Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Google Search Hijack

This is a discussion on Google Search Hijack within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. When I click on links from a Google search it takes me to a random page. . DDS (Ver_2011-08-26.01) -


Reply
 
Thread Tools Search this Thread
Old 02-10-2012, 08:02 AM   #1
Registered Member
 
Join Date: May 2011
Posts: 22
OS: xp



When I click on links from a Google search it takes me to a random page.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by TIESWORTDA at 8:20:59 on 2012-02-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1241 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CENTENN.IAL\AUDIT\cagent32.exe
C:\CENTENN.IAL\AUDIT\xferwan.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Purgos 3.0\PurgosAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by TCAPS
uStart Page = hxxp://www.tcaps.net
uDefault_Page_URL = hxxp://www.tcaps.net
uSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFre0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFre0.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Discovery User Input] c:\discovery\user input\userin32.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoNetworkConnections = 1 (0x1)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
uPolicies-explorer: NoRecycleFiles = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: crestron.com\www
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www.update
Trusted Zone: tcaps.net\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - hxxp://10.27.10.32/XPanel.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://pinnacle.tcaps.net/Pinnacle/SIS/Reserved.ReportViewerWebControl.axd?ReportSession=s1i2pr55hxj334552cqc1a55&ControlID=eeeebd204d164c55a63661e8beb2d20c&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194398564609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206040413328
DPF: {74DC8438-E36A-40A0-B750-4E2257FA2E41} - hxxps://pview.tcaps.net/QvPlugin/QvPluginSetup.exe
DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} - hxxp://www.highschoolsports.net/Wyncs.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://10.27.10.48/XInit.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{31ABC851-BEDC-424B-BFEF-FD9B2CAE80C5} : DhcpNameServer = 192.168.1.1
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\qvp.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 94.63.147.14 www.google.com
Hosts: 94.63.147.15 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-5-27 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-5-27 108392]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]
R2 PurgosAgent;Purgos Remote Agent;c:\program files\purgos 3.0\PurgosAgent.exe [2009-6-22 1769472]
R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-27 2440632]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-6-25 36608]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120209.003\NAVENG.SYS [2012-2-9 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120209.003\NAVEX15.SYS [2012-2-9 1576312]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2010-12-20 6607744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-5-27 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-6-25 33024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
.
=============== Created Last 30 ================
.
2012-02-10 12:49:32 -------- d-----w- c:\program files\CCleaner
2012-02-02 19:10:56 891104 ----a-w- c:\windows\system32\ipworks8.dll
2012-01-12 23:16:57 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-12 23:16:55 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-12 23:16:54 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-12 23:16:51 60416 -c----w- c:\windows\system32\dllcache\packager.exe
.
==================== Find3M ====================
.
2011-12-29 11:58:56 17280 ----a-w- c:\windows\system32\drivers\luldr082.sys
2011-12-29 11:58:56 149120 ----a-w- c:\windows\system32\drivers\lucam082.sys
2011-12-29 11:58:24 187392 ----a-w- c:\windows\system32\LPng.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 8:22:07.39 ===============
Attached Files
File Type: zip attach.zip (6.1 KB, 11 views)

__________________
tiesworth1 is offline   Reply With Quote
Old 02-11-2012, 09:29 AM   #2
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,477
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.



Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.


  • If Malicious objects are found, ensure Cure is selected (it should be by default)



  • Click Continue then click Reboot now



  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 02-12-2012, 05:25 PM   #3
Registered Member
 
Join Date: May 2011
Posts: 22
OS: xp



TDS Log Attached
Attached Files
File Type: txt TDSSKiller.2.7.11.0_12.02.2012_20.18.30_log.txt (51.4 KB, 14 views)
__________________
tiesworth1 is offline   Reply With Quote
Old 02-14-2012, 01:15 PM   #4
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,477
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi again


We will now use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 02-14-2012, 07:23 PM   #5
Registered Member
 
