web Archive Add-On
Microsoft Office 2003 International Character Toolbar
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2003 WordprocessingML Transform Inference Tool
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Converter Pack
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Spreadsheet Updated Function Reference
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Primary Interop Assemblies
Microsoft Outlook 2000 OST Integrity Check Tool
Microsoft Picture It! Express 9
Microsoft Publisher 2000 SR-1
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 Beta SDK
Microsoft Silverlight Tools for Visual Web Developer Express 2008 SP1 - ENU
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 (SQLEXPRESS)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server 2008 Tools
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English Beta
Microsoft SQL Server Compact 3.5 SP1 English Beta
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU
Microsoft Visual Basic Power Packs 3.0
Microsoft Visual Basic Professional Step by Step
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30428
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Keyboard
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Platform Installer 2.0
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft® Stock Actions for the Research Task Pane
Mihov Image Resizer 1.1 (remove only)
Miro
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 Express Editions SP1
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Nero PhotoShow Express 4
neroxml
NetBeans IDE 6.7 RC1
Notepad++
Office 2003 Add-in Latin and Cyrillic Transliteration
Office Update Answer Wizard Extension for Office 2000
OneCare Advisor (Windows Live Toolbar)
Open XML SDK 2.0 August 2009 CTP for Microsoft Office
OpenOffice.org 3.2
Opera 10.10
OverDrive Media Console
Paint.NET v3.36
PDFCreator
PHP Rocket Add-in 1.2 and PHP 4.06
Picasa 3
Picasa Plugin for Windows Live Writer
Platform
Polaroid Picture v1.7
Popup Blocker (Windows Live Toolbar)
Postbox (1.0b10)
PrimoPDF
PrimoPDF Redistribution Package
ProWrite 2005
PSPad editor
Quick Templates
QuickTime
Qwest Quickcare 2.7
RealPlayer
Remove Hidden Data Tool
Rhapsody Player Engine
RingCentral Call Controller
S3GSetup
Safari
Scribus 1.3.6svn
Scripting Help Add-In for Microsoft FrontPage
ScrubberSetup
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Seesmic Desktop
Seesmic Look
Segoe UI
Serif PagePlus 9.0
Serif PagePlus X2
Serif PagePlus X2 Resources
Serif PhotoPlus 6.0
Server-Side Include Add-in (SSIbot)
SiteSpinner V2.7
Smart Menus (Windows Live Toolbar)
SmartDraw 2007
SmartDraw PDF Filter
Sony Player Plug-in for Windows Media Player
Sothink SlidingMenu 2.0
Spyware Doctor 7.0
SQL Server System CLR Types
StumbleUpon IE Toolbar
Sun Download Manager 2.0 (web)
Sun GlassFish Enterprise Server v2.1
Sun GlassFish Enterprise Server v3 Prelude
Sun Service Tags
Sun(TM) Download Manager 2.0
Surf Canyon Search Engine Assistant
SyncToy 2.1 (x86)
SystemSuite 9 Professional
Tabbed Browsing (Windows Live Toolbar)
Tag Inspector Add-in 1.0
TaxCut 2002
Times Reader
TopStyle Lite (Version 3.0)
TweetDeck
UltraVNC 1.0.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB967144)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30428)
Visual C++ 2008 x86 Runtime - v9.0.30428.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Beta)
VLC media player 1.0.3
Vuze
w3compiler
Web Deployment Tool Beta 2
WebEx
Winamp
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Live Writer Blog This for Mozilla Firefox
Windows Live Writer Contacts Plug In
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WLW Bit.ly
WordpressThemeGen
XAMPP 1.7.1
Xara FrontPage Add-in 1.0
Xara ScreenMaker3D
XML Notepad 2007
XML to Schema
XML:Wrench
XZAKT Media FrontFX PrintWeb
Yahoo! Install Manager
Zemanta for Live Writer 0.61.0

==== End Of File ===========================


Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #9 on: April 08, 2010, 01:18:37 am »
Here's the other DDS log file: (Spyware Hammer said I exceeded the allowable length when I tried to send both together):


