compute1234
Posts: 16 +0
I am having problems with redirect to bogus sites when I click on search results from Google advanced search page. I can copy and paste url from search results and it will take me to the correct site. I have ran Avira AntVir, AdAware, TFC, Malwarebytes, GMER, and I am still having problems. I will post logs. Thanks in advance for any help.
[HJT log and duplicate GMER log removed - Broni]
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-28 17:43:04
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA21B
Running: r3877264.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fxliyfog.sys
---- System - GMER 1.0.15 ----
SSDT 849A76E0 ZwConnectPort
SSDT F7C071DE ZwCreateKey
SSDT F7C071D4 ZwCreateThread
SSDT F7C071E3 ZwDeleteKey
SSDT F7C071ED ZwDeleteValueKey
SSDT F7C071F2 ZwLoadKey
SSDT F7C071C0 ZwOpenProcess
SSDT F7C071C5 ZwOpenThread
SSDT F7C071FC ZwReplaceKey
SSDT F7C071F7 ZwRestoreKey
SSDT F7C071E8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2710 80501600 4 Bytes CALL E347D676
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU@#\x02c63 0x43 0x00 0x3A 0x00 ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 18:32:06.20 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.136 [GMT -5:00]
.
AV: Norton AntiVirus 2005 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com/advanced_search?hl=en
mStart Page = hxxp://www.bigseekpro.com/hypercam/{1ED22A12-E9D0-465D-926D-355C3ABF5511}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120133185546
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282053269125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\sipgk7ug.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-27 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-28 11608]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-28 61960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-13 198304]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-9 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-13 181920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-25 2146496]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-13 79520]
S3 cpuz132;cpuz132;\??\c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\downloads\cheat engine\dbk32.sys --> c:\downloads\cheat engine\dbk32.sys [?]
S3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2004-8-18 177264]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050422.017\NAVENG.Sys [2005-4-22 73760]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050422.017\NavEx15.Sys [2005-4-22 632000]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-23 338056]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-04-28 14:00:51 -------- d-----w- c:\docume~1\compaq~1\applic~1\Avira
2011-04-28 13:55:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 13:55:14 -------- d-----w- c:\program files\Avira
2011-04-28 13:55:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-04-28 01:24:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-27 23:10:53 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-27 23:10:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 23:09:28 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software
2011-04-27 23:08:23 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-04-27 23:07:41 -------- d-----w- c:\program files\Lavasoft
2011-04-26 20:46:43 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2011-04-26 20:46:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 20:46:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-26 20:46:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 20:46:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 17:43:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-26 17:43:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 17:42:59 -------- d-----w- c:\program files\Drop Down Deals
2011-04-26 17:42:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-04-26 17:42:56 -------- d-----w- c:\program files\Datel
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\SfwFmt5.dll
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\sclgntfyq.dll
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\dpnlobby5.dll
2011-04-25 19:10:35 -------- d-----w- c:\docume~1\compaq~1\applic~1\3DE8167F75FE5A23F7CCFCA1DDD2F7B4
2011-04-22 06:47:53 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{c6b0c9f2-6618-43b4-a3c3-2e7b4e572c33}\mpengine.dll
2011-04-15 23:19:56 -------- d-----w- c:\docume~1\compaq~1\applic~1\Utherverse
2011-04-15 23:02:24 -------- d-----w- c:\program files\Utherverse Digital Inc
2011-04-15 22:34:39 -------- d-----w- c:\program files\Webcam and Screen Recorder
2011-04-14 08:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:33:47.34 ===============
I also have a DDS log. Should I post this?
[HJT log and duplicate GMER log removed - Broni]
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-28 17:43:04
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA21B
Running: r3877264.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fxliyfog.sys
---- System - GMER 1.0.15 ----
SSDT 849A76E0 ZwConnectPort
SSDT F7C071DE ZwCreateKey
SSDT F7C071D4 ZwCreateThread
SSDT F7C071E3 ZwDeleteKey
SSDT F7C071ED ZwDeleteValueKey
SSDT F7C071F2 ZwLoadKey
SSDT F7C071C0 ZwOpenProcess
SSDT F7C071C5 ZwOpenThread
SSDT F7C071FC ZwReplaceKey
SSDT F7C071F7 ZwRestoreKey
SSDT F7C071E8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2710 80501600 4 Bytes CALL E347D676
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU@#\x02c63 0x43 0x00 0x3A 0x00 ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 18:32:06.20 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.136 [GMT -5:00]
.
AV: Norton AntiVirus 2005 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com/advanced_search?hl=en
mStart Page = hxxp://www.bigseekpro.com/hypercam/{1ED22A12-E9D0-465D-926D-355C3ABF5511}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120133185546
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282053269125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\sipgk7ug.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-27 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-28 11608]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-28 61960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-13 198304]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-9 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-13 181920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-25 2146496]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-13 79520]
S3 cpuz132;cpuz132;\??\c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\downloads\cheat engine\dbk32.sys --> c:\downloads\cheat engine\dbk32.sys [?]
S3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2004-8-18 177264]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050422.017\NAVENG.Sys [2005-4-22 73760]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050422.017\NavEx15.Sys [2005-4-22 632000]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-23 338056]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-04-28 14:00:51 -------- d-----w- c:\docume~1\compaq~1\applic~1\Avira
2011-04-28 13:55:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 13:55:14 -------- d-----w- c:\program files\Avira
2011-04-28 13:55:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-04-28 01:24:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-27 23:10:53 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-27 23:10:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 23:09:28 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software
2011-04-27 23:08:23 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-04-27 23:07:41 -------- d-----w- c:\program files\Lavasoft
2011-04-26 20:46:43 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2011-04-26 20:46:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 20:46:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-26 20:46:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 20:46:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 17:43:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-26 17:43:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 17:42:59 -------- d-----w- c:\program files\Drop Down Deals
2011-04-26 17:42:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-04-26 17:42:56 -------- d-----w- c:\program files\Datel
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\SfwFmt5.dll
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\sclgntfyq.dll
2011-04-25 19:12:05 93184 --sha-r- c:\windows\system32\dpnlobby5.dll
2011-04-25 19:10:35 -------- d-----w- c:\docume~1\compaq~1\applic~1\3DE8167F75FE5A23F7CCFCA1DDD2F7B4
2011-04-22 06:47:53 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{c6b0c9f2-6618-43b4-a3c3-2e7b4e572c33}\mpengine.dll
2011-04-15 23:19:56 -------- d-----w- c:\docume~1\compaq~1\applic~1\Utherverse
2011-04-15 23:02:24 -------- d-----w- c:\program files\Utherverse Digital Inc
2011-04-15 22:34:39 -------- d-----w- c:\program files\Webcam and Screen Recorder
2011-04-14 08:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:33:47.34 ===============
I also have a DDS log. Should I post this?