Join Date: May 2011
Posts: 22
OS: xp



ComboFix 12-02-13.01 - TIESWORTDA 02/14/2012 22:02:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1183 [GMT -5:00]
Running from: c:\documents and settings\TIESWORTDA\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\IWPDGINA.DLL
c:\windows\system32\W020t32w.dll
c:\windows\system32\W021t32w.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-10 12:49 . 2012-02-10 12:49 -------- d-----w- c:\program files\CCleaner
2012-02-02 19:10 . 2011-12-29 12:00 891104 ----a-w- c:\windows\system32\ipworks8.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 11:58 . 2010-01-20 17:08 17280 ----a-w- c:\windows\system32\drivers\luldr082.sys
2011-12-29 11:58 . 2010-01-20 17:08 149120 ----a-w- c:\windows\system32\drivers\lucam082.sys
2011-12-29 11:58 . 2010-01-20 17:08 187392 ----a-w- c:\windows\system32\LPng.dll
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-05-09 09:49 176936 ----a-w- c:\program files\FreeSoundRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32B29DF0-2237-4370-9A29-37CEBB730E9B}"= "c:\program files\FreeSoundRecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2001-05-03 49202]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2001-05-03 20480]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2001-05-03 24576]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2001-05-03 20530]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2007-10-12 233472]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-27 115560]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-6-26 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoNetworkConnections"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 06:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Documents and Settings\\TIESWORTDA\\Desktop\\WS_FTP\\WS_FTP95.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6129:TCP"= 6129:TCP:Dameware MRC (6129)
"3389:TCP"= 3389:TCP:10.0.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22009
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"1971:TCP"= 1971:TCP:Deep Freeze (1971)
"7725:TCP"= 7725:TCP:Deep Freeze (7725)
"7777:UDP"= 7777:UDP:Ghost Client (7777)
"6666:UDP"= 6666:UDP:Ghost Client (6666)
"2967:UDP"= 2967:UDP:Symantec (2967)
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 6:00 AM 26624]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 9:07 PM 39080]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 12:22 PM 1085440]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 8:01 PM 632456]
R2 PurgosAgent;Purgos Remote Agent;c:\program files\Purgos 3.0\PurgosAgent.exe [6/22/2009 5:58 AM 1769472]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 3:13 PM 292384]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 6:00 AM 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 4:00 AM 106104]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/25/2007 9:42 AM 36608]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/20/2010 2:14 PM 6607744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/27/2009 4:14 PM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [6/25/2007 9:44 AM 33024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\Map_updateGPS.job
- c:\windows\system32\Map_updateGPS.bat [2010-05-28 13:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tcaps.net
Trusted Zone: crestron.com\www
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www.update
Trusted Zone: tcaps.net\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - hxxp://10.27.10.32/XPanel.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://pinnacle.tcaps.net/Pinnacle/SIS/Reserved.ReportViewerWebControl.axd?ReportSession=s1i2pr55hxj334552cqc1a55&ControlID=eeeebd204d164c55a63661e8beb2d20c&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {74DC8438-E36A-40A0-B750-4E2257FA2E41} - hxxps://pview.tcaps.net/QvPlugin/QvPluginSetup.exe
DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} - hxxp://www.highschoolsports.net/Wyncs.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://10.27.10.48/XInit.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-ID_POLYSOFT_CRYPT_EDIT_is1 - g:\crypt edit\unins000.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-14 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\centenn.ial\AUDIT\cagent32.exe
c:\centenn.ial\AUDIT\xferwan.exe
c:\windows\SYSTEM32\DNTUS26.EXE
c:\windows\SYSTEM32\DWRCS.EXE
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\SYSTEM32\DWRCST.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-02-14 22:19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 03:19
.
Pre-Run: 87,154,356,224 bytes free
Post-Run: 87,233,060,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1480C602C36D4046D2EFB9B79D7F7540
__________________
tiesworth1 is offline   Reply With Quote
Old 02-15-2012, 01:00 PM   #6
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,477
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi again

Looks better – how is your system running now?


Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 02-17-2012, 10:15 AM   #7
Registered Member
 
Join Date: May 2011
Posts: 22
OS: xp



Google link are working properly. Malware log below. Can you also help me grid rid of "Free Sound Recorder" tool bar that is on my Internet Explorer?

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.17.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TIESWORTDA :: WMS-TIEDA-44794 [administrator]
2/17/2012 12:45:23 PM
mbam-log-2012-02-17 (12-45-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267225
Time elapsed: 16 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
__________________
tiesworth1 is offline   Reply With Quote
Old 02-17-2012, 02:49 PM   #8
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,477
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi again

Does it show up in Add/Remove Programs? If not try Revo Uninstaller - there is a free trial version.


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 02-20-2012, 06:05 PM   #9
Registered Member
 
Join Date: May 2011
Posts: 22
OS: xp


Quote:
Originally Posted by Glaswegian
Hi again

Does it show up in Add/Remove Programs? If not try Revo Uninstaller - there is a free trial version.

Go here to run an online scannner from ESET.[*]Note: You will need to use Internet explorer for this scan[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[*]Wait for the scan to finish[*]Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt[*]Copy and paste that log as a reply to this topic and also let me know how things are now.
I'm out of town and won't be able to check computer until Sunday.
__________________
tiesworth1 is offline   Reply With Quote
Old 02-21-2012, 01:08 PM   #10
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,477
OS: Win XP Pro SP3 / Win 7 Pro

My System


OK - no problem - thanks for letting me know.

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google search results redirected
Hello I have a problem after searching on google. When clicked on any of the links generated after searching on google, I get redirected to different sites each time. The problem seems to be on both Chrome and IE. I have AVG AntiVirus free Edition 2012 and my OS is Windows Vista. Please help.....
suteja Resolved HJT Threads 17 01-17-2012 03:23 PM
Can not search with Google, Bing, or Yahoo
For the last couple days i have been unable to do any searches using the following search engines: Google, Bing or Yahoo. Also I can not access any of my Gmail Email Accounts on this computer. However every other website i go to will work. Also Google Images will work as well. I have ran a...
jono1 Resolved HJT Threads 25 10-03-2011 02:41 PM
Search Google
When I click to a result of google search. I go to a different web site ??? . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05 Run by HP_Administrator at 21:44:14 on 2011-08-15 Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.1982.361...
emondj Resolved HJT Threads 20 08-26-2011 05:55 AM
HJT log+strange google search results
Hello, Today my google search started to act up and only displays ad results. Could someone please help me resolve the problem? Here is my report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:37:05 PM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet...
Kitzhof Resolved HJT Threads 21 11-16-2008 07:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:33 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts