Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google / Bing Search Engine results hijacked .Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 8th, 2009, 12:05 pm

I recently cleaned up this exploit using prevx. Then I got hit by 'antivirus 2009' which I managed to get off my PC.
Now I notice the google hijack is back but I cannot find it.
I've run ad-aware, prevx, malwarebytes, sophos, kaspersky, avg and while they say they find things and I get rid of them, the problem is still there.
I suspect antivirus 2009 killed my ability to boot into safe mode too.

I am pasting my hijackthis log. Help!!
================================ cut here ============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:53 AM, on 12/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\GIGABYTE\GEST\GEST.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TaggedFrog\TaggedFrog.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
D:\Program Files\Snagit\SnagIt32.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Snagit\TSCHelp.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
D:\Program Files\Snagit\SnagPriv.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVMain.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\Snagit\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\Snagit\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [GEST] "C:\Program Files\GIGABYTE\GEST\RUN.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"
O4 - HKLM\..\Run: [36X Raid Configurer] "C:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TaggedFrog] C:\Program Files\TaggedFrog\TaggedFrog.exe /tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SnagIt 8.lnk = D:\Program Files\Snagit\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://203.97.234.193/PlayerPT.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD48D82-ED3E-45A6-873A-94F7CFA0845B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FD48D82-ED3E-45A6-873A-94F7CFA0845B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FD48D82-ED3E-45A6-873A-94F7CFA0845B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0FD48D82-ED3E-45A6-873A-94F7CFA0845B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Update Service (gupdate1c9d0c5fcbe0f7e) (gupdate1c9d0c5fcbe0f7e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 12351 bytes

================================ cut here ============================
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am
Advertisement
Register to Remove

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby MWR 3 day Mod » December 13th, 2009, 1:10 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 15th, 2009, 1:39 pm

Hi outta,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 15th, 2009, 11:08 pm

Thanks for the help.
Here is the uninstall_list
=======================================================================
AC3Filter (remove only)
Ad-Aware
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack Version 1.7.3
AltME by SafeWorlds
Any Video Converter 2.7.6
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 8.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
BestPractice (remove only)
BOClean
BroadWave
Browser Defender 2.0.6.11
Camtasia Studio 6
CDisplay 1.8
Creative WebCam Instant Driver (1.01.02.0729)
Critical Update for Windows Media Player 11 (KB959772)
DesignPro 5.4 Limited Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Decrypter (Remove Only)
Dynamic Energy Saver B7.1214.3
EffectsLab DV (remove only)
ePrompter
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
Express Rip
ffdshow [rev 3026] [2009-07-05]
Flash Movie Player 1.5
FlashGet 1.9.2.1028
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Video to MP3 Converter version 3.2
FreeMind
FXhome PhotoKey 2 Pro Demo (remove only)
FXhome VisionLab Studio (remove only)
Gigabyte Raid Configurer
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Gordian Knot Rip Pack 0.35.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952155)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Matrix Storage Manager
Ipswitch WS_FTP Pro
IsoBuster 2.3
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Basic)
Lagarith Lossless Codec (1.3.19)
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
MediaCoder Audio Edition 0.7.2.4515
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
Morpheus Photo Animation Suite v3.10
Morpheus Photo Morpher v3.10
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetworkActiv PIAFCTM 2.2
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Free Effects for Windows
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
NewBlue Video Essentials for Windows
NewBlue Video Essentials II for Windows
NVIDIA Drivers
OpenOffice.org Installer 1.0
Paint Shop Pro 7 ESD
particleIllusion 3.0
PassKeeper 2.2
PDF Settings
Picasa 3
POP Peeper
Prevx 3.0
Prism Video Converter
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
SkillSoft Course Manager
Skype™ 4.1
SnagIt 8
Sony Vegas Pro 8.0
Sophos Anti-Rootkit 1.5.0
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
Spyware Doctor 7.0
TaggedFrog 1.0.2
TextPad 5
Traffic Travis 3.0.0
Trillian
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VASST PIPSelection 1.2.0
VASST SubText 1.4.0
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
VOB2MPG 2.5
VobSub v2.23 (Remove Only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WnBrowse 4.6
Xara3D6
XSitePro2
Xvid 1.2.2 final uninstall
Zenoté Blur for Vegas
Zenoté Glow for Vegas
Zenoté Grain for Vegas
Zenoté Letterbox for Vegas
Zenoté Random for Vegas

===========================================================================================================
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 16th, 2009, 6:21 am

Hi outta,

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    AVG8
    Sophos


  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them.

