Hi,
recently almost every link I click in Opera 10 opens in a new tab and often redirects to a spam site.
Additionally, I lost access to my work network drive at around the same time - unsure if the problem is related. I disconnected the drive but when I tried to remap it the path was not found. I have Internet access and my colleagues can connect as normal.
I ran gmer and it found MSIVXserv.sys - I googled that and used Avenger to delete is successfully. However, the problem remains.
please help!
DDS log file:
DDS (Ver_09-05-14.01) - NTFSx86
Run by [USERNAME] at 10:55:03.71 on 15/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1101 [GMT 1:00]
AV: avast! antivirus 4.8.1335 [VPS 090611-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LocalCooling\localcooling.exe
C:\Program Files\Taskix\Taskix32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\[USERNAME].FHIOS\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL =
http://www.google.co.uk/ig/dell?hl=e...uk&ibd=5070607
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BrowserBHO Object: {f83c32a5-b10d-4604-8979-9285633d44c0} - c:\program files\tobii\tobii studio\IERec2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LocalCooling] "c:\program files\localcooling\localcooling.exe" -s
mRun: [Taskix] c:\program files\taskix\Taskix32.exe start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\opera.lnk - c:\program files\opera 10 beta\opera.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\shortc~1.lnk - z:\02 Clients
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.zumyn.com/ImageUploader4.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.east-ayrshire.gov.uk/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.71,85.255.112.105
TCP: {83E8352B-6825-40F0-ACBC-BAF86C642339} = 85.255.112.71,85.255.112.105
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SubSystems: Windows = basedec32
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\adewit~1.fhi\applic~1\mozilla\firefox\profiles\fi3uutjp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2008-2-5 7296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-12 114768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-12 138680]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-4-8 45288]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-12 352920]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090611.003\naveng.sys [2009-6-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090611.003\navex15.sys [2009-6-12 876144]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-7 29744]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-4-12 120168]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
=============== Created Last 30 ================
2009-06-12 16:51 389,120 a------- c:\windows\system32\CF30211.exe
2009-06-12 16:49 389,120 a------- c:\windows\system32\CF29636.exe
2009-06-12 16:00 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 13:48 <DIR> --d----- c:\windows\pss
2009-06-12 09:44 <DIR> --d----- c:\documents and settings\[USERNAME].fhios\.housecall6.6
2009-06-12 09:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-12 09:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-09 15:26 52,224 a------- c:\windows\system32\MSIVXxajyydovfrnjyxjssxyemkicsvkyprsr.dll
2009-06-09 15:26 4 a------- c:\windows\system32\MSIVXcount
2009-06-08 09:08 2,524 a------- C:\autorun.PNF
2009-06-05 10:48 <DIR> --d----- c:\docume~1\adewit~1.fhi\applic~1\TeraCopy
2009-06-05 10:48 <DIR> --d----- c:\program files\TeraCopy
2009-06-04 16:51 4 a------- c:\windows\system32\gxvxccount
2009-06-04 10:03 <DIR> --d----- c:\docume~1\adewit~1.fhi\applic~1\Foxit
2009-06-04 10:03 <DIR> --d----- c:\program files\Foxit Software
2009-06-03 14:26 <DIR> --d----- c:\program files\Opera 10 Beta
2009-06-02 11:23 <DIR> --d----- c:\program files\foldit
2009-06-02 11:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\foldit
2009-06-01 14:54 438,272 a------- c:\windows\system32\SkinCrafter.dll
2009-06-01 14:54 856,064 a------- c:\windows\system32\mpgfiltr.ax
2009-06-01 14:54 421,888 a------- c:\windows\system32\RealMediaSplitter.ax
2009-06-01 14:54 81,920 a------- c:\windows\system32\viscomwave.dll
2009-06-01 14:54 208,896 a------- c:\windows\system32\VideoEdit.ocx
2009-06-01 14:54 139,264 a------- c:\windows\system32\viscomqtde.dll
2009-06-01 14:54 <DIR> --d----- c:\program files\Extra YouTube FLV Downloader + Video Converter
2009-05-29 14:10 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-29 14:10 1,409 a------- c:\windows\QTFont.for
2009-05-29 09:09 <DIR> --d----- c:\program files\MSECache
2009-05-28 09:15 10 a------- c:\windows\system32\kr_done1
==================== Find3M ====================
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-07-10 15:39 60,744 a------- c:\documents and settings\[USERNAME].fhios\g2mdlhlpx.exe
2007-06-25 16:50 82 a------- c:\docume~1\alluse~1\applic~1\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
============= FINISH: 10:55:44.14 ===============
