1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Search Results Redirected In Mozilla Firefox

Discussion in 'Virus & Other Malware Removal' started by LiveSurfDie, Jan 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. LiveSurfDie

    LiveSurfDie Thread Starter

    Joined:
    Jan 11, 2011
    Messages:
    7
    The search results I get when searching through the Mozilla browser's google search box are being redirected to websites like http://shopcompareus.com/ and http://netshoppers.com/. This happens periodically. When you go back to the search results and click on the link a second time, it then goes to the correct URL. The only other strange activity on my PC is that the screens seem to refresh themselves a bit too often.

    My System Info is as Follows:
    Hewlett-Packard HPE-170f
    Intel Core i7 920 @ 2.67GHz
    9 GB RAM
    64-bit OS
    Windows 7 Home Premium

    Steps I have already taken:
    Run Malwarebytes
    Run Symantec
    Run Spywareblaster
    Run Spybot S&D
    Run Adaware
    Run SuperAntiSpyware
    Run TDSKiller
    Uninstalled and Re-Installed Java
    Installed the latest Jave Mozilla Plugin and Deactivated the 2 old versions

    Hijack This Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:39:27 PM, on 1/11/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\suckerpunch\Desktop\TEMP\Virus\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O15 - Trusted Zone: *.line6.net
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 11298 bytes

    DDS.txt:

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by suckerpunch at 20:41:13.93 on Tue 01/11/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.7208 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\WUDFHost.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\suckerpunch\Desktop\TEMP\Virus\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [AdobeBridge]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    Trusted Zone: line6.net
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\SUCKER~1\AppData\Roaming\Mozilla\Firefox\Profiles\co47sq46.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.src=quote&.done=http%3a%2f%2ffinance.yahoo.com%2fp%3fk%3dpf_2&rl=1|http://www.videocopilot.net/[email protected]|http://www.youtube.com/
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\suckerpunch\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: XULRunner: {910B94B7-CA97-415D-AAE1-4EBAF4A1336E} - C:\Users\suckerpunch\AppData\Local\{910B94B7-CA97-415D-AAE1-4EBAF4A1336E}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-1-10 69152]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-23 54480]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2010-10-11 21520]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-12-17 287960]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-27 132656]
    R3 L6TPortA;Service - Line 6 TonePort UX1;C:\Windows\System32\drivers\L6TPortA64.sys [2010-4-2 894592]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1389400]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-22 1038088]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-22 1255736]

    =============== Created Last 30 ================

    2011-01-11 03:33:21 15880 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-01-10 23:32:11 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-01-10 23:32:08 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-01-10 23:31:30 -------- d-----w- C:\Users\SUCKER~1\AppData\Local\Sunbelt Software
    2011-01-10 23:30:54 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-10 23:30:41 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-01-10 23:27:05 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2011-01-10 23:13:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-01-10 23:13:52 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2011-01-10 19:16:22 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
    2011-01-09 20:12:43 -------- d-----w- C:\Users\SUCKER~1\AppData\Roaming\SUPERAntiSpyware.com
    2011-01-09 20:12:43 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2011-01-09 20:12:41 -------- d-----w- C:\PROGRA~3\!SASCORE
    2011-01-09 20:12:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-01-09 20:01:33 521448 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-01-09 18:33:45 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-01-09 18:22:53 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-01-09 18:22:10 -------- d-----w- C:\PROGRA~3\Hitman Pro
    2011-01-08 04:46:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2011-01-08 02:11:20 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2011-01-07 20:21:54 -------- d-----w- C:\Program Files (x86)\Drumagog 5
    2010-12-19 01:40:28 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2010-12-19 01:37:01 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-12-19 01:37:01 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-12-19 01:37:00 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-12-19 01:37:00 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-12-19 01:37:00 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-12-19 01:37:00 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-12-19 01:37:00 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-12-19 01:37:00 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-12-19 01:37:00 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

    ==================== Find3M ====================

    2011-01-09 20:10:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-12-28 02:31:06 225656 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
    2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-17 20:38:51 199168 ----a-w- C:\Windows\System32\PegReg64.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 20:41:46.27 ===============

    ark.txt:
    There was nothing in this log when I tried to save it.

    Thanks in advance!
     

    Attached Files:

  2. LiveSurfDie

    LiveSurfDie Thread Starter

    Joined:
    Jan 11, 2011
    Messages:
    7
  3. LiveSurfDie

    LiveSurfDie Thread Starter

    Joined:
    Jan 11, 2011
    Messages:
    7
    I have new results from Symantec after just updating the definitions again. This did not cure the search redirect problem, but the finds were Java related.

    [​IMG]
     
  4. LiveSurfDie

    LiveSurfDie Thread Starter

    Joined:
    Jan 11, 2011
    Messages:
    7
  5. LiveSurfDie

    LiveSurfDie Thread Starter

    Joined:
    Jan 11, 2011
    Messages:
    7
    Looks like you guys were swamped. Short story for anyone else reading this -- combofix solved the issue.

    Peace.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974233

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice