Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Re-direct

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Re-direct

Unread postby Simonmilne80 » August 5th, 2011, 6:08 am

Hi I have been having a problem with google and firefox.
about 1 in 5 times when i search for something and click on a link, it takes me somewhere i dont want to be, oftern to sites with virus's etc.
I have run numurous scans with many different AV's im currently running AVAST which is fully up to date, and have also run the eset online scan, the bitdefender online scan and have prevx CSI on my machine as well as Malware Bytes, which was updated yesterday and came up clean!
Im now at a loss as to what i should do as its for one thing really annoying, but more importantly im not sure what else this thing is / could be doing!

I have run Hijack this, but to be honest i would not know what is good and what is not, would some clever person be able to look over the log and let me know if there is anything i should be worried about?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:25, on 05/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.uk.msn.com/USSMB/2
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-789515784-2392955507-1518640950-1022\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-789515784-2392955507-1518640950-1022\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '_ocster_backup_')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprof ... emLite.CAB
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: EaseUs Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Express Accounts (ExpressAccountsService) - Unknown owner - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe
O23 - Service: Express Invoice (ExpressInvoiceService) - Unknown owner - C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inventoria Stock Manager (InventoriaService) - Unknown owner - C:\Program Files\NCH Software\Inventoria\inventoria.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - c:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 11992 bytes

Many thanks, for any help,

Kind regards,

Simon
Simonmilne80
Active Member
 
Posts: 5
Joined: August 5th, 2011, 6:03 am
Advertisement
Register to Remove

Re: Search Engine Re-direct

Unread postby diver79 » August 7th, 2011, 4:57 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer only! Using these instructions on a different computer, can make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Hi Simonmilne80,

I will be assisting you in removing any malware we find on your PC. It is important that you read the following post ALL USERS OF THIS FORUM MUST READ THIS FIRST

It contains instructions on how to post a set of DDS logs. We no longer use Hijackthis, as DDS gives us a better overview of your machine. Please follow the instructions in the above link and reply back with both DDS logs.