Please download DDS ... by sUBs.
Save it to your desktop. Alternate download link:here.
  • Double click the tool to run it.
  • A black Screen will open... read the contents but do nothing.
  • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
    Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
    if you close Notepad, before copying /pasting them... you will need to run DDS again.
  • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  • Once the reports have been posted, you can delete DDS from your desktop.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with DDS.txt and Attach.txt from the DDS scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 17th, 2009, 2:53 am

Thanks for you help.
I turned off the other virus scanner services and set them to manual start up.
The 3rd program GMER Rootkit scanner gave me problems.
I tried running it this morning and it produced 20k lines of output even though I checked to see that "Show All" was not set.
Then this evening it ran for hours and didn't complete so I had to stop it, save what it produced and decided to post that at least to see what is going on.
=====================================================================================================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2008 12:42:42 PM
System Uptime: 12/15/2009 11:51:07 PM (8 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2399/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 0.579 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 8.087 GiB free.
E: is CDROM ()
F: is CDROM ()
I: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP464: 11/28/2009 4:04:57 PM - System Checkpoint
RP465: 11/28/2009 11:12:15 PM - System Checkpoint
RP466: 11/30/2009 8:17:33 AM - System Checkpoint
RP467: 12/1/2009 9:14:22 AM - System Checkpoint
RP468: 12/2/2009 10:31:49 PM - System Checkpoint
RP469: 12/4/2009 3:08:12 AM - System Checkpoint
RP470: 12/4/2009 8:17:19 PM - Restore Operation
RP471: 12/4/2009 8:27:15 PM - Removed Ask Toolbar.
RP472: 12/4/2009 9:21:35 PM - Restore Operation
RP473: 12/6/2009 2:29:56 AM - System Checkpoint
RP474: 12/7/2009 2:37:41 AM - System Checkpoint
RP475: 12/7/2009 7:52:27 AM - Installed Sophos Anti-Virus
RP476: 12/7/2009 7:53:46 AM - Installed Sophos AutoUpdate
RP477: 12/8/2009 8:21:35 AM - System Checkpoint
RP478: 12/9/2009 3:00:17 AM - Software Distribution Service 3.0
RP479: 12/10/2009 10:25:46 PM - Avg8 Update
RP480: 12/11/2009 9:07:12 AM - Avg8 Update
RP481: 12/11/2009 9:08:06 AM - Avg8 Update
RP482: 12/13/2009 10:07:46 PM - Avira AntiVir Personal - 12/13/2009 22:07
RP483: 12/15/2009 11:29:37 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
AAC Decoder
AC3Filter (remove only)
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack Version 1.7.3
AltME by SafeWorlds
Any Video Converter 2.7.6
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVG 8.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
BestPractice (remove only)
BOClean
BroadWave
Browser Defender 2.0.6.11
Camtasia Studio 6
CDisplay 1.8
Creative WebCam Instant Driver (1.01.02.0729)
Critical Update for Windows Media Player 11 (KB959772)
DesignPro 5.4 Limited Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Decrypter (Remove Only)
Dynamic Energy Saver B7.1214.3
eFax Messenger
EffectsLab DV (remove only)
ePrompter
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
Express Rip
ffdshow [rev 3026] [2009-07-05]
Flash Movie Player 1.5
FlashGet 1.9.2.1028
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Video to MP3 Converter version 3.2
FreeMind
FXhome PhotoKey 2 Pro Demo (remove only)
FXhome VisionLab Studio (remove only)
Gigabyte Raid Configurer
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Gordian Knot Rip Pack 0.35.0
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952155)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Matrix Storage Manager
Ipswitch WS_FTP Pro
IsoBuster 2.3
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Basic)
Lagarith Lossless Codec (1.3.19)
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
MediaCoder Audio Edition 0.7.2.4515
Meebo Notifier
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
MKV Splitter
Morpheus Photo Animation Suite v3.10
Morpheus Photo Morpher v3.10
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetworkActiv PIAFCTM 2.2
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Free Effects for Windows
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
NewBlue Video Essentials for Windows
NewBlue Video Essentials II for Windows
NVIDIA Drivers
OpenOffice.org Installer 1.0
Paint Shop Pro 7 ESD
particleIllusion 3.0
PassKeeper 2.2
PDF Settings
Picasa 3
POP Peeper
Prevx 3.0
Prism Video Converter
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
SkillSoft Course Manager
Skype™ 4.1
SnagIt 8
Sony Vegas Pro 8.0
Sophos Anti-Rootkit 1.5.0
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
Spyware Doctor 7.0
TaggedFrog 1.0.2
TextPad 5
Traffic Travis 3.0.0
Trillian
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VASST PIPSelection 1.2.0
VASST SubText 1.4.0
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
VOB2MPG 2.5
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WnBrowse 4.6
Xara3D6
XML Paper Specification Shared Components Pack 1.0
XSitePro2
Xvid 1.2.2 final uninstall
Zenoté Blur for Vegas
Zenoté Glow for Vegas
Zenoté Grain for Vegas
Zenoté Letterbox for Vegas
Zenoté Random for Vegas
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

