Google search results redirected

Inactive
By rbeaven
Jun 3, 2011
Topic Status:
Not open for further replies.
  1. Hello all,
    I've got a Windows 7 (32-bit) PC that has an intermittent problem when following search result links in Google. Each search produces a valid set of results, but clicking on one will take you - from time to time - to an entirely different site to that expected (usually to an ad site).

    I have not been able to run dds.scr (get a 'not a valid Win32 application' error), I've tried renaming to dds.com and dds.exe (and running as Administrator) but this just produces a 'DOS' box that disappears instantly.

    Logs for MalwareBytes and GMER below. Thanks in advance!

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6761

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    03/06/2011 14:14:10
    mbam-log-2011-06-03 (14-14-10).txt

    Scan type: Quick scan
    Objects scanned: 167371
    Time elapsed: 7 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-03 14:27:47
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAJS-75M0A0 rev.02.03E02
    Running: q0exum0t.exe; Driver: C:\Users\ALudman\AppData\Local\Temp\pwlcipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! For the following, remove anything that is on the system now for DDS. Go to the download link and press the Refresh icon in your browser. That should allow the download.

    If you are using a program with a script proxy such as McAfee, you can disable that also.

    Please post the 2 logs when finished.
  3. rbeaven

    rbeaven Newcomer, in training Topic Starter

    Hey Bobbye,

    Thanks for your help. DDS has now run and produced the following log files:

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by ALudman at 17:26:20 on 2011-06-03
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3292.2352 [GMT 1:00]
    .
    AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\ALudman\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.meetpie.com
    uDefault_Page_URL = hxxp://www.meetpie.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [Google Update] "c:\users\aludman\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\swyxit!.lnk - c:\program files\swyxit!\SwyxIt!.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: RunStartupScriptSync = 1 (0x1)
    IE: Dial selected number / URI - c:\program files\swyxit!\IEDial.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
    IE: {F8E553C6-4C00-11D3-80BC-00105A653379} - c:\program files\swyxit!\IEDial.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.planning.wealden.gov.uk/WebMT/Control/LTOCX14N.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.200
    TCP: Interfaces\{A15D0E30-47E6-4BB6-A454-2C779211163F} : DhcpNameServer = 10.0.0.200
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-10-15 273448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-7-24 230928]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-7-24 36368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-12-29 689416]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-20 1343400]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-06-03 14:02:57 388096 ----a-r- c:\users\aludman\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-03 13:05:49 -------- d-----w- c:\users\aludman\appdata\roaming\Malwarebytes
    2011-06-03 13:05:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-03 13:05:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-03 13:05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-03 13:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 08:43:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-13 02:00:12 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-11 02:00:15 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 02:00:15 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-09 09:32:46 -------- d-----w- c:\users\aludman\appdata\roaming\YouSendIt
    2011-05-09 09:32:36 -------- d-----w- c:\program files\YouSendIt
    .
    ==================== Find3M ====================
    .
    2011-04-14 04:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-09 03:17:51 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2007-12-18 10:16:38 88160768 ----a-w- c:\program files\MSACCESS.msp
    .
    ============= FINISH: 17:26:38.41 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/10/2010 10:29:42
    System Uptime: 12/05/2011 09:32:12 (536 hours ago)
    .
    Motherboard: Dell Inc. | | 0HN7XN
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 197.137 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X (10.0.1)
    BioAPI Framework
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    CamStudio
    Compatibility Pack for the 2007 Office system
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Document Manager Lite
    Driver Detective
    Elements 9 Organizer
    Elements STI Installer
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Express Zip File Compression Software
    Gemalto
    Google Chrome
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee Agent
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft WSE 3.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTRU TCG Software Stack
    PowerDVD DX
    Preboot Manager
    PrimoPDF
    PrimoPDF -- brought to you by Nitro PDF Software
    Private Information Manager
    Realtek High Definition Audio Driver
    Registry Reviver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Wizards
    SmartSound Quicktracks for Premiere Elements 9.0
    StuffIt Expander 2010
    Switch Sound File Converter
    SwyxIt!
    Trend Micro Client/Server Security Agent
    Trusted Drive Manager
    UPEK TouchChip Fingerprint Reader
    Wave Infrastructure Installer
    Wave Support Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Small Business Server 2008 ClientAgent
    YouSendIt Express
    YouSendIt Office Family Add-in
    YouSendIt Plug-in for Photoshop
    .
    ==== Event Viewer Messages From Past Week ========
    .
    03/06/2011 17:25:25, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet P3010 Series PCL 6 required for printer Printer 5 is unknown. Contact the administrator to install the driver before you log in again.
    03/06/2011 08:33:55, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
    03/06/2011 08:33:47, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark Print-2-Fax Printer required for printer LexmarkFax is unknown. Contact the administrator to install the driver before you log in again.
    03/06/2011 08:33:42, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark 5200 Series required for printer Lexmark 5200 Series is unknown. Contact the administrator to install the driver before you log in again.
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    There are several programs installed on the system indicating that this is your work computer. Is it? Have you had the IT for the business go over the system?
    ========================================
    Did you previously have McAfee for security? If so, you should run this: McAfee Removal
    =====================================
  5. rbeaven

    rbeaven Newcomer, in training Topic Starter

    Hi - thanks for your help thus far. You are correct that this is a work PC, but the company is relatively small and does not have an IT support department therefore I thought that you guys might be able to help! :)

    You are also correct that McAfee was on there at one time, and looks like it did not uninstall cleanly. I've now run the tool you suggested and have re-run DDS with the logs produced as below:

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by ALudman at 13:18:55 on 2011-06-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3292.2158 [GMT 1:00]
    .
    AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\LogonUI.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\ALudman\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\YouSendIt\Express\YouSendIt.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\SwyxIt!\CLMgr.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.meetpie.com
    uDefault_Page_URL = hxxp://www.meetpie.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [Google Update] "c:\users\aludman\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\swyxit!.lnk - c:\program files\swyxit!\SwyxIt!.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: RunStartupScriptSync = 1 (0x1)
    IE: Dial selected number / URI - c:\program files\swyxit!\IEDial.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
    IE: {F8E553C6-4C00-11D3-80BC-00105A653379} - c:\program files\swyxit!\IEDial.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.planning.wealden.gov.uk/WebMT/Control/LTOCX14N.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.200
    TCP: Interfaces\{A15D0E30-47E6-4BB6-A454-2C779211163F} : DhcpNameServer = 10.0.0.200
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-7-24 230928]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-7-24 36368]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-10-15 273448]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424]
    R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-12-29 689416]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-20 1343400]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-06-03 14:02:57 388096 ----a-r- c:\users\aludman\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-03 13:05:49 -------- d-----w- c:\users\aludman\appdata\roaming\Malwarebytes
    2011-06-03 13:05:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-03 13:05:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-03 13:05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-03 13:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 08:43:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-13 02:00:12 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-11 02:00:15 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 02:00:15 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-09 09:32:46 -------- d-----w- c:\users\aludman\appdata\roaming\YouSendIt
    2011-05-09 09:32:36 -------- d-----w- c:\program files\YouSendIt
    .
    ==================== Find3M ====================
    .
    2011-04-14 04:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-09 03:17:51 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2007-12-18 10:16:38 88160768 ----a-w- c:\program files\MSACCESS.msp
    .
    ============= FINISH: 13:19:45.89 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/10/2010 10:29:42
    System Uptime: 04/06/2011 13:14:17 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0HN7XN
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 197.067 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP63: 04/06/2011 13:09:18 - Removed McAfee Agent.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X (10.0.1)
    BioAPI Framework
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    CamStudio
    Compatibility Pack for the 2007 Office system
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Document Manager Lite
    Driver Detective
    Elements 9 Organizer
    Elements STI Installer
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Express Zip File Compression Software
    Gemalto
    Google Chrome
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft WSE 3.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTRU TCG Software Stack
    PowerDVD DX
    Preboot Manager
    PrimoPDF
    PrimoPDF -- brought to you by Nitro PDF Software
    Private Information Manager
    Realtek High Definition Audio Driver
    Registry Reviver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Wizards
    SmartSound Quicktracks for Premiere Elements 9.0
    StuffIt Expander 2010
    Switch Sound File Converter
    SwyxIt!
    Trend Micro Client/Server Security Agent
    Trusted Drive Manager
    UPEK TouchChip Fingerprint Reader
    Wave Infrastructure Installer
    Wave Support Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Small Business Server 2008 ClientAgent
    YouSendIt Express
    YouSendIt Office Family Add-in
    YouSendIt Plug-in for Photoshop
    .
    ==== Event Viewer Messages From Past Week ========
    .
    04/06/2011 13:18:12, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet P3010 Series PCL 6 required for printer Printer 5 is unknown. Contact the administrator to install the driver before you log in again.
    04/06/2011 13:14:30, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    03/06/2011 08:33:55, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
    03/06/2011 08:33:47, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark Print-2-Fax Printer required for printer LexmarkFax is unknown. Contact the administrator to install the driver before you log in again.
    03/06/2011 08:33:42, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Lexmark 5200 Series required for printer Lexmark 5200 Series is unknown. Contact the administrator to install the driver before you log in again.
    .
    ==== End Of File ===========================
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    My apology for the delay- we are just swamped !

    Please run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================================
    Please let me know if there has been any change in the system.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.