Thanks,

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Search Engine Re-direct

Unread postby Simonmilne80 » August 7th, 2011, 5:53 pm

Thanks for your help :) Ive now run the DDS.scr and here are the outputs

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Simon at 22:48:16 on 2011-08-07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3067.2122 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DellTPad\Apoint.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
svchost.exe
C:\Program Files\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: DeGoTB Toolbar: {b5fb4c8d-8220-4a63-8e0f-708cdd0f4c3d} - c:\program files\degotb\prxtbDeGo.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google Update] "c:\documents and settings\simon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprof ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FC3AC7A7-3240-4915-A4AE-E62637DFF501} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\simon\application data\mozilla\firefox\profiles\0gqy959i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\simon\application data\mozilla\firefox\profiles\0gqy959i.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\simon\application data\mozilla\firefox\profiles\0gqy959i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\simon\application data\mozilla\firefox\profiles\0gqy959i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\simon\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\simon\local settings\application data\spoon\3.14.0.4\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 cfrpd;cfrpd;c:\windows\system32\drivers\cfrpd.sys [2009-9-11 53280]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-12-22 30472]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-12-22 20744]
R0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\drivers\ShredderDriver32.sys [2011-6-3 28032]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-12 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-12 309848]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-12-22 14216]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-7-19 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-7-19 33072]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\simon\local settings\temp\VCdRom.sys [2001-12-19 8576]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-12 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-12 42184]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-12 21992]
R2 EaseUs Agent;EaseUs Agent;c:\program files\easeus\easeus todo backup 2.0 beta\bin\Agent.exe [2010-12-22 55688]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
R2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 ocster_backup;Ocster Backup;c:\program files\ocster backup\bin\backupService-ox.exe [2011-5-19 18200]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
R2 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2010-1-19 9216]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-9 112512]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2011-7-13 16640]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-12-22 187400]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2010-8-2 11136]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2010-8-2 37248]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2010-12-13 6878848]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-9 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-9 41760]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-7-9 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-7-9 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ExpressAccountsService;Express Accounts;c:\program files\nch software\expressaccounts\expressaccounts.exe [2011-2-16 2131972]
S3 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2011-2-16 1674244]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-7-16 21064]
S3 InventoriaService;Inventoria Stock Manager;c:\program files\nch software\inventoria\inventoria.exe [2011-2-16 1363972]
S3 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-7-9 141376]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-08-06 13:51:03 -------- d-----w- c:\documents and settings\simon\application data\NCH Software
2011-08-05 09:57:39 388096 ----a-r- c:\documents and settings\simon\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-28 22:33:45 -------- d-----w- C:\9e9da683d8d03257d8cb9a046be183
2011-07-28 21:45:00 -------- dc-h--w- c:\windows\ie8
2011-07-28 21:42:14 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-07-28 21:42:14 58288 ------w- c:\windows\system32\rpcnet.exe
2011-07-22 18:03:16 -------- d-----w- C:\Garmin
2011-07-20 08:26:27 -------- d-----w- c:\program files\CCleaner
2011-07-19 10:07:48 -------- d-----w- c:\documents and settings\simon\VirtualBox VMs
2011-07-19 09:33:40 -------- d-----w- c:\documents and settings\simon\.VirtualBox
2011-07-19 09:33:15 154416 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-19 09:33:08 33072 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-19 09:32:59 -------- d-----w- c:\program files\Oracle
2011-07-19 07:14:03 -------- d-----w- c:\program files\Inpaint
2011-07-16 12:12:30 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-16 12:12:28 -------- d-----w- c:\program files\Prevx
2011-07-16 12:12:20 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-07-16 12:10:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-16 11:47:38 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 11:47:22 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-07-13 22:05:56 16640 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2011-07-12 14:42:02 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-12 14:41:45 40112 ----a-w- c:\windows\avastSS.scr
2011-07-12 14:41:34 -------- d-----w- c:\program files\AVAST Software
2011-07-12 14:41:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-12 12:20:51 731000 ----a-w- C:\autoruns.exe
2011-07-12 12:20:51 595320 ----a-w- C:\autorunsc.exe
2011-07-11 11:25:37 -------- d-----w- C:\w111
2011-07-11 11:23:33 61440 ----a-w- c:\windows\system32\W32N50.dll
2011-07-11 11:23:33 379488 ----a-w- c:\windows\system32\drivers\wg111nd5.sys
2011-07-11 11:23:33 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2011-07-11 11:23:33 15577 ----a-w- c:\windows\system32\PCANDIS3.VXD
2011-07-10 09:24:53 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2011-07-10 09:24:53 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-07-10 09:24:53 -------- d-----w- c:\program files\PdaNet for Android
.
==================== Find3M ====================
.
2011-08-07 17:13:07 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-07-31 08:31:04 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-26 09:49:58 73728 ----a-w- c:\windows\system32\TOverlay.ax
2011-06-19 21:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 09:42:23 331776 ------w- c:\windows\Setup1.exe
2011-06-16 09:42:22 198656 ------w- c:\windows\system32\comdlg32.ocx
2011-06-16 09:42:22 151622 ------w- c:\windows\modcas.dll
2011-06-16 09:42:22 1384479 ------w- c:\windows\msvbvm60.dll
2011-06-16 09:42:21 73216 ----a-w- c:\windows\ODEUNST.EXE
2011-06-16 09:42:21 101888 ------w- c:\windows\odestkit.dll
2011-06-16 09:42:20 1445 ----a-w- c:\windows\SETUP.LST.tmp
2011-06-14 16:16:44 218416 ----a-w- c:\windows\system32\iwpsetup.exe
2011-06-10 12:31:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-10 12:31:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 08:38:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-03 08:38:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 14:07:35 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-05-29 10:34:56 28032 ----a-w- c:\windows\system32\drivers\ShredderDriver32.sys
.
============= FINISH: 22:51:42.03 ===============

Hope this is what you need :) if you need anything more just let me know.

Many thanks again

Simon
Simonmilne80
Active Member
 
Posts: 5
Joined: August 5th, 2011, 6:03 am

Re: Search Engine Re-direct

Unread postby Simonmilne80 » August 7th, 2011, 5:57 pm

And here is the attach log :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15/07/2009 12:41:22
System Uptime: 07/08/2011 07:47:18 (15 hours ago)
.
Motherboard: Dell Inc. | | 0P369J
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2393/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 85.013 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP487: 20/07/2011 09:40:01 - System Checkpoint
RP488: 20/07/2011 09:40:01 - System Checkpoint
RP489: 20/07/2011 09:40:01 - System Checkpoint
RP490: 20/07/2011 09:40:00 - System Checkpoint
RP491: 20/07/2011 09:40:00 - Software Distribution Service 3.0
RP492: 20/07/2011 09:39:59 - System Checkpoint
RP493: 20/07/2011 09:39:59 - System Checkpoint
RP494: 20/07/2011 09:39:59 - Software Distribution Service 3.0
RP495: 20/07/2011 09:39:58 - System Checkpoint
RP496: 20/07/2011 09:39:58 - System Checkpoint
RP497: 20/07/2011 09:39:58 - System Checkpoint
RP498: 20/07/2011 09:39:58 - System Checkpoint
RP499: 20/07/2011 09:39:57 - System Checkpoint
RP500: 20/07/2011 09:39:57 - System Checkpoint
RP501: 20/07/2011 09:39:57 - System Checkpoint
RP502: 20/07/2011 09:39:57 - System Checkpoint
RP503: 20/07/2011 09:39:56 - Installed Microsoft Tool Web Package : OLEVIEW.EXE
RP504: 20/07/2011 09:39:56 - System Checkpoint
RP505: 20/07/2011 09:39:56 - System Checkpoint
RP506: 20/07/2011 09:39:55 - Software Distribution Service 3.0
RP507: 20/07/2011 09:39:55 - System Checkpoint
RP508: 20/07/2011 09:39:55 - System Checkpoint
RP509: 20/07/2011 09:39:54 - System Checkpoint
RP510: 20/07/2011 09:39:54 - System Checkpoint
RP511: 20/07/2011 09:39:54 - System Checkpoint
RP512: 20/07/2011 09:39:54 - System Checkpoint
RP513: 20/07/2011 09:39:53 - System Checkpoint
RP514: 20/07/2011 09:39:53 - System Checkpoint
RP515: 20/07/2011 09:39:53 - System Checkpoint
RP516: 20/07/2011 09:39:53 - System Checkpoint
RP517: 20/07/2011 09:39:52 - System Checkpoint
RP518: 31/05/2011 15:23:36 - Installed Adobe Acrobat X Pro - English, Français, Deutsch.
RP519: 01/06/2011 17:42:43 - System Checkpoint
RP520: 03/06/2011 02:46:19 - System Checkpoint
RP521: 04/06/2011 10:55:37 - System Checkpoint
RP522: 05/06/2011 18:07:28 - System Checkpoint
RP523: 07/06/2011 10:11:20 - System Checkpoint
RP524: 08/06/2011 10:46:17 - System Checkpoint
RP525: 09/06/2011 14:17:49 - System Checkpoint
RP526: 10/06/2011 13:29:13 - Installed Java(TM) SE Development Kit 6 Update 26
RP527: 10/06/2011 13:31:00 - Removed Java(TM) 6 Update 20
RP528: 11/06/2011 19:57:25 - System Checkpoint
RP529: 13/06/2011 12:45:17 - System Checkpoint
RP530: 14/06/2011 16:03:53 - Installed Microsoft Office Access database engine 2007 (English)
RP531: 15/06/2011 17:07:44 - System Checkpoint
RP532: 15/06/2011 23:36:49 - Software Distribution Service 3.0
RP533: 16/06/2011 23:40:43 - Software Distribution Service 3.0
RP534: 18/06/2011 20:07:47 - System Checkpoint
RP535: 20/06/2011 00:47:12 - System Checkpoint
RP536: 20/06/2011 11:06:36 - Installed Remote Desktop Connection
RP537: 20/06/2011 11:33:35 - Software Distribution Service 3.0
RP538: 20/06/2011 12:19:46 - Software Distribution Service 3.0
RP539: 21/06/2011 19:46:53 - System Checkpoint
RP540: 23/06/2011 15:12:51 - System Checkpoint
RP541: 24/06/2011 15:14:56 - System Checkpoint
RP542: 25/06/2011 16:14:48 - System Checkpoint
RP543: 26/06/2011 17:56:14 - System Checkpoint
RP544: 27/06/2011 19:58:59 - System Checkpoint
RP545: 29/06/2011 08:33:00 - System Checkpoint
RP546: 29/06/2011 08:50:18 - Software Distribution Service 3.0
RP547: 30/06/2011 19:45:17 - System Checkpoint
RP548: 01/07/2011 20:58:39 - System Checkpoint
RP549: 03/07/2011 00:02:48 - Removed Microsoft Application Compatibility Toolkit 5.6
RP550: 03/07/2011 00:03:29 - Removed MySQL Compare 1
RP551: 04/07/2011 02:02:42 - System Checkpoint
RP552: 04/07/2011 21:06:05 - Installed PHP 5.3.6
RP553: 06/07/2011 10:08:03 - System Checkpoint
RP554: 06/07/2011 21:43:24 - Installed RD Tabs
RP555: 07/07/2011 21:44:29 - System Checkpoint
RP556: 08/07/2011 22:16:54 - System Checkpoint
RP557: 10/07/2011 10:30:41 - Unsigned driver install
RP558: 11/07/2011 12:23:31 - Installed NETGEAR WG111 Software
RP559: 11/07/2011 12:26:39 - Installed NETGEAR WG111 Software
RP560: 12/07/2011 13:35:41 - Removed Simply Thumbnail Creator V2
RP561: 12/07/2011 14:49:35 - avast! Free Antivirus Setup
RP562: 12/07/2011 15:41:34 - avast! Free Antivirus Setup
RP563: 13/07/2011 16:02:32 - System Checkpoint
RP564: 14/07/2011 10:14:52 - Software Distribution Service 3.0
RP565: 15/07/2011 21:16:40 - System Checkpoint
RP566: 16/07/2011 22:49:38 - System Checkpoint
RP567: 18/07/2011 10:21:17 - System Checkpoint
RP568: 19/07/2011 10:32:46 - Installed Oracle VM VirtualBox 4.0.12
RP569: 20/07/2011 12:38:04 - System Checkpoint
RP570: 21/07/2011 16:12:05 - System Checkpoint
RP571: 22/07/2011 17:01:41 - System Checkpoint
RP572: 23/07/2011 18:00:23 - System Checkpoint
RP573: 24/07/2011 18:48:54 - System Checkpoint
RP574: 26/07/2011 10:14:02 - System Checkpoint
RP575: 27/07/2011 14:28:03 - System Checkpoint
RP576: 28/07/2011 22:45:16 - Installed Windows Internet Explorer 8.
RP577: 28/07/2011 22:46:31 - Software Distribution Service 3.0
RP578: 28/07/2011 23:08:02 - Installed Microsoft Fix it 50195
RP579: 28/07/2011 23:22:41 - Installed Microsoft Fix it 50202
RP580: 28/07/2011 23:33:39 - Software Distribution Service 3.0
RP581: 30/07/2011 23:13:45 - Software Distribution Service 3.0
RP582: 01/08/2011 10:56:14 - System Checkpoint
RP583: 02/08/2011 12:37:15 - System Checkpoint
RP584: 03/08/2011 15:41:44 - System Checkpoint
RP585: 04/08/2011 17:59:24 - System Checkpoint
RP586: 05/08/2011 10:57:37 - Installed HiJackThis
RP587: 06/08/2011 14:12:49 - System Checkpoint
RP588: 07/08/2011 19:14:21 - System Checkpoint
.
==== Installed Programs ======================
.
1&1 EasyLogin
1AVCapture version 1.9.0.01
AccessRuntime
Acrobat.com
Active Query Builder .NET Edition v1.9.3.180
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.2
Adobe Reader 9.4.4
Advanced Site Submitter 1.0
Aid file recovery software version 3.2.0.0
Akamai NetSession Interface
Android SDK Tools
AnyDVD
Apple Application Support
Apple Software Update
Applian Director
Asterisk Key 10.0
µTorrent
AudioShell 1.3.5
avast! Free Antivirus
BitLord v2.0
Bomgar Representative Console [support.rpmi.co.uk]
Borland Database Engine Setup
CCleaner
CDBurnerXP
CdCoverCreator 2.5.3
Choice Guard
CloneDVD2
CoffeeCup Free DHTML Menu Builder
CoffeeCup Web JukeBox
Compatibility Pack for the 2007 Office system
coverXP (remove only)
CPUID CPU-Z 1.57.1
Crystal Reports Basic for Visual Studio 2008
CutePDF Writer 2.7
Debugging Tools for Windows (x86)
DeGoTB Toolbar
Dell Backup and Recovery Manager
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Center
Dell Webcam Manager
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DVD Shrink 3.2
EASEUS Todo Backup 2.0 Beta
EasyCapture 1.2.0.0
Eazfuscator.NET
EPSON Printer Software
ESET Online Scanner v3
Express Accounts
Express Invoice
Fiddler2
FileWing Pro
FileZilla Client 3.5.0
Flash Decompiler Gold 2.3.1.1386
Flash Decompiler Trillix
Foxit PDF Editor
Google Chrome
Google Earth
Google Update Helper
GRT Recover My File 2.6
High Definition Audio Driver Package - KB835221
HiJackThis
Hitman Pro 3.5
Hotel Management System
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2465361)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
IcoFX 1.6.4
IDBE Ribbon Creator
IDT Audio
Image Assistant
Inpaint 3.0
inSSIDer 2.0
Instant Proxy 1.0 - Proxy Finder (Freeware Version)
Intel PROSet Wireless
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless WiFi Software
Inventoria Stock Manager
IP Address Lookup v2.0.092606
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 26
Junk Mail filter update
K-Lite Codec Pack 5.4.4 (Full)
Kahlown
Laptop Integrated Webcam Driver (1.01.01.0529)
Likno Web Modal Windows Builder 2.0.210
LINQPad
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LogoEase
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2002 Runtime
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft GIF Animator
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Office XP Developer - English
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQL2005)
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Management Objects Collection
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2008 Web Deployment Projects
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Web Platform Installer 2.0
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MOD 10.0 Baseline (English-x86-CD)
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.6.17)
Mozilla Firefox 6.0 (x86 en-GB)
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
My Audio Studio v2.0.0.1
MyPhoneExplorer
Napster
Napster Burn Engine
neroxml
NetObjects Fusion 1&1 Edition
Nevron .NET Vision 2010.1 for VS2008
Notepad++
NVIDIA Drivers
Ocster Backup Pro
Office Ribbon Editor 3.0.0 Alpha 7
OGA Notifier 2.0.0048.0
Opera 11.01
Oracle VM VirtualBox 4.0.12
Paint.NET v3.5.8
PDF-Viewer
PDF OCR 4.0
PDF Settings CS5
Photo Stamp Remover 3.1
Photosmart 140,240,7200,7600,7700,7900 Series
PhotoStage Slideshow Producer
PHP 5.3.6
PowerDVD DX
Protected Folder
Proxy Finder
PS7900
PSShortcutsP
PSUsage
QFolder
QuickTime
RankEnhancer
RD Tabs
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Redtube Video Downloader 3.26
Remote Desktop Web Connection
Replay Media Catcher 4
Replay Music
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB963027)
Segoe UI
SensiGuard 3.2
Serif PagePlus Starter Edition
SiteMap Generator 0.95 (beta)
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Sound Editor Deluxe v6.0.1
Spelling Dictionaries Support For Adobe Reader 9
Spotify
SQL Server System CLR Types
SQLXML4
Streaming Audio Recorder V2.3.2
Summae 1.01
SysResources Manager
System Requirements Lab for Intel
TeamViewer 6
Time Stopper
TrueCrypt
Tweak UI
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - KB2465361 - (v9.0.30729.5570)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x64 Runtime - v9.0.30729.5570
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.5570
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Vodafone Mobile Connect
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Grep 2.3
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Presentation Foundation
WinHTTrack Website Copier 3.43-7
WinID
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.6.0
Wondershare DemoCreator (Build 3.0.6)
XML Marker version 1.1
XML Paper Specification Shared Components Pack 1.0
XNResourceEditor 3.0.0.1
xSQL Bundle
YouTube Downloader 2.6.5
YouTube Downloader Suite V2.5.1
Zero Assumption Digital Image Recovery 1.2
.
==== Event Viewer Messages From Past Week ========
.
04/08/2011 18:30:15, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
03/08/2011 08:02:59, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
02/08/2011 18:46:00, error: MRxSmb [8003] - The master browser has received a server announcement from the computer VISTA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FC3AC7A7-3240-4915-. The master browser is stopping or an election is being forced.
02/08/2011 07:38:00, error: System Error [1003] - Error code 000000d1, parameter1 ffffffe1, parameter2 00000002, parameter3 00000000, parameter4 b9e86f77.
.
==== End Of File ===========================