12/9/2009 7:41:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
12/9/2009 7:38:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect.
12/9/2009 7:38:28 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2009 7:36:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
12/9/2009 7:36:51 AM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2009 7:36:34 AM, error: W3SVC [115] - The service could not bind instance 1. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
12/9/2009 3:28:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
12/9/2009 3:28:12 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2009 3:28:11 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/9/2009 3:25:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/9/2009 3:25:24 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2009 11:59:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.
12/15/2009 11:21:45 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.
12/13/2009 3:07:45 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/13/2009 10:57:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the GEST Service for program management. service to connect.
12/13/2009 10:57:47 AM, error: Service Control Manager [7000] - The GEST Service for program management. service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 10:57:13 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/13/2009 10:52:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sophos Anti-Virus status reporter service to connect.
12/13/2009 10:52:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
12/13/2009 10:52:27 AM, error: Service Control Manager [7000] - The Sophos Anti-Virus status reporter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 10:52:27 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 10:51:57 AM, error: System Error [1003] - Error code 10000050, parameter1 e4406024, parameter2 00000000, parameter3 bf8327f3, parameter4 00000001.
12/13/2009 10:36:18 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001D7D035654 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/12/2009 4:09:35 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D7D035654 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/12/2009 1:44:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
12/12/2009 1:44:38 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2009 10:58:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sophos AutoUpdate Service service to connect.
12/11/2009 10:58:01 PM, error: Service Control Manager [7000] - The Sophos AutoUpdate Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2009 10:01:06 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/10/2009 11:24:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IIS Admin service to connect.
12/10/2009 11:24:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
12/10/2009 11:24:28 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2009 11:24:28 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2009 11:24:28 PM, error: Service Control Manager [7000] - The IIS Admin service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2009 11:24:11 PM, error: System Error [1003] - Error code c000021a, parameter1 e23239c8, parameter2 00000000, parameter3 00000000, parameter4 00000000.
12/10/2009 11:19:16 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
12/10/2009 11:19:12 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2009 11:18:39 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
12/10/2009 11:18:39 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The RPC server is unavailable.
12/10/2009 11:18:39 PM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
12/10/2009 10:27:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
12/10/2009 10:27:17 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Colin at 7:45:37.04 on Wed 12/16/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2197 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TaggedFrog\TaggedFrog.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
D:\Program Files\Snagit\SnagIt32.exe
C:\Program Files\ePrompter\ePrompter.exe
D:\Program Files\Snagit\TSCHelp.exe
D:\Program Files\Snagit\SnagPriv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Colin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\snagit\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\snagit\SnagItIEAddin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\documents and settings\colin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TaggedFrog] c:\program files\taggedfrog\TaggedFrog.exe /tray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Meebo Notifier] "c:\documents and settings\colin\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [GEST] "c:\program files\gigabyte\gest\RUN.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [36X Raid Configurer] "c:\windows\system32\xRaidSetup.exe" boot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BOC-427] c:\progra~1\comodo\cboclean\BOC427.exe
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\epromp~1.lnk - c:\program files\eprompter\ePrompter.exe
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - d:\program files\snagit\SnagIt32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://203.97.234.193/PlayerPT.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {0FD48D82-ED3E-45A6-873A-94F7CFA0845B} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\errowjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colin\application data\mozilla\firefox\profiles\errowjpz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\colin\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-8 207792]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-7-6 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-7-6 27656]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-13 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-28 27784]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-12-7 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-12-7 35584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-15 486280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-13 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-13 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-13 56816]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-7-28 73464]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-8 112592]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-7-6 4368952]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-27 297752]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-7-28 47624]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [2008-8-1 15488]
S2 gupdate1c9d0c5fcbe0f7e;Google Update Service (gupdate1c9d0c5fcbe0f7e);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\44.tmp --> c:\windows\system32\44.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2008-12-31 34064]
S3 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-8 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-8 1141712]
S3 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-6-26 172032]
S4 Dacsstep;Dacsstep; [x]
S4 DFKGMOH;DFKGMOH;c:\docume~1\colin\locals~1\temp\dfkgmoh.exe --> c:\docume~1\colin\locals~1\temp\DFKGMOH.exe [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-12-7 14976]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-1 1205760]
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 17th, 2009, 3:02 am

The GMER log is too long and it wont post here.
I have attached it as a rar file.

Hope that is OK.
You do not have the required permissions to view the files attached to this post.
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 17th, 2009, 2:46 pm

Hi outta,

Before we continue I must ask you not to make any changes to your system other than the ones I request while we resolve the issue, it impossible to monitor the expected changes to logs when other changes are being made.

In my last post I asked that you uninstall the multiple Antivirus programs and run just one. Disabling the real time scanning leave drivers still loaded that can interfere.

Please make sure that Only one Antivirus program is installed before we continue and then reboot.

You are seriously short of free disk space, if you are aware of data that you no longer need then please make some space, if not let me know and I will give instructions.

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

As long as you have the P2P program(s) installed, per Malware Removal Forum Policy, I can offer you no further assitance.

I strongly recommend that you uninstall: uTorrent
You can do so using the Control Panel >> Add or Remove Programs function...however, that choice is up to you.
If you choose NOT to remove these programs...indicate that in your next reply.

CKScanner:

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Now please run another DDS scan and post back both logs along with the contents of CKFiles.txt .
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 18th, 2009, 1:26 am

P2p was uninstalled as requested.
Files were deleted from C: to give it more space.
I went through and uninstalled the virus scanners, sophos, avira, spyware Dr ..
I ran the scanner and this is the result.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\jasc software inc\paint shop pro 7\presets\more cracks.pfl
c:\program files\jasc software inc\paint shop pro 7\presets\small cracks.pfl
scanner sequence 3.LB.11
----- EOF -----
DDS.txt
==========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Colin at 19:57:29.84 on Thu 12/17/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2543 [GMT -8:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TaggedFrog\TaggedFrog.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
D:\Program Files\Snagit\SnagIt32.exe
C:\Program Files\ePrompter\ePrompter.exe
D:\Program Files\Snagit\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Snagit\SnagPriv.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Colin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\snagit\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\snagit\SnagItIEAddin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\colin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TaggedFrog] c:\program files\taggedfrog\TaggedFrog.exe /tray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Meebo Notifier] "c:\documents and settings\colin\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [GEST] "c:\program files\gigabyte\gest\RUN.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [36X Raid Configurer] "c:\windows\system32\xRaidSetup.exe" boot
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\epromp~1.lnk - c:\program files\eprompter\ePrompter.exe
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - d:\program files\snagit\SnagIt32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://203.97.234.193/PlayerPT.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {0FD48D82-ED3E-45A6-873A-94F7CFA0845B} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\errowjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colin\application data\mozilla\firefox\profiles\errowjpz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\colin\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-7-6 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-7-6 27656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-15 486280]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-7-6 4368952]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-7-28 47624]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [2008-8-1 15488]
S2 gupdate1c9d0c5fcbe0f7e;Google Update Service (gupdate1c9d0c5fcbe0f7e);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\44.tmp --> c:\windows\system32\44.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2008-12-31 34064]
S4 Dacsstep;Dacsstep; [x]
S4 DFKGMOH;DFKGMOH;c:\docume~1\colin\locals~1\temp\dfkgmoh.exe --> c:\docume~1\colin\locals~1\temp\DFKGMOH.exe [?]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-1 1205760]

=============== Created Last 30 ================

2009-12-16 07:20:21 0 d-----w- c:\docume~1\colin\applic~1\CheckPoint
2009-12-16 07:19:10 0 d-----w- c:\program files\CheckPoint
2009-12-16 07:18:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-16 07:11:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-16 07:11:38 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-16 07:11:22 422437 ----a-w- c:\windows\system32\vsconfig.xml
2009-12-16 07:11:19 0 d-----w- c:\program files\Zone Labs
2009-12-16 07:10:59 0 d-----w- c:\windows\Internet Logs
2009-12-14 06:08:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 21:10:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-13 21:10:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-12 09:18:31 495190016 ----a-w- C:\bst1.tmp
2009-12-07 15:52:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2009-12-07 15:50:58 0 d-----w- C:\sophos-detector-stdtsa
2009-12-07 04:26:46 0 d-----w- c:\program files\Sophos
2009-12-07 00:28:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-06 20:22:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-06 20:19:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-06 20:18:56 0 d-----w- c:\program files\Lavasoft
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\mbox
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\attachments
2009-12-05 04:30:57 0 d-----w- c:\program files\Trend Micro
2009-12-03 15:53:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-12-02 16:13:19 0 d-sh--w- C:\found.000
2009-11-18 15:41:51 0 d-----w- c:\docume~1\colin\applic~1\Helios
2009-11-18 15:41:27 0 d-----w- c:\program files\TextPad 5

==================== Find3M ====================

2009-12-18 03:37:57 16608 ----a-w- c:\windows\gdrv.sys
2009-12-04 06:34:20 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-04 06:34:16 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 05:48:04 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 15:26:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-29 15:26:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 19:59:50.14 ===============
Attach.txt
=======================================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2008 12:42:42 PM
System Uptime: 12/17/2009 7:35:27 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 4.899 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 5.039 GiB free.
E: is CDROM ()
F: is CDROM ()
I: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP482: 12/13/2009 10:07:46 PM - Avira AntiVir Personal - 12/13/2009 22:07
RP483: 12/15/2009 11:29:37 PM - System Checkpoint
RP484: 12/17/2009 7:22:21 AM - Removed AVG Free 8.5
RP485: 12/17/2009 7:27:43 AM - Avira AntiVir Personal - 12/17/2009 7:27
RP486: 12/17/2009 7:41:26 AM - Removed Sophos Anti-Virus
RP487: 12/17/2009 7:42:51 AM - Removed Sophos AutoUpdate

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack Version 1.7.3
AltME by SafeWorlds
Any Video Converter 2.7.6
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AviSynth 2.5
BestPractice (remove only)
BroadWave
Camtasia Studio 6
CDisplay 1.8
Creative WebCam Instant Driver (1.01.02.0729)
Critical Update for Windows Media Player 11 (KB959772)
DesignPro 5.4 Limited Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Decrypter (Remove Only)
Dynamic Energy Saver B7.1214.3
eFax Messenger
EffectsLab DV (remove only)
ePrompter
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
Express Rip
ffdshow [rev 3026] [2009-07-05]
Flash Movie Player 1.5
FlashGet 1.9.2.1028
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Video to MP3 Converter version 3.2
FreeMind
FXhome PhotoKey 2 Pro Demo (remove only)
FXhome VisionLab Studio (remove only)
Gigabyte Raid Configurer
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Gordian Knot Rip Pack 0.35.0
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952155)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Matrix Storage Manager
Ipswitch WS_FTP Pro
IsoBuster 2.3
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Basic)
Lagarith Lossless Codec (1.3.19)
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
MediaCoder Audio Edition 0.7.2.4515
Meebo Notifier
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
MKV Splitter
Morpheus Photo Animation Suite v3.10
Morpheus Photo Morpher v3.10
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetworkActiv PIAFCTM 2.2
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Free Effects for Windows
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
NewBlue Video Essentials for Windows
NewBlue Video Essentials II for Windows
NVIDIA Drivers
OpenOffice.org Installer 1.0
Paint Shop Pro 7 ESD
particleIllusion 3.0
PassKeeper 2.2
PDF Settings
Picasa 3
POP Peeper
Prevx 3.0
Prism Video Converter
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
SkillSoft Course Manager
Skype™ 4.1
SnagIt 8
Sony Vegas Pro 8.0
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
TaggedFrog 1.0.2
TextPad 5
Traffic Travis 3.0.0
Trillian
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VASST PIPSelection 1.2.0
VASST SubText 1.4.0
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
VOB2MPG 2.5
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WnBrowse 4.6
Xara3D6
XML Paper Specification Shared Components Pack 1.0
XSitePro2
Xvid 1.2.2 final uninstall
Zenoté Blur for Vegas
Zenoté Glow for Vegas
Zenoté Grain for Vegas
Zenoté Letterbox for Vegas
Zenoté Random for Vegas
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

12/17/2009 7:40:53 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The system cannot find the file specified.
12/17/2009 7:16:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the GEST Service for program management. service to connect.
12/17/2009 7:16:09 AM, error: Service Control Manager [7000] - The GEST Service for program management. service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2009 7:12:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
12/17/2009 7:12:57 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2009 6:38:42 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YK-4BCE5168D8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0FD48D82-ED3E-. The master browser is stopping or an election is being forced.
12/17/2009 6:31:20 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.
12/17/2009 6:26:10 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is YK-4BCE5168D8.
12/17/2009 11:42:12 AM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

==== End Of File ===========================
Thanks.
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 19th, 2009, 4:34 pm

