bluefox951

Hey everybody. I posted a message earlier and forgot to do the first steps before posting. Here is the link to my old thread.

Search Engine Redirection

A quick note, the gmer program could not run completely. It stopped in the middle of it and gave me a "blue screen of death", then restarted the computer.

Here is the DDS.txt log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Blue Fox at 18:46:37.77 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1052 [GMT -4:00]

AV: AVG 7.5.516 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Blue Fox\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bluefo~1\appdata\roaming\mozilla\firefox\profiles\5hskcqx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-23 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-7-24 84832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-20 38160]

=============== Created Last 30 ================

2009-08-20 06:07 <DIR> --d----- c:\program files\Trend Micro
2009-08-20 02:07 137,815,629 a------- c:\windows\MEMORY.DMP
2009-08-20 00:36 298 a------- c:\windows\wininit.ini
2009-08-20 00:28 <DIR> --d----- c:\users\bluefo~1\appdata\roaming\Malwarebytes
2009-08-20 00:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 00:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 00:27 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-20 00:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 00:27 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-20 00:18 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-08-20 00:18 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-08-20 00:14 <DIR> --d----- c:\users\bluefo~1\appdata\roaming\AVG8
2009-08-19 22:05 <DIR> --d----- c:\program files\MUSHclient
2009-08-17 21:46 <DIR> a-d----- c:\programdata\TEMP
2009-08-17 21:31 745 a------- c:\windows\GMUD32.INI
2009-08-17 21:20 208 ---shr-- c:\windows\system32\sysbkchx.sys
2009-08-17 21:20 <DIR> --d----- c:\program files\DX Monitor
2009-08-12 15:56 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 15:56 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 15:56 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 15:56 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 15:56 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 15:56 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 15:56 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 15:56 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 15:56 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 15:56 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 15:56 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-08-20 18:35 81,984 a------- c:\windows\system32\bdod.bin
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 11:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 11:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 11:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-11-07 22:52 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-07 22:52 86,016 a------- c:\windows\inf\infstor.dat
2008-11-07 22:52 51,200 a------- c:\windows\inf\infpub.dat
2008-09-19 23:49 0 a------- c:\users\blue fox\jagex_runescape_preferences.dat
2008-06-29 12:29 174 a--sh--- c:\program files\desktop.ini
2008-06-29 12:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-21 15:14 99,184 a------- c:\users\bluefo~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2007-11-23 21:30 0 a------- c:\users\bluefo~1\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-30 02:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-11-30 02:12 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-11-30 02:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-02-18 21:20 208 ---shr-- c:\windows\system32\sysbkchx.sys

============= FINISH: 18:48:21.29 ===============

Attached Files

Attach.zip (3.0 KB, 1 views)

bluefox951

Bump Please