[Closed] Search engine redirect problem 2

pompman · Dec 5, 2010

GMER Log as per search engine redirect post 1.

Steve Pomp

DDS Logs

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2009 6:56:23 PM
System Uptime: 12/5/2010 12:48:20 PM (8 hours ago)

Motherboard: Intel Corporation | | D865PERL
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | J2E1 | 2593/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | J2E1 | 2593/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 24.75 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 761.414 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 112 GiB total, 111.721 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI TV Wonder 200 A/V Capture
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00F81002&REV_05\4&2E98101C&0&08F0
Manufacturer: ATI Technologies
Name: ATI TV Wonder 200 A/V Capture
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00F81002&REV_05\4&2E98101C&0&08F0
Service: ATICXCAP

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mferkdk
Device ID: ROOT\LEGACY_MFERKDK\0000
Manufacturer:
Name: McAfee Inc. mferkdk
PNP Device ID: ROOT\LEGACY_MFERKDK\0000
Service: mferkdk

==== System Restore Points ===================

RP371: 7/7/2010 1:54:47 AM - System Checkpoint
RP372: 7/8/2010 2:55:52 AM - System Checkpoint
RP373: 7/9/2010 3:54:48 AM - System Checkpoint
RP374: 7/10/2010 4:53:00 AM - System Checkpoint
RP375: 7/11/2010 5:52:52 AM - System Checkpoint
RP376: 7/12/2010 6:52:51 AM - System Checkpoint
RP377: 7/13/2010 7:34:37 AM - System Checkpoint
RP378: 7/14/2010 7:35:41 AM - System Checkpoint
RP379: 7/15/2010 8:22:42 AM - System Checkpoint
RP380: 7/16/2010 9:22:43 AM - System Checkpoint
RP381: 7/17/2010 9:24:39 AM - System Checkpoint
RP382: 7/18/2010 10:24:39 AM - System Checkpoint
RP383: 7/19/2010 11:24:39 AM - System Checkpoint
RP384: 7/20/2010 12:24:40 PM - System Checkpoint
RP385: 7/21/2010 12:25:44 PM - System Checkpoint
RP386: 7/22/2010 1:24:39 PM - System Checkpoint
RP387: 7/23/2010 2:25:45 PM - System Checkpoint
RP388: 7/24/2010 2:41:05 PM - System Checkpoint
RP389: 7/25/2010 2:53:05 PM - System Checkpoint
RP390: 7/26/2010 3:42:10 PM - System Checkpoint
RP391: 7/27/2010 4:41:05 PM - System Checkpoint
RP392: 7/28/2010 5:34:29 PM - System Checkpoint
RP393: 7/29/2010 6:01:35 PM - System Checkpoint
RP394: 7/30/2010 7:00:24 PM - System Checkpoint
RP395: 7/31/2010 8:01:28 PM - System Checkpoint
RP396: 8/1/2010 9:01:28 PM - System Checkpoint
RP397: 8/2/2010 11:13:19 PM - System Checkpoint
RP398: 8/4/2010 12:25:11 AM - System Checkpoint
RP399: 8/5/2010 1:06:38 AM - System Checkpoint
RP400: 8/6/2010 2:00:23 AM - System Checkpoint
RP401: 8/7/2010 2:58:49 AM - System Checkpoint
RP402: 8/8/2010 3:58:15 AM - System Checkpoint
RP403: 8/9/2010 5:23:41 AM - System Checkpoint
RP404: 8/10/2010 6:13:49 AM - System Checkpoint
RP405: 8/11/2010 7:03:28 AM - System Checkpoint
RP406: 8/12/2010 7:07:31 AM - System Checkpoint
RP407: 8/13/2010 7:26:48 AM - System Checkpoint
RP408: 8/14/2010 8:02:50 AM - System Checkpoint
RP409: 8/15/2010 9:02:49 AM - System Checkpoint
RP410: 8/16/2010 9:03:53 AM - System Checkpoint
RP411: 8/17/2010 10:02:50 AM - System Checkpoint
RP412: 8/18/2010 11:02:50 AM - System Checkpoint
RP413: 8/19/2010 11:16:52 AM - System Checkpoint
RP414: 8/20/2010 11:48:05 AM - System Checkpoint
RP415: 8/21/2010 12:16:52 PM - System Checkpoint
RP416: 8/22/2010 12:25:22 PM - System Checkpoint
RP417: 8/23/2010 2:01:28 PM - System Checkpoint
RP418: 8/24/2010 2:06:29 PM - System Checkpoint
RP419: 8/25/2010 3:06:30 PM - System Checkpoint
RP420: 8/26/2010 3:57:25 PM - System Checkpoint
RP421: 8/27/2010 4:34:24 PM - System Checkpoint
RP422: 8/28/2010 6:01:04 PM - System Checkpoint
RP423: 8/29/2010 6:33:19 PM - System Checkpoint
RP424: 8/30/2010 6:34:24 PM - System Checkpoint
RP425: 8/31/2010 7:10:41 PM - System Checkpoint
RP426: 9/1/2010 7:34:24 PM - System Checkpoint
RP427: 9/2/2010 7:43:26 PM - System Checkpoint
RP428: 9/3/2010 8:03:41 PM - System Checkpoint
RP429: 9/4/2010 8:27:53 PM - System Checkpoint
RP430: 9/5/2010 9:57:04 PM - System Checkpoint
RP431: 9/6/2010 10:01:12 PM - System Checkpoint
RP432: 9/7/2010 11:39:43 PM - System Checkpoint
RP433: 9/8/2010 11:58:52 PM - System Checkpoint
RP434: 9/10/2010 12:19:45 AM - System Checkpoint
RP435: 9/11/2010 1:36:52 AM - System Checkpoint
RP436: 9/12/2010 2:20:50 AM - System Checkpoint
RP437: 9/13/2010 3:19:45 AM - System Checkpoint
RP438: 9/14/2010 4:19:45 AM - System Checkpoint
RP439: 9/15/2010 5:40:00 AM - System Checkpoint
RP440: 9/16/2010 6:34:59 AM - System Checkpoint
RP441: 9/17/2010 6:41:58 AM - System Checkpoint
RP442: 9/18/2010 7:20:08 AM - System Checkpoint
RP443: 9/19/2010 9:13:27 AM - System Checkpoint
RP444: 9/20/2010 9:17:36 AM - System Checkpoint
RP445: 9/21/2010 9:54:45 AM - System Checkpoint
RP446: 9/21/2010 9:51:15 PM - Removed Adobe Reader 9.1.3.
RP447: 9/22/2010 10:46:32 PM - System Checkpoint
RP448: 9/23/2010 10:49:34 PM - System Checkpoint
RP449: 9/24/2010 11:48:29 PM - System Checkpoint
RP450: 9/25/2010 11:49:35 PM - System Checkpoint
RP451: 9/26/2010 11:23:46 PM - Installed Nitro PDF Professional
RP452: 9/27/2010 11:48:29 PM - System Checkpoint
RP453: 9/29/2010 12:24:49 AM - System Checkpoint
RP454: 9/30/2010 12:33:10 AM - System Checkpoint
RP455: 10/1/2010 1:33:09 AM - System Checkpoint
RP456: 10/2/2010 2:26:42 AM - System Checkpoint
RP457: 10/3/2010 3:21:30 AM - System Checkpoint
RP458: 10/4/2010 4:20:25 AM - System Checkpoint
RP459: 10/4/2010 10:35:45 AM - Removed Adobe Reader 9.2.
RP460: 10/4/2010 12:01:40 PM - CA Internet Security Suite
RP461: 11/28/2010 8:36:25 AM - Installed Connect Service
RP462: 11/29/2010 7:36:11 PM - CA Internet Security Suite
RP463: 12/2/2010 11:09:00 PM - Installed YouTube Video Converter
RP464: 12/4/2010 9:09:54 AM - CA Internet Security Suite
RP465: 12/4/2010 9:12:10 AM - CA Internet Security Suite
RP466: 12/4/2010 9:15:44 AM - Removed CA Personal Firewall.
RP467: 12/4/2010 9:27:57 AM - Removed CA Personal Firewall.
RP468: 12/5/2010 9:23:02 AM - Removed CA Personal Firewall.

==== Installed Programs ======================

Leawo FLV Converter version 3.0.0.1
1Click DVD Copy 5.8.8.9
1Click DVD Copy Pro 4.1.7.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop CS2
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements 3.0.2 Templates
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
ADS Tech V3.6.1 Instant DVD CapWiz
Audio Converter
Avira AntiVir Personal - Free Antivirus
AVS Image Converter 1.1.3.71
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Brother HL-2040
CCleaner
CD Trustee
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
Creative System Information
CRS Photo Scanner
CyberPower PowerPanel Personal Edition 1.2.1
Driver Whiz
DVD43 v4.6.0
EPSON Print CD
EPSON Printer Software
Flash DVD Ripper
Flickr Uploadr 3.2.1
Free FLV Converter V 6.93.0
Free WMA to MP3 Converter 1.16
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Desktop Control Center
Intel(R) Network Connections 12.4.38.0
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 18
JPEG Lossless Rotator 6.6
Leawo Youtube Downloader Version: 3.1.1.4
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox (3.5.12)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
NETGEAR Digital Entertainer for Windows
Nitro PDF Professional
NVIDIA Drivers
Perfect PDF Creator Essentials
Pinnacle Hollywood FX for Edition
Pinnacle Liquid
Pixillion Image Converter
Plus! MP3 Audio Converter LE
Prism Video Converter
QuickTime
ReaConverter 5.5 Pro
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SureThing CD Labeler Deluxe 5
Switch Sound File Converter
TitleDeko
TotalImageConverter
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
Video Blaster Editor
VideoStudio
Wacom Tablet Driver
Walmart MP3 Music Downloads
WavePad Sound Editor
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Xilisoft YouTube Video Converter
YouTube Video Converter

==== Event Viewer Messages From Past Week ========

12/5/2010 9:36:57 AM, error: Service Control Manager [7034] - The PowerPanel Personal Edition Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 9:36:02 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
12/5/2010 9:35:32 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/5/2010 9:23:01 AM, error: DCOM [10000] - Unable to start a DCOM Server: {B8417502-7095-4D02-AF41-92134CEA5ED0}. The error: "%2" Happened while starting this command: C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.Exe -Embedding
12/5/2010 8:56:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
12/5/2010 12:47:23 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The TabletService service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NitroPDFDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:00:44 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 12 time(s).
12/5/2010 11:59:50 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 11 time(s).
12/5/2010 11:59:49 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 10 time(s).
12/5/2010 11:18:24 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 9 time(s).
12/5/2010 11:16:38 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 8 time(s).
12/5/2010 11:15:31 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 5 time(s).
12/5/2010 11:15:26 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 7 time(s).
12/5/2010 11:15:25 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 6 time(s).
12/5/2010 11:15:25 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 5 time(s).
12/5/2010 11:09:41 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 4 time(s).
12/5/2010 11:07:53 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 4 time(s).
12/5/2010 11:07:47 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 3 time(s).
12/5/2010 11:07:47 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
12/5/2010 11:07:46 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 2 time(s).
12/5/2010 11:07:46 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/5/2010 11:07:45 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 11:07:45 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/5/2010 11:03:44 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/5/2010 11:03:44 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Steve\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
12/5/2010 11:03:44 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/3/2010 5:15:08 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 9:51:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer POMP-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2B8285C0-7D77-48. The master browser is stopping or an election is being forced.
11/29/2010 8:54:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
11/29/2010 8:54:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/29/2010 8:54:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
11/29/2010 8:54:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
11/29/2010 8:54:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
11/29/2010 8:54:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2010 8:46:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/29/2010 7:42:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart sf
11/29/2010 7:42:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2010 7:41:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
11/29/2010 7:37:14 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000017, parameter2 0000001c, parameter3 00000000, parameter4 804e63a3.
11/29/2010 7:35:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KmxAgent KmxFile
11/29/2010 7:33:30 PM, error: Service Control Manager [7000] - The KmxCF service failed to start due to the following error: A device attached to the system is not functioning.
11/29/2010 7:13:20 PM, error: Service Control Manager [7022] - The TabletService service hung on starting.
11/29/2010 7:11:19 PM, error: Service Control Manager [7000] - The ADS Instant DVD 2.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2010 8:28:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
11/28/2010 8:28:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/28/2010 8:24:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

DDS (Ver_10-12-05.01) - NTFSx86
Run by Steve at 20:37:33.12 on Sun 12/05/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2488 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\OV550EM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Steve\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
uRun: [NETGEARDigitalEntertainer] c:\program files\netgear\netgear digital entertainer for windows\receiver.exe
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Ovt Wia] c:\windows\OV550EM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\cosmi\perfect pdf creator essentials\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235405046781
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://c:\documents and settings\steve\local settings\temp\ei40_5\msxml4.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
AppInit_DLLs: c:\windows\system32\UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 60936]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-7-9 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2009-1-15 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [2008-1-28 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2009-1-15 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2009-1-15 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2009-1-15 9088]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-20 34248]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [2009-9-16 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2009-1-15 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\common files\wpe\wpeserv.exe [2010-3-7 323584]

=============== Created Last 30 ================

2010-12-05 18:05:48 -------- d-----w- c:\docume~1\steve\applic~1\Malwarebytes
2010-12-05 18:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 18:05:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 16:07:08 -------- d-----w- c:\docume~1\steve\applic~1\Avira
2010-12-05 16:05:56 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05:55 -------- d-----w- c:\program files\Avira
2010-12-05 16:05:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-05 14:36:03 -------- d-sha-r- C:\cmdcons
2010-12-05 14:34:33 98816 ----a-w- c:\windows\sed.exe
2010-12-05 14:34:33 89088 ----a-w- c:\windows\MBR.exe
2010-12-05 14:34:33 256512 ----a-w- c:\windows\PEV.exe
2010-12-05 14:34:33 161792 ----a-w- c:\windows\SWREG.exe
2010-12-04 21:27:26 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52:58 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-04 13:21:16 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07:52 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-03 06:23:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-12-03 06:23:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-03 06:23:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-03 04:50:48 -------- d-----w- c:\docume~1\steve\applic~1\Moyea
2010-12-03 04:50:43 -------- d-----w- c:\docume~1\steve\applic~1\Leawo
2010-12-03 04:50:33 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50:27 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47:09 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Leawo
2010-12-03 04:39:03 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39:03 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39:03 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39:03 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23:47 -------- d-----w- C:\myyoutube
2010-12-03 04:09:04 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58:32 -------- d-----w- c:\docume~1\steve\applic~1\Xilisoft Corporation
2010-12-03 03:58:15 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48:26 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39:09 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17:44 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21:54 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21:53 -------- d-----w- C:\New Folder
2010-11-30 00:29:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge

==================== Find3M ====================

2010-11-08 04:59:45 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59:45 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20:50 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll

============= FINISH: 20:37:55.51 ===============

Broni · Dec 6, 2010

Welcome aboard

This is not how we do things around here.
Please, post all logs in one thread: http://www.techspot.com/vb/topic157722.html

I'm closing this topic.

TechSpot

[Closed] Search engine redirect problem 2

pompman Newcomer, in training

Broni Malware Annihilator