Hi outta,

Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop DFKGMOH
sc config DFKGMOH start= disabled
sc delete DFKGMOH
exit


Double click FixServices.bat. A window will open and close. This is normal.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Now please run another DDS scan and post both logs back with an update on how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 19th, 2009, 9:46 pm

Ran the service delete bat file.
I'm not sure it did anything because the window closed too fast.
I ran the other program and it cleared 58M off my drive.
I rebooted as it requested but my PC is having a hard time shutting down ... so I usually just end up pushing the restart button.
When it came back up - I tested the browser and reran the DDS scan.
Those actions have still not cleared the problem. My Search results are still being hijacked.
Here are the DDS outputs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2008 12:42:42 PM
System Uptime: 12/19/2009 5:25:47 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2399/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 5.278 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 5.039 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
I: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP482: 12/13/2009 10:07:46 PM - Avira AntiVir Personal - 12/13/2009 22:07
RP483: 12/15/2009 11:29:37 PM - System Checkpoint
RP484: 12/17/2009 7:22:21 AM - Removed AVG Free 8.5
RP485: 12/17/2009 7:27:43 AM - Avira AntiVir Personal - 12/17/2009 7:27
RP486: 12/17/2009 7:41:26 AM - Removed Sophos Anti-Virus
RP487: 12/17/2009 7:42:51 AM - Removed Sophos AutoUpdate

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack Version 1.7.3
AltME by SafeWorlds
Any Video Converter 2.7.6
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AviSynth 2.5
BestPractice (remove only)
BroadWave
Camtasia Studio 6
CDisplay 1.8
Creative WebCam Instant Driver (1.01.02.0729)
Critical Update for Windows Media Player 11 (KB959772)
DesignPro 5.4 Limited Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Decrypter (Remove Only)
Dynamic Energy Saver B7.1214.3
eFax Messenger
EffectsLab DV (remove only)
ePrompter
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
Express Rip
ffdshow [rev 3026] [2009-07-05]
Flash Movie Player 1.5
FlashGet 1.9.2.1028
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Video to MP3 Converter version 3.2
FreeMind
FXhome PhotoKey 2 Pro Demo (remove only)
FXhome VisionLab Studio (remove only)
Gigabyte Raid Configurer
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Gordian Knot Rip Pack 0.35.0
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952155)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Matrix Storage Manager
Ipswitch WS_FTP Pro
IsoBuster 2.3
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Basic)
Lagarith Lossless Codec (1.3.19)
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
MediaCoder Audio Edition 0.7.2.4515
Meebo Notifier
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
MKV Splitter
Morpheus Photo Animation Suite v3.10
Morpheus Photo Morpher v3.10
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetworkActiv PIAFCTM 2.2
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Free Effects for Windows
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
NewBlue Video Essentials for Windows
NewBlue Video Essentials II for Windows
NVIDIA Drivers
OpenOffice.org Installer 1.0
Paint Shop Pro 7 ESD
particleIllusion 3.0
PassKeeper 2.2
PDF Settings
Picasa 3
POP Peeper
Prevx 3.0
Prism Video Converter
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
SkillSoft Course Manager
Skype™ 4.1
SnagIt 8
Sony Vegas Pro 8.0
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
TaggedFrog 1.0.2
TextPad 5
Traffic Travis 3.0.0
Trillian
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VASST PIPSelection 1.2.0
VASST SubText 1.4.0
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
VOB2MPG 2.5
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WnBrowse 4.6
Xara3D6
XML Paper Specification Shared Components Pack 1.0
XSitePro2
Xvid 1.2.2 final uninstall
Zenoté Blur for Vegas
Zenoté Glow for Vegas
Zenoté Grain for Vegas
Zenoté Letterbox for Vegas
Zenoté Random for Vegas
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

12/19/2009 5:29:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
12/19/2009 5:29:23 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2009 5:29:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/19/2009 5:27:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/19/2009 5:27:54 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The InCD Helper (read only) service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2009 5:22:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/19/2009 5:22:57 PM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2009 8:03:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9d0c5fcbe0f7e) service to connect.
12/18/2009 8:03:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
12/18/2009 8:03:45 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c9d0c5fcbe0f7e) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2009 9:58:00 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YK-4BCE5168D8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0FD48D82-ED3E-. The master browser is stopping or an election is being forced.
12/17/2009 7:40:53 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The system cannot find the file specified.
12/17/2009 7:16:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the GEST Service for program management. service to connect.
12/17/2009 7:16:09 AM, error: Service Control Manager [7000] - The GEST Service for program management. service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2009 7:12:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
12/17/2009 7:12:57 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2009 11:42:12 AM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
12/17/2009 10:21:52 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is YK-4BCE5168D8.
12/17/2009 1:05:48 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Colin at 17:33:32.04 on Sat 12/19/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2573 [GMT -8:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TaggedFrog\TaggedFrog.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
D:\Program Files\Snagit\SnagIt32.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
D:\Program Files\Snagit\TSCHelp.exe
D:\Program Files\Snagit\SnagPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\Colin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\snagit\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\snagit\SnagItIEAddin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\colin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TaggedFrog] c:\program files\taggedfrog\TaggedFrog.exe /tray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Meebo Notifier] "c:\documents and settings\colin\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [GEST] "c:\program files\gigabyte\gest\RUN.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [36X Raid Configurer] "c:\windows\system32\xRaidSetup.exe" boot
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\epromp~1.lnk - c:\program files\eprompter\ePrompter.exe
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - d:\program files\snagit\SnagIt32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://203.97.234.193/PlayerPT.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {0FD48D82-ED3E-45A6-873A-94F7CFA0845B} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\errowjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colin\application data\mozilla\firefox\profiles\errowjpz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\colin\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-7-6 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-7-6 27656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-15 486280]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-7-6 4368952]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-7-28 47624]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [2008-8-1 15488]
S2 gupdate1c9d0c5fcbe0f7e;Google Update Service (gupdate1c9d0c5fcbe0f7e);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\44.tmp --> c:\windows\system32\44.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2008-12-31 34064]
S4 Dacsstep;Dacsstep; [x]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-1 1205760]

=============== Created Last 30 ================

2009-12-16 07:20:21 0 d-----w- c:\docume~1\colin\applic~1\CheckPoint
2009-12-16 07:19:10 0 d-----w- c:\program files\CheckPoint
2009-12-16 07:18:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-16 07:11:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-16 07:11:38 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-16 07:11:22 422438 ----a-w- c:\windows\system32\vsconfig.xml
2009-12-16 07:11:19 0 d-----w- c:\program files\Zone Labs
2009-12-16 07:10:59 0 d-----w- c:\windows\Internet Logs
2009-12-14 06:08:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 21:10:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-13 21:10:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 15:52:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2009-12-07 15:50:58 0 d-----w- C:\sophos-detector-stdtsa
2009-12-07 04:26:46 0 d-----w- c:\program files\Sophos
2009-12-07 00:28:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-06 20:22:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-06 20:19:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-06 20:18:56 0 d-----w- c:\program files\Lavasoft
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\mbox
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\attachments
2009-12-05 04:30:57 0 d-----w- c:\program files\Trend Micro
2009-12-03 15:53:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-12-02 16:13:19 0 d-sh--w- C:\found.000

==================== Find3M ====================

2009-12-20 01:29:23 16608 ----a-w- c:\windows\gdrv.sys
2009-12-04 06:34:20 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-04 06:34:16 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 05:48:04 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 15:26:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-29 15:26:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 17:36:06.14 ===============

Thanks for sticking with it.
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 20th, 2009, 4:24 pm

Hi outta,

The delete batch file worked OK, as confirmed by the DDS scan results.

One more to remove.

Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop Dacsstep
sc config Dacsstep start= disabled
sc delete Dacsstep
exit


Double click FixServices.bat. A window will open and close. This is normal.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 20th, 2009, 5:52 pm

I ran the bat file and downloaded the latest version of mbam but it didn't find anything even after an update.
Here is the log from mbam.
========================================================
Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/20/2009 1:34:35 PM
mbam-log-2009-12-20 (13-34-35).txt

Scan type: Quick Scan
Objects scanned: 115859
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=====================================================
Problem is still there :(
=====================================================
I reran DDS and I'm posting it to see if that helps.
======================================================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Colin at 13:36:16.45 on Sun 12/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2402 [GMT -8:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TaggedFrog\TaggedFrog.exe
C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\GIGABYTE\GEST\GEST.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
D:\Program Files\Snagit\SnagIt32.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
D:\Program Files\Snagit\TSCHelp.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Snagit\SnagPriv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware2\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\Colin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\snagit\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\snagit\SnagItIEAddin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\colin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TaggedFrog] c:\program files\taggedfrog\TaggedFrog.exe /tray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Meebo Notifier] "c:\documents and settings\colin\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [GEST] "c:\program files\gigabyte\gest\RUN.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [36X Raid Configurer] "c:\windows\system32\xRaidSetup.exe" boot
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware2\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\epromp~1.lnk - c:\program files\eprompter\ePrompter.exe
StartupFolder: c:\docume~1\colin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - d:\program files\snagit\SnagIt32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://203.97.234.193/PlayerPT.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {0FD48D82-ED3E-45A6-873A-94F7CFA0845B} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\errowjpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colin\application data\mozilla\firefox\profiles\errowjpz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\colin\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-7-6 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-7-6 27656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-15 486280]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-7-6 4368952]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-7-28 47624]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-3 38224]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [2008-8-1 15488]
S2 gupdate1c9d0c5fcbe0f7e;Google Update Service (gupdate1c9d0c5fcbe0f7e);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\44.tmp --> c:\windows\system32\44.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2008-12-31 34064]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-1 1205760]

=============== Created Last 30 ================

2009-12-16 07:20:21 0 d-----w- c:\docume~1\colin\applic~1\CheckPoint
2009-12-16 07:19:10 0 d-----w- c:\program files\CheckPoint
2009-12-16 07:18:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-16 07:11:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-16 07:11:38 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-16 07:11:22 422438 ----a-w- c:\windows\system32\vsconfig.xml
2009-12-16 07:11:19 0 d-----w- c:\program files\Zone Labs
2009-12-16 07:10:59 0 d-----w- c:\windows\Internet Logs
2009-12-14 06:08:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 21:10:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-13 21:10:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 15:52:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2009-12-07 15:50:58 0 d-----w- C:\sophos-detector-stdtsa
2009-12-07 04:26:46 0 d-----w- c:\program files\Sophos
2009-12-07 00:28:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-06 20:22:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-06 20:19:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-06 20:18:56 0 d-----w- c:\program files\Lavasoft
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\mbox
2009-12-05 06:37:09 0 d-----w- c:\documents and settings\colin\attachments
2009-12-05 04:30:57 0 d-----w- c:\program files\Trend Micro
2009-12-03 15:53:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-12-02 16:13:19 0 d-sh--w- C:\found.000

==================== Find3M ====================

2009-12-20 18:00:33 16608 ----a-w- c:\windows\gdrv.sys
2009-12-04 06:34:20 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-04 06:34:16 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 05:48:04 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 15:26:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-29 15:26:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 13:38:41.20 ===============
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby deltalima » December 21st, 2009, 3:44 pm

Hi outta,

I see that WinPcap is running on the computer, while there is nothing bad in this it seems unusual to be installed when Wireshark is not installed.

Could you please let me know if you were aware of WinPcap being installed, if you want to keep it that is fine but if it is there without your knowledge then we can remove it.

Using Rootkit Revealer

Please download Rootkit Revealer from Sysinternals and save it to your desktop.

  • Right click on RootkitRevealer.zip and select Extract All....
  • Click Next on seeing the Welcome screen.
  • You will see a screen asking you to select where you want the files to be extracted to. By default, this will be desktop.
  • Click Next again.
  • Check (tick) Show extracted files box and click Finish.
  • Double click on RootkitRevealer.exe to run it.
  • A license agreement will be shown to you. Read through it and click on Agree.
  • Click on Scan at the bottom right hand corner.
  • When the scan is done, Rootkit Revealer will say Scan complete: X discrepancies found (X are numbers; message at the bottom left hand corner).
  • Click on File > Save.
  • By default, it would save to C:\Windows\System32 folder.
  • Click on Desktop on the left, then click on the Save button.
  • A RootkitRevealer.txt will be on your desktop.
  • Open it, select all the contents, copy and paste the contents in your next reply.

TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply

Please let me know about WinPcap in your next reply and post the results from the RootkitRevealer and TDSSKiller scans in your next post.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google / Bing Search Engine results hijacked .Help!

Unread postby outta » December 22nd, 2009, 11:33 am

Winpcap could be something I installed. I can't remember.
I can remove it if you think it could be a vehicle for sniffing traffic.
I have run rootkitrevealer before but I can not save the output as the program then hangs and then dies.
Could be a rootkit doing that so I've attached the image of the screen just prior to a save.

The tdsskiller doesn't find anything and there is no output file for it.
I didn't read your instructions clearly when I first ran it and just double clicked the program.
I think I saw it say it found something and terminated a service and was waiting for Y ? N prompt.

I cancelled it once I found I was not using your instructions properly.
Subsequent runs have not found anything
I'm not sure if the problem has gone away yet but I wanted to post what I had.

Thanks again.
You do not have the required permissions to view the files attached to this post.
outta
Regular Member
 
Posts: 17
Joined: December 8th, 2009, 11:57 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware