Inactive Google search results redirected

Status
Not open for further replies.
R

rbeaven

Hello all,
I've got a Windows 7 (32-bit) PC that has an intermittent problem when following search result links in Google. Each search produces a valid set of results, but clicking on one will take you - from time to time - to an entirely different site to that expected (usually to an ad site).

I have not been able to run dds.scr (get a 'not a valid Win32 application' error), I've tried renaming to dds.com and dds.exe (and running as Administrator) but this just produces a 'DOS' box that disappears instantly.

Logs for MalwareBytes and GMER below. Thanks in advance!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6761

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

03/06/2011 14:14:10
mbam-log-2011-06-03 (14-14-10).txt

Scan type: Quick scan
Objects scanned: 167371
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-03 14:27:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAJS-75M0A0 rev.02.03E02
Running: q0exum0t.exe; Driver: C:\Users\ALudman\AppData\Local\Temp\pwlcipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----
 
Welcome to TechSpot! For the following, remove anything that is on the system now for DDS. Go to the download link and press the Refresh icon in your browser. That should allow the download.

If you are using a program with a script proxy such as McAfee, you can disable that also.

Please post the 2 logs when finished.
 
Hey Bobbye,

Thanks for your help. DDS has now run and produced the following log files:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ALudman at 17:26:20 on 2011-06-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3292.2352 [GMT 1:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\ALudman\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.meetpie.com
uDefault_Page_URL = hxxp://www.meetpie.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Google Update] "c:\users\aludman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\swyxit!.lnk - c:\program files\swyxit!\SwyxIt!.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Dial selected number / URI - c:\program files\swyxit!\IEDial.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {F8E553C6-4C00-11D3-80BC-00105A653379} - c:\program files\swyxit!\IEDial.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.planning.wealden.gov.uk/WebMT/Control/LTOCX14N.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.200
TCP: Interfaces\{A15D0E30-47E6-4BB6-A454-2C779211163F} : DhcpNameServer = 10.0.0.200
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-10-15 273448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-7-24 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-7-24 36368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-12-29 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-20 1343400]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-06-03 14:02:57 388096 ----a-r- c:\users\aludman\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-03 13:05:49 -------- d-----w- c:\users\aludman\appdata\roaming\Malwarebytes
2011-06-03 13:05:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 13:05:44 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 13:05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 13:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 08:43:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 02:00:12 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 02:00:15 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 02:00:15 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 09:32:46 -------- d-----w- c:\users\aludman\appdata\roaming\YouSendIt
2011-05-09 09:32:36 -------- d-----w- c:\program files\YouSendIt
.
==================== Find3M ====================
.
2011-04-14 04:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 03:17:51 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2007-12-18 10:16:38 88160768 ----a-w- c:\program files\MSACCESS.msp
.
============= FINISH: 17:26:38.41 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 20/10/2010 10:29:42
System Uptime: 12/05/2011 09:32:12 (536 hours ago)
.
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 197.137 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader X (10.0.1)
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
CamStudio
Compatibility Pack for the 2007 Office system
Dell Control Point
Dell ControlPoint Security Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
Driver Detective
Elements 9 Organizer
Elements STI Installer
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Express Zip File Compression Software
Gemalto
Google Chrome
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Agent
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
PrimoPDF
PrimoPDF -- brought to you by Nitro PDF Software
Private Information Manager
Realtek High Definition Audio Driver
Registry Reviver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Wizards
SmartSound Quicktracks for Premiere Elements 9.0
StuffIt Expander 2010
Switch Sound File Converter
SwyxIt!
Trend Micro Client/Server Security Agent
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Small Business Server 2008 ClientAgent
YouSendIt Express
YouSendIt Office Family Add-in
YouSendIt Plug-in for Photoshop
.
==== Event Viewer Messages From Past Week ========
.
03/06/2011 17:25:25, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet P3010 Series PCL 6 required for printer Printer 5 is unknown. Contact the administrator to install the driver before you log in again.
03/06/2011 08:33:55, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
03/06/2011 08:33:47, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark Print-2-Fax Printer required for printer LexmarkFax is unknown. Contact the administrator to install the driver before you log in again.
03/06/2011 08:33:42, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark 5200 Series required for printer Lexmark 5200 Series is unknown. Contact the administrator to install the driver before you log in again.
.
==== End Of File ===========================
 
There are several programs installed on the system indicating that this is your work computer. Is it? Have you had the IT for the business go over the system?
Embassy Security Center:
Embassy Trusted Drive Manager/EMBASSY Security Center
Swyx
YouSendIt
Click to expand...
========================================
Did you previously have McAfee for security? If so, you should run this: McAfee Removal
=====================================
 
Hi - thanks for your help thus far. You are correct that this is a work PC, but the company is relatively small and does not have an IT support department therefore I thought that you guys might be able to help! :)

You are also correct that McAfee was on there at one time, and looks like it did not uninstall cleanly. I've now run the tool you suggested and have re-run DDS with the logs produced as below:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ALudman at 13:18:55 on 2011-06-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3292.2158 [GMT 1:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\ALudman\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\YouSendIt\Express\YouSendIt.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\SwyxIt!\CLMgr.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.meetpie.com
uDefault_Page_URL = hxxp://www.meetpie.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Google Update] "c:\users\aludman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\swyxit!.lnk - c:\program files\swyxit!\SwyxIt!.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Dial selected number / URI - c:\program files\swyxit!\IEDial.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {F8E553C6-4C00-11D3-80BC-00105A653379} - c:\program files\swyxit!\IEDial.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.planning.wealden.gov.uk/WebMT/Control/LTOCX14N.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.200
TCP: Interfaces\{A15D0E30-47E6-4BB6-A454-2C779211163F} : DhcpNameServer = 10.0.0.200
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-7-24 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-7-24 36368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-10-15 273448]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-12-29 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-20 1343400]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-06-03 14:02:57 388096 ----a-r- c:\users\aludman\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-03 13:05:49 -------- d-----w- c:\users\aludman\appdata\roaming\Malwarebytes
2011-06-03 13:05:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 13:05:44 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 13:05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 13:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 08:43:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 02:00:12 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 02:00:15 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 02:00:15 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 09:32:46 -------- d-----w- c:\users\aludman\appdata\roaming\YouSendIt
2011-05-09 09:32:36 -------- d-----w- c:\program files\YouSendIt
.
==================== Find3M ====================
.
2011-04-14 04:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 03:17:51 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2007-12-18 10:16:38 88160768 ----a-w- c:\program files\MSACCESS.msp
.
============= FINISH: 13:19:45.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 20/10/2010 10:29:42
System Uptime: 04/06/2011 13:14:17 (0 hours ago)
.
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 197.067 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP63: 04/06/2011 13:09:18 - Removed McAfee Agent.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader X (10.0.1)
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
CamStudio
Compatibility Pack for the 2007 Office system
Dell Control Point
Dell ControlPoint Security Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
Driver Detective
Elements 9 Organizer
Elements STI Installer
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Express Zip File Compression Software
Gemalto
Google Chrome
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
PrimoPDF
PrimoPDF -- brought to you by Nitro PDF Software
Private Information Manager
Realtek High Definition Audio Driver
Registry Reviver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Wizards
SmartSound Quicktracks for Premiere Elements 9.0
StuffIt Expander 2010
Switch Sound File Converter
SwyxIt!
Trend Micro Client/Server Security Agent
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Small Business Server 2008 ClientAgent
YouSendIt Express
YouSendIt Office Family Add-in
YouSendIt Plug-in for Photoshop
.
==== Event Viewer Messages From Past Week ========
.
04/06/2011 13:18:12, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet P3010 Series PCL 6 required for printer Printer 5 is unknown. Contact the administrator to install the driver before you log in again.
04/06/2011 13:14:30, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
03/06/2011 08:33:55, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
03/06/2011 08:33:47, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark Print-2-Fax Printer required for printer LexmarkFax is unknown. Contact the administrator to install the driver before you log in again.
03/06/2011 08:33:42, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark 5200 Series required for printer Lexmark 5200 Series is unknown. Contact the administrator to install the driver before you log in again.
.
==== End Of File ===========================
 
My apology for the delay- we are just swamped !

Please run the following:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==============================================
Please let me know if there has been any change in the system.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back