Thanks again

Simon
Simonmilne80
Active Member
 
Posts: 5
Joined: August 5th, 2011, 6:03 am

Re: Search Engine Re-direct

Unread postby diver79 » August 7th, 2011, 5:59 pm

Simonmilne80,

When you run DDS it should produce two logs, you have posted the first one. The 2nd log is titled attach.txt.

Please re-run DDS and post the attach.txt file.

I am currently researching your logs and will post instructions soon. Please note that all my posts need to be approved by a malware removal expert which may lead to a slight delay in getting back to you.

Thanks,

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Search Engine Re-direct

Unread postby diver79 » August 7th, 2011, 6:09 pm

Aha, I spoke too soon :lol: You can ignore the last post.

Looking into your logs now.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Search Engine Re-direct

Unread postby Simonmilne80 » August 7th, 2011, 6:16 pm

Thanks, apologies for not posting both at the same time doh!
Simonmilne80
Active Member
 
Posts: 5
Joined: August 5th, 2011, 6:03 am

Re: Search Engine Re-direct

Unread postby diver79 » August 10th, 2011, 3:39 pm

Hi Simonmilne80,

The following programs appear to be business related.
Express Accounts
Express Invoice
Hotel Management System
Please let me know if this machine is used for business or personal use.


P2P Programs
  • You have a number of Peer to Peer file sharing programs installed on your PC. These programs are a sure fire way to get your PC infected. In order to receive support here you will need to remove them.
    µTorrent
    BitLord v2.0
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


I will also need the logs from the following scans in order to compile your fix. Please follow the instructions below.
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


For your next reply
  • Confirmation of P2P removal
  • Business Use answer
  • MGA log
  • Ckscanner log
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Search Engine Re-direct

Unread postby Simonmilne80 » August 10th, 2011, 7:32 pm

Hi,
Thanks for your reply, in answer to your question 1:
I can confirm I have removed both utorrent and bitlord

In answer to the business question, this machine was a business machine originally but when new machines were purchased we were able to purchase the old ones hence i now have this machine for personal use :)
With regard to the apps, the hotel system was something i tweaked for a friend who owns a pub, to get free beer :) and the two accounts apps were just downloaded to see what they were like as my other half is setting up a business and wanted me to check the stuff out first. So i can confirm this is a machine for my personal use now not business. Im sure you can guess that from the other apps (ie p2p etc lol) dont think work would have been too impressed if they were there lol.

With regard to the logs here is the windows one:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {FD0E197F-F8CE-4361-BF11-E555E23CB9EA}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 7E90FEE8-198-80004005_77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FD0E197F-F8CE-4361-BF11-E555E23CB9EA}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-789515784-2392955507-1518640950</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1720</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="5"/><Date>20100305000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>A576317F0184ED79</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Vostro 1720</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17699</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 7DF9:Dell Inc|4E24:HITACHI, Ltd|4E24:HITACHI, Ltd|4E24:HITACHI, Ltd|7DF9:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

and here is the CK one:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\vbmdcrack.exe
c:\android_sdk\android-sdk-windows\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\android_sdk\android-sdk-windows\docs\reference\javax\crypto\keygenerator.html
c:\android_sdk\android-sdk-windows\docs\reference\javax\crypto\keygeneratorspi.html
c:\program files\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\program files\android\android-sdk\docs\reference\javax\crypto\keygenerator.html
c:\program files\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\webtemplatesdisc3\120+ cgi & php scripts\antileechcracker.zip
c:\webtemplatesdisc3\2995+ fonts\crackdr2.ttf
c:\webtemplatesdisc3\2995+ fonts\crackman.ttf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11.UDNAEU
----- EOF -----

Hope these files help,

Many thanks

Simon
Simonmilne80
Active Member
 
Posts: 5
Joined: August 5th, 2011, 6:03 am

Re: Search Engine Re-direct

Unread postby Cypher » August 11th, 2011, 1:42 pm

Cracked Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section Use of "cracked" programs explains why we do not offer help for such computers.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware