Tech Support Forum - View Single Post

chckmgnte · 06-29-2009, 01:39 AM

Hello! First of all, thank you for the work you are doing here! Here's as much info as I can remember at 330am...
I had more serious problems than these redirects, but was able to take care of the main problems. I had a virus that changed my desktop to a black screen with red writing about how horrible viruses were and would start up a supposed AV program at start that urged me to download their software. This program would also block all .exe's that I tried to run, which made it difficult to deal with. I used a combination of Spybot, SuperAntiSpyware, ad-aware and one or two others from my "ultimate boot cd" from dear ol' dad.
Once I got the big problems cleared, I was having trouble playing WoW and realized I needed to update to service pack 3 (ugh). I've updated to SP3 and updated my video driver and now WoW works (although it will still freeze up). Now Team Fortress 2 won't work and I'm getting sneaky redirects when I click on search engine links.
I'm a gamer and work from home as a "search engine evaluator" and really want my pc to run smoother. If I can't get it working right, I might have to spend time with my wife! Please help =)

Thanks in advance!!

(Here are my logs)
--------

DDS (Ver_09-06-26.01) - NTFSx86
Run by Erik at 2:49:30.07 on Mon 06/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1614 [GMT -4:00]

FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Erik\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [nwiz] nwiz.exe /install
mRun: [NWEReboot]
mRun: [net] "c:\windows\system32\net.net"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: wildwestonline.com\gunfighter
Trusted Zone: wildwestonline.com\www
Trusted Zone: antimalwareguard.com
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189262821718
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erik\applic~1\mozilla\firefox\profiles\ui4z4fwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\erik\application data\tenderfoot games\gunfighter\npTFGLaunchPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2008-10-9 217128]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\erik\locals~1\temp\superas\sasdifsv.sys --> c:\docume~1\erik\locals~1\temp\superas\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\erik\locals~1\temp\superas\saskutil.sys --> c:\docume~1\erik\locals~1\temp\superas\SASKUTIL.sys [?]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040]
S3 SASENUM;SASENUM;\??\c:\docume~1\erik\locals~1\temp\superas\sasenum.sys --> c:\docume~1\erik\locals~1\temp\superas\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-06-24 13:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-06-24 13:37 <DIR> --d----- c:\program files\Security Task Manager
2009-06-21 00:15 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\scripting
2009-06-20 21:54 <DIR> --d----- c:\windows\l2schemas
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\en
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\bits
2009-06-20 21:53 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-20 21:52 <DIR> --d----- c:\windows\network diagnostic
2009-06-20 21:50 <DIR> --d----- c:\windows\EHome
2009-06-20 11:25 19,495 a------- c:\windows\system32\nvdisp.nvu
2009-06-19 23:02 <DIR> --d----- c:\docume~1\erik\applic~1\SUPERAntiSpyware.com
2009-06-19 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 14:05 <DIR> --d----- c:\program files\NVIDIA
2009-06-19 14:00 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-19 13:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-19 13:08 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-19 13:08 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-19 13:07 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-19 13:07 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-19 13:07 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-19 13:07 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-19 11:09 1,388 a------- c:\windows\system32\tmp.reg
2009-06-19 09:24 <DIR> --d----- c:\windows\system32\wbem\mof
2009-06-19 01:57 1,374 a------- c:\windows\imsins.BAK
2009-06-18 23:39 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-18 23:38 <DIR> --d----- c:\documents and settings\erik\.housecall6.6
2009-06-18 23:01 6,300 a------- c:\windows\system32\uacinit.dll
2009-06-18 19:53 578 a------- c:\windows\wininit.ini
2009-06-18 18:16 <DIR> --d----- c:\program files\Lavasoft
2009-06-18 18:13 66,560 a------- c:\windows\system32\UACyirlcwwspiltbtj.dll
2009-06-18 15:47 <DIR> --d----- c:\program files\SP - S&D
2009-06-18 14:29 1,110,399 a------- c:\windows\system32\UACudofaydernojgko.db
2009-06-18 14:29 23,552 -------- c:\windows\system32\UACcajrusuqmyaedba.dll
2009-06-18 14:29 51,712 -------- c:\windows\system32\drivers\UACexwbapqjewqvrnd.sys
2009-06-15 09:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 235,289 a------- c:\windows\system32\NvApps.xml
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-08 10:59 <DIR> --d----- c:\program files\Ventrilo
2009-06-08 10:58 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

==================== Find3M ====================

2009-06-20 21:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 2:51:55.40 ===============