1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirected in Google search link

Discussion in 'Virus & Other Malware Removal' started by mohitagg, Jan 8, 2011.

Thread Status:
Not open for further replies.
  1. mohitagg

    mohitagg Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    2
    Hi,

    When I click on google search links the browser is redirected to some AD page. The computer is also very slow. This started yesterday. I have tried TDSS killer and Malawarebytes scanner but no threats were found.

    Please help.

    Thanks,
    Mohit

    Attaching the required logs except GMER as it always hangs the computer when I run GMER scan.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:35:16 PM, on 1/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21295)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
    C:\PROGRA~1\CYBERG~1\cgagent.exe
    C:\PROGRA~1\CYBERG~1\nicman.exe
    C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\system32\crypserv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
    C:\Program Files\P-Synch\Clients\service\psginasvc.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Tunngle\TnglCtrl.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\WINNT\system32\mqsvc.exe
    C:\WINNT\system32\mqtgsvc.exe
    C:\WINNT\system32\msiexec.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\AESTFltr.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\igfxpers.exe
    C:\WINNT\system32\InetCntrl\InetCntrl.exe
    C:\Program Files\AirProducts\APNotifier\APNotifier.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\CyberGatekeeper Agent\cgav.exe
    C:\Program Files\CyberGatekeeper Agent\cgahelp.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Documents and Settings\aggarwm1\My Documents\Software\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/Allentown/default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [InetCntrl] C:\WINNT\system32\InetCntrl\InetCntrl.exe
    O4 - HKLM\..\Run: [APNotifier] C:\Program Files\AirProducts\APNotifier\\APNotifier.exe AUTO
    O4 - HKLM\..\Run: [8e6Authentication] wscript.exe "C:\Program Files\AirProducts\8e6auth\auth.wsf"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CgaViewer] C:\Program Files\CyberGatekeeper Agent\cgav.exe -check
    O4 - HKLM\..\Run: [CgaHelper] C:\Program Files\CyberGatekeeper Agent\cgahelp.exe -check
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WhlCach3.exe] C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'inetcntrl0012.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292424539296
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A67EE2D0-D7C7-4ADE-96E5-7AE17AFBEDE2} (SRSInstall.SRSInstall.Utilities) - http://meup1/softwarerequest/srsinstall.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E00979FF-2951-48DC-92C2-8B6C80E39003} (Pslocalr Class) - https://pat.apci.com/PasswordAssistance/docs/pslocalr.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = america.apci.com
    O17 - HKLM\Software\..\Telephony: DomainName = america.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = america.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = america.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\Qvp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\
    O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: AFW Security Client Service (AfwSecCliSvc) - Aspen Technology, Inc. - C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Aspen Data Source Directory (AtDsaDirectory) - Aspen Technology, Inc. - C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberGatekeeper Agent (CGAgent) - InfoExpress - C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
    O23 - Service: Password Manager Logon Management Service (psginasvc) - Hitachi ID Systems, Inc. - C:\Program Files\P-Synch\Clients\service\psginasvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
    O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



    ============================================================================



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by AGGARWM1 at 11:33:55.18 on Sat 01/08/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2637 [GMT -5:00]

    AV: Microsoft Forefront Client Security *Enabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
    FW: Symantec Endpoint Protection *Disabled*

    ============== Running Processes ===============

    C:\WINNT\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINNT\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINNT\system32\spoolsv.exe
    c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    svchost.exe
    C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
    C:\PROGRA~1\CYBERG~1\cgagent.exe
    C:\PROGRA~1\CYBERG~1\nicman.exe
    C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\system32\crypserv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
    C:\Program Files\P-Synch\Clients\service\psginasvc.exe
    C:\WINNT\system32\svchost.exe -k imgsvc
    C:\Program Files\Tunngle\TnglCtrl.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\system32\mqsvc.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\WINNT\system32\mqtgsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\AESTFltr.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\WINNT\system32\igfxpers.exe
    C:\WINNT\system32\InetCntrl\InetCntrl.exe
    C:\Program Files\AirProducts\APNotifier\APNotifier.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\CyberGatekeeper Agent\cgav.exe
    C:\Program Files\CyberGatekeeper Agent\cgahelp.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\aggarwm1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\aggarwm1\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://aponline.apci.com/Allentown/default.aspx
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
    uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    uRun: [WhlCach3.exe] c:\program files\microsoft forefront uag\endpoint components\3.1.0\WhlCach3.exe
    mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\winnt\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
    mRun: [Persistence] c:\winnt\system32\igfxpers.exe
    mRun: [InetCntrl] c:\winnt\system32\inetcntrl\InetCntrl.exe
    mRun: [APNotifier] c:\program files\airproducts\apnotifier\\APNotifier.exe AUTO
    mRun: [8e6Authentication] wscript.exe "c:\program files\airproducts\8e6auth\auth.wsf"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
    mRun: [CgaViewer] c:\program files\cybergatekeeper agent\cgav.exe -check
    mRun: [CgaHelper] c:\program files\cybergatekeeper agent\cgahelp.exe -check
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    uPolicies-explorer: NoAutoUpdate = 1 (0x1)
    uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
    uPolicies-explorer: DisallowCpl = 1 (0x1)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-system: HideLogonScripts = 1 (0x1)
    mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: InetCntrl0012.dll
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292424539296
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {A67EE2D0-D7C7-4ADE-96E5-7AE17AFBEDE2} - hxxp://meup1/softwarerequest/srsinstall.cab
    DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E00979FF-2951-48DC-92C2-8B6C80E39003} - hxxps://pat.apci.com/PasswordAssistance/docs/pslocalr.dll
    Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: PCANotify - PCANotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
    mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\winnt\inf\wmactedp.inf,PerUserStub,,4
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\aggarwm1\applic~1\mozilla\firefox\profiles\6j6tf5bm.default\
    FF - plugin: c:\documents and settings\aggarwm1\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\aggarwm1\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\aggarwm1\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ============= SERVICES / DRIVERS ===============

    R0 vmscsi;vmscsi;c:\winnt\system32\drivers\vmscsi.sys [2009-1-14 10880]
    R1 awlegacy;awlegacy;c:\winnt\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
    R2 AfwSecCliSvc;AFW Security Client Service;c:\program files\aspentech\bpe\AfwSecCliSvc.exe [2007-10-3 380928]
    R2 AtDsaDirectory;Aspen Data Source Directory;c:\program files\common files\aspentech shared\adsa\AtDsaDirectory.exe [2007-8-27 262144]
    R2 CafeDrv;CafeDrv NDIS Protocol Driver;c:\winnt\system32\drivers\CafeDrv.sys [2009-10-28 29568]
    R2 CGAgent;CyberGatekeeper Agent;c:\program files\cybergatekeeper agent\cgasvc.exe [2010-3-15 81982]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-1-19 16880]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2009-10-22 69512]
    R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
    R2 psginasvc;Password Manager Logon Management Service;c:\program files\p-synch\clients\service\psginasvc.exe [2009-7-8 585728]
    R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2009-12-19 682232]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-11 24652]
    R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2009-7-31 108160]
    R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [2009-7-31 32808]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2008-11-12 244368]
    R3 Iexim;Infoexpress Generic Network Filter Service;c:\winnt\system32\drivers\iexim.sys [2010-3-10 32128]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\winnt\system32\drivers\IntcHdmi.sys [2009-7-31 110080]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\winnt\system32\drivers\MpFilter.sys [2010-10-20 69616]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\winnt\system32\drivers\tap0901t.sys [2009-12-19 27136]
    R3 whlva;SSL Network Tunneling;c:\winnt\system32\drivers\whlva.sys [2010-2-25 21384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
    S3 DMService;Whale Component Manager;c:\winnt\downloaded program files\dm.1\DMService.exe [2010-2-14 468368]
    S3 whliocsv;Microsoft Forefront UAG SSL Network Tunneling Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\whliocsv.exe [2010-2-25 156048]
    S3 WinRM;Windows Remote Management (WS-Management);c:\winnt\system32\svchost.exe -k WINRM [2009-1-13 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
    S4 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-2-14 149904]

    =============== File Associations ===============

    JSEFile=c:\winnt\system32\Notepad.exe "%1" %*
    VBEFile=c:\winnt\system32\Notepad.exe "%1" %*
    VBSFile=c:\winnt\system32\Notepad.exe "%1" %*
    vbsfile\shell\edit\command=c:\winnt\system32\Notepad.exe %1

    =============== Created Last 30 ================

    2011-01-08 07:09:50 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{426fc116-400c-4a73-9924-ff0cf13c00a0}\mpengine.dll
    2011-01-04 08:08:18 -------- d-----w- c:\docume~1\aggarwm1\applic~1\Malwarebytes
    2011-01-04 08:08:13 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2011-01-04 08:08:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-04 08:08:07 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2011-01-04 08:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-04 06:54:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-04 06:54:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-01-04 05:35:06 -------- d-----w- c:\program files\Yontoo Layers Client
    2011-01-04 05:35:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
    2010-12-30 04:12:35 45568 -c----w- c:\winnt\system32\dllcache\wab.exe
    2010-12-30 04:12:19 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
    2010-12-30 04:12:18 81920 -c----w- c:\winnt\system32\dllcache\isign32.dll
    2010-12-21 21:06:24 -------- d-----w- c:\docume~1\aggarwm1\applic~1\Microsoft Corporation
    2010-12-21 21:00:39 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-12-21 21:00:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-12-21 21:00:08 112832 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
    2010-12-21 20:56:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-12-21 20:56:58 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-12-21 20:56:58 -------- d-----w- c:\program files\common files\Merge Modules
    2010-12-15 15:24:25 -------- d-----w- c:\program files\MATLAB

    ==================== Find3M ====================

    2011-01-08 16:22:47 414 ----a-w- c:\documents and settings\aggarwm1\userpolicy.bin
    2011-01-07 17:56:21 203 ----a-w- c:\winnt\system32\lsprst7.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\winnt\system32\isign32.dll
    2010-11-08 14:03:09 71 ----a-w- c:\winnt\system32\ssprs.dll
    2010-11-06 00:34:04 841216 ----a-w- c:\winnt\system32\wininet.dll
    2010-11-06 00:34:04 1830912 ----a-w- c:\winnt\system32\inetcpl.cpl
    2010-11-06 00:34:03 78336 ----a-w- c:\winnt\system32\ieencode.dll
    2010-11-06 00:34:03 17408 ----a-w- c:\winnt\system32\corpol.dll
    2010-11-03 12:00:49 389120 ----a-w- c:\winnt\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
    2010-10-19 20:51:33 222080 ------w- c:\winnt\system32\MpSigStub.exe
    2010-10-19 13:55:43 11324 ----a-w- c:\winnt\otacucena.dll

    ============= FINISH: 11:35:01.18 ===============
     

    Attached Files:

  2. mohitagg

    mohitagg Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    2
    Help anyone please!!
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

    Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973434

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice