Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page original 'search engine re-direct and pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-14-2008, 09:35 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


original 'search engine re-direct and pop-ups
Everytime I use a search engine to look for something, it redirects me when clicking on the required link.

Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:18, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200592155953
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D222EA-8ADB-41BB-9ED5-390E0FF469AF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{85483F7D-EA26-41DB-BF8F-78042E5CE27D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8942A596-C92E-4544-8AEE-81B038454850}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11235 bytes


Thanks in advance for your help
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-15-2008, 04:59 PM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: search engine re-direct and pop-ups
Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-16-2008, 02:44 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: search engine re-direct and pop-ups
Hi Angelfile777,

I have ran the programs and have attached the correct files.

dds.txt


DDS (Version 1.0) - NTFSx86
Run by David at 9:40:03.14 on 16/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2401 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {49D222EA-8ADB-41BB-9ED5-390E0FF469AF} = 208.67.220.220,208.67.222.222
TCP: {85483F7D-EA26-41DB-BF8F-78042E5CE27D} = 208.67.220.220,208.67.222.222
TCP: {8942A596-C92E-4544-8AEE-81B038454850} = 208.67.220.220,208.67.222.222
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl

=============== Created Last 30 ================

2008-11-16 09:28 250 a------- c:\windows\gmer.ini
2008-11-15 12:31 <DIR> --d----- c:\program files\Lavasoft
2008-11-14 16:20 <DIR> --d----- C:\hijackthis
2008-11-12 14:54 118 a------- c:\windows\system32\MRT.INI
2008-11-12 13:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 13:17 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-09 11:24 244 a---h--- C:\sqmnoopt19.sqm
2008-11-09 11:24 232 a---h--- C:\sqmdata19.sqm
2008-11-08 23:36 244 a---h--- C:\sqmnoopt18.sqm
2008-11-08 23:36 232 a---h--- C:\sqmdata18.sqm
2008-11-08 09:17 244 a---h--- C:\sqmnoopt17.sqm
2008-11-08 09:17 232 a---h--- C:\sqmdata17.sqm
2008-11-07 23:33 244 a---h--- C:\sqmnoopt16.sqm
2008-11-07 23:33 232 a---h--- C:\sqmdata16.sqm
2008-11-07 15:03 244 a---h--- C:\sqmnoopt15.sqm
2008-11-07 15:03 232 a---h--- C:\sqmdata15.sqm
2008-11-07 00:09 244 a---h--- C:\sqmnoopt14.sqm
2008-11-07 00:09 232 a---h--- C:\sqmdata14.sqm
2008-11-06 14:29 244 a---h--- C:\sqmnoopt13.sqm
2008-11-06 14:29 232 a---h--- C:\sqmdata13.sqm
2008-11-05 22:51 244 a---h--- C:\sqmnoopt12.sqm
2008-11-05 22:51 232 a---h--- C:\sqmdata12.sqm
2008-11-05 15:15 244 a---h--- C:\sqmnoopt11.sqm
2008-11-05 15:15 232 a---h--- C:\sqmdata11.sqm
2008-11-04 23:05 244 a---h--- C:\sqmnoopt10.sqm
2008-11-04 23:05 232 a---h--- C:\sqmdata10.sqm
2008-11-03 22:10 244 a---h--- C:\sqmnoopt09.sqm
2008-11-03 22:10 232 a---h--- C:\sqmdata09.sqm
2008-11-02 23:38 244 a---h--- C:\sqmnoopt08.sqm
2008-11-02 23:38 232 a---h--- C:\sqmdata08.sqm
2008-11-01 09:57 244 a---h--- C:\sqmnoopt07.sqm
2008-11-01 09:57 232 a---h--- C:\sqmdata07.sqm
2008-10-31 22:45 244 a---h--- C:\sqmnoopt06.sqm
2008-10-31 22:45 232 a---h--- C:\sqmdata06.sqm
2008-10-31 07:59 244 a---h--- C:\sqmnoopt05.sqm
2008-10-31 07:59 232 a---h--- C:\sqmdata05.sqm
2008-10-30 23:40 244 a---h--- C:\sqmnoopt04.sqm
2008-10-30 23:40 232 a---h--- C:\sqmdata04.sqm
2008-10-29 22:50 244 a---h--- C:\sqmnoopt03.sqm
2008-10-29 22:50 232 a---h--- C:\sqmdata03.sqm
2008-10-29 14:14 244 a---h--- C:\sqmnoopt02.sqm
2008-10-29 14:14 232 a---h--- C:\sqmdata02.sqm
2008-10-29 12:31 244 a---h--- C:\sqmnoopt01.sqm
2008-10-29 12:31 232 a---h--- C:\sqmdata01.sqm
2008-10-28 22:53 244 a---h--- C:\sqmnoopt00.sqm
2008-10-28 22:53 232 a---h--- C:\sqmdata00.sqm
2008-10-26 15:58 4,980 a------- c:\windows\desctemp.dat
2008-10-24 15:03 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:14 7,680 a--sh--- c:\windows\Thumbs.db

==================== Find3M ====================

2008-11-16 09:25 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-11-13 19:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-31 07:56 <DIR> --d----- c:\program files\TTERMPRO
2008-10-29 21:34 <DIR> --d----- c:\program files\AnMing
2008-10-26 20:57 <DIR> --d----- c:\program files\PKR
2008-10-25 10:31 <DIR> --d----- c:\program files\eMule
2008-10-16 21:11 19,456 a------- c:\windows\system32\WPDShTerviceObj.dll
2008-10-07 18:10 <DIR> --d----- c:\docume~1\david\applic~1\Vso
2008-09-21 22:11 <DIR> --d----- c:\program files\DivX
2008-09-21 08:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2008-09-20 09:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-09-20 08:42 <DIR> --d----- c:\program files\VSO
2008-09-19 17:38 <DIR> --d----- c:\program files\LimeWire
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-10 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-07-01 17:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2008-06-06 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TomTom
2008-06-06 18:00 <DIR> --d----- c:\docume~1\david\applic~1\TomTom
2008-03-30 14:57 <DIR> --d----- c:\docume~1\david\applic~1\Robots
2008-02-25 18:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zylom
2008-02-18 22:33 <DIR> --d--r-- c:\docume~1\david\applic~1\Brother
2008-01-25 18:38 <DIR> --d----- c:\docume~1\david\applic~1\vlc
2008-01-18 20:51 <DIR> --d----- c:\docume~1\david\applic~1\FotoWire
2008-01-17 20:29 <DIR> --d----- c:\docume~1\david\applic~1\InstallShield Installation Information
2008-01-17 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZip
2008-01-17 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-05-08 18:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 9:40:14.29 ===============
Attach.txt

gmer.txt


Thanks
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-16-2008, 06:49 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: search engine re-direct and pop-ups
Hi,

Do you have a wireless router?


I see you have P2P software ( LimeWire 4.18.8, eMule ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> add/remove programs

If you decide to uninstall the p2p applications, also delete these Folders if they still exist:

C:\Program Files\emule
C:\Program Files\limewire
__________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D222EA-8ADB-41BB-9ED5-390E0FF469AF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{85483F7D-EA26-41DB-BF8F-78042E5CE27D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8942A596-C92E-4544-8AEE-81B038454850}: NameServer = 208.67.220.220,208.67.222.222

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
___________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u10, and install it to your computer.
  • Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
__________

Download ATF Cleaner by Atribune

Important: Make sure all your browsers are closed before running ATF Cleaner..
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
___________

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.


Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a
  • Fresh dds log.
  • kaspersky scan log
  • description on how your machine is running.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-19-2008, 10:46 AM   #5 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: search engine re-direct and pop-ups
Are you still with us?

If you don't reply within 2 days, I will mark this thread inactive and move it to another room.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-21-2008, 02:20 PM   #6 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: search engine re-direct and pop-ups
Angelfire777,

Yes, I'm still here.

Only got my broadband connection back today, after a major fault in the area.

Will be posting the results tomorrow.

Thanks

Tazmania199
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-21-2008, 02:24 PM   #7 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: search engine re-direct and pop-ups
Okay. Thanks for letting me know.

I shall be waiting for your logs.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-22-2008, 02:26 AM   #8 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: search engine re-direct and pop-ups
Angelfire777,

yes, I do use a wireless router, does that change anything ?? do I need to check my laptop as well ?

I have removed both emule and Limewire, both have not been used for ages, but forgot to uninstall.

I have attached both the new dds.log and kaspersky scan log.

My machine now looks to be running properly, can use search engine properly and do windows updates, does this mean my pc is now clear ??

Thanks
Attached Files
File Type: txt kaspersky.txt (1.3 KB, 1 views)
File Type: txt DDS.txt (12.1 KB, 1 views)
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-22-2008, 08:15 PM   #9 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: search engine re-direct and pop-ups
Hi,

Quote:
yes, I do use a wireless router, does that change anything ?? do I need to check my laptop as well ?
Not really. I was just curious.

Quote:
does this mean my pc is now clear
Almost .. Just a few files....


delete the following files using windows explorer:

L:\autorun.inf
M:\autorun.inf
N:\autorun.inf


Congratulations! Your log looks clean!

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.


Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-23-2008, 03:53 AM   #10 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: original 'search engine re-direct and pop-ups
Angelfire777,

I have deleted those files.but am unable to run combofix /u, as my pc says it doesnt exist.

Thanks
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-23-2008, 04:37 AM   #11 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: original 'search engine re-direct and pop-ups
Angelfire777,

my pc has reverted back and is now searching incorrect sites, pop-ups appear and I am unable to run windows update.

What should I do ?
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-23-2008, 07:43 AM   #12 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: original 'search engine re-direct and pop-ups
Angelfire777,


have attached new log files.

Thanks


DDS (Version 1.0) - NTFSx86
Run by David at 14:35:41.37 on 23/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2519 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\David\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys

=============== Created Last 30 ================

2008-11-22 14:56 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-11-22 14:56 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-11-18 21:20 91,968 a------- c:\windows\system32\drivers\SysPlant.sys
2008-11-18 21:19 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-18 21:19 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-18 21:19 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-18 21:19 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-11-18 21:19 1,060,864 a------- c:\windows\system32\MFC71.DLL
2008-11-18 21:19 <DIR> --d----- c:\program files\Symantec
2008-11-18 20:58 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-18 20:58 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-16 09:28 250 a------- c:\windows\gmer.ini
2008-11-15 12:31 <DIR> --d----- c:\program files\Lavasoft
2008-11-14 16:20 <DIR> --d----- C:\hijackthis
2008-11-12 14:54 118 a------- c:\windows\system32\MRT.INI
2008-11-12 13:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 13:17 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-09 11:24 244 a---h--- C:\sqmnoopt19.sqm
2008-11-09 11:24 232 a---h--- C:\sqmdata19.sqm
2008-11-08 23:36 244 a---h--- C:\sqmnoopt18.sqm
2008-11-08 23:36 232 a---h--- C:\sqmdata18.sqm
2008-11-08 09:17 244 a---h--- C:\sqmnoopt17.sqm
2008-11-08 09:17 232 a---h--- C:\sqmdata17.sqm
2008-11-07 23:33 244 a---h--- C:\sqmnoopt16.sqm
2008-11-07 23:33 232 a---h--- C:\sqmdata16.sqm
2008-11-07 15:03 244 a---h--- C:\sqmnoopt15.sqm
2008-11-07 15:03 232 a---h--- C:\sqmdata15.sqm
2008-11-07 00:09 244 a---h--- C:\sqmnoopt14.sqm
2008-11-07 00:09 232 a---h--- C:\sqmdata14.sqm
2008-11-06 14:29 244 a---h--- C:\sqmnoopt13.sqm
2008-11-06 14:29 232 a---h--- C:\sqmdata13.sqm
2008-11-05 22:51 244 a---h--- C:\sqmnoopt12.sqm
2008-11-05 22:51 232 a---h--- C:\sqmdata12.sqm
2008-11-05 15:15 244 a---h--- C:\sqmnoopt11.sqm
2008-11-05 15:15 232 a---h--- C:\sqmdata11.sqm
2008-11-04 23:05 244 a---h--- C:\sqmnoopt10.sqm
2008-11-04 23:05 232 a---h--- C:\sqmdata10.sqm
2008-11-03 22:10 244 a---h--- C:\sqmnoopt09.sqm
2008-11-03 22:10 232 a---h--- C:\sqmdata09.sqm
2008-11-02 23:38 244 a---h--- C:\sqmnoopt08.sqm
2008-11-02 23:38 232 a---h--- C:\sqmdata08.sqm
2008-11-01 09:57 244 a---h--- C:\sqmnoopt07.sqm
2008-11-01 09:57 232 a---h--- C:\sqmdata07.sqm
2008-10-31 22:45 244 a---h--- C:\sqmnoopt06.sqm
2008-10-31 22:45 232 a---h--- C:\sqmdata06.sqm
2008-10-31 07:59 244 a---h--- C:\sqmnoopt05.sqm
2008-10-31 07:59 232 a---h--- C:\sqmdata05.sqm
2008-10-30 23:40 244 a---h--- C:\sqmnoopt04.sqm
2008-10-30 23:40 232 a---h--- C:\sqmdata04.sqm
2008-10-29 22:50 244 a---h--- C:\sqmnoopt03.sqm
2008-10-29 22:50 232 a---h--- C:\sqmdata03.sqm
2008-10-29 14:14 244 a---h--- C:\sqmnoopt02.sqm
2008-10-29 14:14 232 a---h--- C:\sqmdata02.sqm
2008-10-29 12:31 244 a---h--- C:\sqmnoopt01.sqm
2008-10-29 12:31 232 a---h--- C:\sqmdata01.sqm
2008-10-28 22:53 244 a---h--- C:\sqmnoopt00.sqm
2008-10-28 22:53 232 a---h--- C:\sqmdata00.sqm
2008-10-26 15:58 4,980 a------- c:\windows\desctemp.dat
2008-10-24 15:03 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-19 12:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-18 21:20 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-13 19:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-31 07:56 <DIR> --d----- c:\program files\TTERMPRO
2008-10-29 21:34 <DIR> --d----- c:\program files\AnMing
2008-10-26 20:57 <DIR> --d----- c:\program files\PKR
2008-10-16 21:11 19,456 a------- c:\windows\system32\WPDShTerviceObj.dll
2008-10-07 18:10 <DIR> --d----- c:\docume~1\david\applic~1\Vso
2008-09-21 08:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2008-09-20 09:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-04 15:45 357,696 a------- c:\windows\system32\sysfer.dll
2008-09-04 15:45 107,840 a------- c:\windows\system32\SymVPN.dll
2008-09-04 15:44 49,472 a------- c:\windows\system32\FwsVpn.dll
2008-08-26 07:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-10 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-07-01 17:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2008-06-06 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TomTom
2008-06-06 18:00 <DIR> --d----- c:\docume~1\david\applic~1\TomTom
2008-03-30 14:57 <DIR> --d----- c:\docume~1\david\applic~1\Robots
2008-02-25 18:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zylom
2008-02-18 22:33 <DIR> --d--r-- c:\docume~1\david\applic~1\Brother
2008-01-25 18:38 <DIR> --d----- c:\docume~1\david\applic~1\vlc
2008-01-18 20:51 <DIR> --d----- c:\docume~1\david\applic~1\FotoWire
2008-01-17 20:29 <DIR> --d----- c:\docume~1\david\applic~1\InstallShield Installation Information
2008-01-17 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZip
2008-05-08 18:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 14:35:49.92 ===============
Attached Files
File Type: txt Attach.txt (11.2 KB, 1 views)
File Type: txt gmer.txt (8.2 KB, 3 views)
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-24-2008, 07:32 PM   #13 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: original 'search engine re-direct and pop-ups
Do you know how to reset your router? You may want to look at your manual if you still have it because it looks like we need to reset it.

If not, can you tell me the exact brand and model of your router?
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2008, 02:39 PM   #14 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp


Re: original 'search engine re-direct and pop-ups
Angelfre777,

I have reset my router and everything seems.

Thanks very much.

Tazmania199
tazmania199 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2008, 06:37 PM   #15 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: original 'search engine re-direct and pop-ups
Okay, good to know.

Surf Safe!
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:38 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85