DDS (Ver_10-03-17.01) - NTFSx86 
Run by Doug Hovelson at  2:02:56.92 on Thu 04/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.7.0
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1471.571 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)   {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated)   {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Avanquest SystemSuite *On-access scanning enabled* (Outdated)   {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Avanquest NetDefense Firewall *enabled*   {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\windows\System32\svchost.exe -k eapsvcs
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\Explorer.EXE
C:\windows\System32\snmp.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Doug Hovelson\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\windows\System32\ups.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\CopyWriter\CopyWriter.exe
C:\Program Files\Evernote\Evernote3\Evernote.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\explorer.exe
C:\windows\system32\wscntfy.exe
D:\My Downloads\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Labpixies Toolbar: {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - c:\program files\labpixies\tbLab0.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\bing toolbar\tbhelper.dll
BHO: Labpixies Toolbar: {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - c:\program files\labpixies\tbLab0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AddThisHelper Class: {5bf4467f-bcb3-40f6-b6e3-c27900811dac} - d:\program files\addthis\addthis toolbar\AddThisToolBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1051.0\npwinext.dll
BHO: IsoBuster Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\bing toolbar\tbcore3.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Labpixies Toolbar: {03e037d3-f080-4c0b-bdb5-a70c693ae36d} - c:\program files\labpixies\tbLab0.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: CallingID: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} -
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Cloudberry Twitter plugin: {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: IsoBuster Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: @c:\program files\msn toolbar\platform\5.0.1051.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1051.0\npwinext.dll
TB: Bing Toolbar: {10000000-1000-1000-1000-100000000000} - c:\program files\bing toolbar\tbcore3.dll
TB: AddThis: {3710d257-884e-4cd0-b562-ee94ac159107} - d:\program files\addthis\addthis toolbar\AddThisToolBar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [RCUI] "c:\progra~1\ringce~1\ringce~1\RCUI.exe"
uRun: [RCHotKey] "c:\progra~1\ringce~1\ringce~1\RCHotKey.exe"
uRun: [cdloader] "c:\documents and settings\doug hovelson\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WinColorReminder] c:\program files\pro imaging powertoys\microsoft color control panel applet for windows xp\WinColorReminder.exe
uRun: [Google Update] "c:\documents and settings\doug hovelson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\neroph~1\data\xtras\mssysmgr.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; MSDigitalLocker; (R1 1.6); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.5.30428; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; msn OptimizedIE8;ENUS; AskTB5.5)" -"http://shell.skivehosting.com/MUS/multiplayer.aspx?ln=en&cn=en"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to  Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.7.0\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168637770359
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dougho~1\applic~1\mozilla\firefox\profiles\if9daj08.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTDF&PC=MSNTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mirostart.com/?cfg=2-73-0-3xSQ\n
FF - component: c:\documents and settings\doug hovelson\application data\mozilla\firefox\profiles\if9daj08.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\doug hovelson\application data\mozilla\firefox\profiles\if9daj08.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\msn toolbar\platform\5.0.1051.0\firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\doug hovelson\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.7.0\bin\npjpi170.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1051.0\npwinext.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-19 207280]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-9-20 3968]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 MpKslf1c1e311;MpKslf1c1e311;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1945365-8e11-4f5a-991d-758e285470d3}\MpKslf1c1e311.sys [2010-4-7 28880]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-12-22 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-12-24 202928]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-19 112592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-19 54752]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-12-22 68912]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-3-11 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-3-11 185640]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-11-8 13384]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2009-11-7 10688]
S1 hrblretf;hrblretf;\??\c:\windows\system32\drivers\hrblretf.sys --> c:\windows\system32\drivers\hrblretf.sys [?]
S1 ktkcdkob;ktkcdkob;\??\c:\windows\system32\drivers\ktkcdkob.sys --> c:\windows\system32\drivers\ktkcdkob.sys [?]
S1 kwsgqubr;kwsgqubr;\??\c:\windows\system32\drivers\kwsgqubr.sys --> c:\windows\system32\drivers\kwsgqubr.sys [?]
S1 oguxxapp;oguxxapp;\??\c:\windows\system32\drivers\oguxxapp.sys --> c:\windows\system32\drivers\oguxxapp.sys [?]
S1 rbgxykav;rbgxykav;\??\c:\windows\system32\drivers\rbgxykav.sys --> c:\windows\system32\drivers\rbgxykav.sys [?]
S1 tlayckgw;tlayckgw;\??\c:\windows\system32\drivers\tlayckgw.sys --> c:\windows\system32\drivers\tlayckgw.sys [?]
S1 ugwlqgve;ugwlqgve;\??\c:\windows\system32\drivers\ugwlqgve.sys --> c:\windows\system32\drivers\ugwlqgve.sys [?]
S1 vuaymudx;vuaymudx;\??\c:\windows\system32\drivers\vuaymudx.sys --> c:\windows\system32\drivers\vuaymudx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-11-20 60272]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2008-10-27 22408]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-2-10 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-2-10 1141200]
S3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-9-22 20225]
S3 Uvnc_service;Uvnc_service;d:\program files\ultravnc addons\uvnc_service.exe [2009-11-8 63296]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-2-8 43544]
S4 RsFx0101;RsFx0101 Driver;c:\windows\system32\drivers\RsFx0101.sys [2008-2-8 239128]
S4 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2008-10-28 886056]
S4 stdiscover;Sun Service Tag Discovery;c:\program files\sun\servicetag\stdiscoverer.exe [2008-4-30 73728]
S4 stlisten;Sun Service Tag Listener;c:\program files\sun\servicetag\stlisten.exe [2008-4-30 78336]

============== File Associations ===============

.txt=CopyWriter TXT-File

=============== Created Last 30 ================

2010-04-04 04:52:50     83374   ----a-w-        c:\documents and settings\doug hovelson\.recently-used.xbel
2010-04-02 05:08:15     0       d-----w-        c:\program files\iPod
2010-04-02 05:08:08     0       d-----w-        c:\program files\iTunes
2010-04-02 05:08:08     0       d-----w-        c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 04:50:42     0       d-----w-        c:\program files\Bonjour
2010-03-29 05:26:27     0       d-----w-        c:\program files\Open XML Format SDK
2010-03-18 07:20:37     1409    ----a-w-        c:\windows\system32\tmp24744.FOT
2010-03-18 07:20:35     1409    ----a-w-        c:\windows\system32\tmpE9244.FOT
2010-03-18 07:20:34     1409    ----a-w-        c:\windows\system32\tmp94E34.FOT
2010-03-18 07:20:33     1409    ----a-w-        c:\windows\system32\tmp5B934.FOT
2010-03-18 07:20:32     1409    ----a-w-        c:\windows\system32\tmp3D434.FOT
2010-03-18 02:53:42     94208   ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2010-03-18 02:53:42     69632   ----a-w-        c:\windows\system32\QuickTime.qts
2010-03-10 21:27:17     9078208 ----a-w-        c:\documents and settings\doug hovelson\QCSetup_2_7.exe

==================== Find3M  ====================

2010-04-07 10:36:46     96512   ----a-w-        c:\windows\system32\drivers\atapi.sys
2010-04-04 18:14:10     59810   -c--a-w-        c:\docume~1\dougho~1\applic~1\wklnhst.dat
2010-03-30 05:46:30     38224   ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52     20824   ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-03-08 20:57:30     206616  -c--a-w-        c:\docume~1\dougho~1\applic~1\GDIPFONTCACHEV1.DAT
2010-02-25 06:24:37     916480  ----a-w-        c:\windows\system32\wininet.dll
2010-02-24 15:16:06     181632  ------w-        c:\windows\system32\MpSigStub.exe
2010-02-19 23:47:50     3604480 -c--a-w-        c:\windows\system32\GPhotos.scr
2010-02-12 16:46:14     91424   ----a-w-        c:\windows\system32\dnssd.dll
2010-02-12 16:46:14     107808  ----a-w-        c:\windows\system32\dns-sd.exe
2005-10-10 23:08:24     492032  -c--a-w-        c:\program files\Encrypt.exe
2008-05-22 20:50:11     32768   -csha-w-        c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052220080523\index.dat

============= FINISH:  2:05:06.85 ===============

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #10 on: April 08, 2010, 01:58:18 am »
K27, I ran the GMER program, got through the Quick Scan but the main scan crashed. Here's the Quick Scan report: (I had my antivirus and firewall disconnected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-08 02:44:17
Windows 5.1.2600 Service Pack 3
Running: i12bkqio.exe; Driver: C:\DOCUME~1\DOUGHO~1\LOCALS~1\Temp\kflyyuob.sys


---- Devices - GMER 1.0.15 ----

Device                                                   Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                   Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice                                           fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                 sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp              sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

Device           -> \Driver\atapi \Device\Harddisk0\DR0  897B2D6B

---- Files - GMER 1.0.15 ----

File            C:\windows\system32\drivers\atapi.sys    suspicious modification

---- EOF - GMER 1.0.15 ----

Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Re: [In Progress] Redirect searches
« Reply #11 on: April 08, 2010, 02:51:03 am »
cedarguy,

The quick scan is enough to tell me you are infected with a rootkit, please proceed as follows.

PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please:
  • Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
    Anti Virus
    Anti Spyware
  • If you have trouble disabling your firewall please post back before continuning which one you use and I will give you the instructioins.
     (If its a third party Firewall there should be a Icon on your task bar by the clock, right click that and choose Disable/Stop. If its the Windows built-in firewall you should be able to disable it via Control Panel.


Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks
K27
SpywareHammer - Knowledgebase

The internet is the new age battle of the old age clash between good and evil

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #12 on: April 08, 2010, 10:26:33 am »
K27, thanks - I'm about to start with the Combo-Fix...

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #13 on: April 08, 2010, 11:17:01 am »
K27, Combo-Fix was unable to install properly. It said "boot partition cannot be enumerated properly" so I didn't proceed to the next step.

Offline cedarguy

  • Bronze Member
  • Posts: 40
Re: [In Progress] Redirect searches
« Reply #14 on: April 08, 2010, 11:20:35 am »
K27, I meant to say, when Combo-Fix attempted to install Recovery Console, it gave me that message about "boot partition cannot be enumerated properly," which was where I stopped! - cedarguy