Redirected in Google search link

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mohitagg

Thread Starter
Joined
Jan 8, 2011
Messages
2
Hi,

When I click on google search links the browser is redirected to some AD page. The computer is also very slow. This started yesterday. I have tried TDSS killer and Malawarebytes scanner but no threats were found.

Please help.

Thanks,
Mohit

Attaching the required logs except GMER as it always hangs the computer when I run GMER scan.

Logfile of HijackThis v1.99.1
Scan saved at 1:35:16 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21295)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
C:\PROGRA~1\CYBERG~1\cgagent.exe
C:\PROGRA~1\CYBERG~1\nicman.exe
C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
C:\Program Files\P-Synch\Clients\service\psginasvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\CCM\CcmExec.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\mqtgsvc.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\InetCntrl\InetCntrl.exe
C:\Program Files\AirProducts\APNotifier\APNotifier.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\CyberGatekeeper Agent\cgav.exe
C:\Program Files\CyberGatekeeper Agent\cgahelp.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\aggarwm1\My Documents\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/Allentown/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINNT\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [APNotifier] C:\Program Files\AirProducts\APNotifier\\APNotifier.exe AUTO
O4 - HKLM\..\Run: [8e6Authentication] wscript.exe "C:\Program Files\AirProducts\8e6auth\auth.wsf"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CgaViewer] C:\Program Files\CyberGatekeeper Agent\cgav.exe -check
O4 - HKLM\..\Run: [CgaHelper] C:\Program Files\CyberGatekeeper Agent\cgahelp.exe -check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhlCach3.exe] C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'inetcntrl0012.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292424539296
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A67EE2D0-D7C7-4ADE-96E5-7AE17AFBEDE2} (SRSInstall.SRSInstall.Utilities) - http://meup1/softwarerequest/srsinstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E00979FF-2951-48DC-92C2-8B6C80E39003} (Pslocalr Class) - https://pat.apci.com/PasswordAssistance/docs/pslocalr.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = america.apci.com
O17 - HKLM\Software\..\Telephony: DomainName = america.apci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = america.apci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = america.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = america.apci.com,apci.com,europe.apci.com,ape.apci.com,asiapac.apci.com,aph.apci.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\Qvp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AFW Security Client Service (AfwSecCliSvc) - Aspen Technology, Inc. - C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Aspen Data Source Directory (AtDsaDirectory) - Aspen Technology, Inc. - C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGatekeeper Agent (CGAgent) - InfoExpress - C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
O23 - Service: Password Manager Logon Management Service (psginasvc) - Hitachi ID Systems, Inc. - C:\Program Files\P-Synch\Clients\service\psginasvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



============================================================================



DDS (Ver_10-12-12.02) - NTFSx86
Run by AGGARWM1 at 11:33:55.18 on Sat 01/08/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2637 [GMT -5:00]

AV: Microsoft Forefront Client Security *Enabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
FW: Symantec Endpoint Protection *Disabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
svchost.exe
C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
C:\PROGRA~1\CYBERG~1\cgagent.exe
C:\PROGRA~1\CYBERG~1\nicman.exe
C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AspenTech Shared\ADSA\AtDsaDirectory.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
C:\Program Files\P-Synch\Clients\service\psginasvc.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\CCM\CcmExec.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\WINNT\system32\mqtgsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\InetCntrl\InetCntrl.exe
C:\Program Files\AirProducts\APNotifier\APNotifier.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\CyberGatekeeper Agent\cgav.exe
C:\Program Files\CyberGatekeeper Agent\cgahelp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\aggarwm1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\aggarwm1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aponline.apci.com/Allentown/default.aspx
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [WhlCach3.exe] c:\program files\microsoft forefront uag\endpoint components\3.1.0\WhlCach3.exe
mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\winnt\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Persistence] c:\winnt\system32\igfxpers.exe
mRun: [InetCntrl] c:\winnt\system32\inetcntrl\InetCntrl.exe
mRun: [APNotifier] c:\program files\airproducts\apnotifier\\APNotifier.exe AUTO
mRun: [8e6Authentication] wscript.exe "c:\program files\airproducts\8e6auth\auth.wsf"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [CgaViewer] c:\program files\cybergatekeeper agent\cgav.exe -check
mRun: [CgaHelper] c:\program files\cybergatekeeper agent\cgahelp.exe -check
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-system: HideLogonScripts = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: InetCntrl0012.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292424539296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A67EE2D0-D7C7-4ADE-96E5-7AE17AFBEDE2} - hxxp://meup1/softwarerequest/srsinstall.cab
DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E00979FF-2951-48DC-92C2-8B6C80E39003} - hxxps://pat.apci.com/PasswordAssistance/docs/pslocalr.dll
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\winnt\inf\wmactedp.inf,PerUserStub,,4
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aggarwm1\applic~1\mozilla\firefox\profiles\6j6tf5bm.default\
FF - plugin: c:\documents and settings\aggarwm1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aggarwm1\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\aggarwm1\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 vmscsi;vmscsi;c:\winnt\system32\drivers\vmscsi.sys [2009-1-14 10880]
R1 awlegacy;awlegacy;c:\winnt\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R2 AfwSecCliSvc;AFW Security Client Service;c:\program files\aspentech\bpe\AfwSecCliSvc.exe [2007-10-3 380928]
R2 AtDsaDirectory;Aspen Data Source Directory;c:\program files\common files\aspentech shared\adsa\AtDsaDirectory.exe [2007-8-27 262144]
R2 CafeDrv;CafeDrv NDIS Protocol Driver;c:\winnt\system32\drivers\CafeDrv.sys [2009-10-28 29568]
R2 CGAgent;CyberGatekeeper Agent;c:\program files\cybergatekeeper agent\cgasvc.exe [2010-3-15 81982]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-1-19 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2009-10-22 69512]
R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
R2 psginasvc;Password Manager Logon Management Service;c:\program files\p-synch\clients\service\psginasvc.exe [2009-7-8 585728]
R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2009-12-19 682232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-11 24652]
R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2009-7-31 108160]
R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [2009-7-31 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2008-11-12 244368]
R3 Iexim;Infoexpress Generic Network Filter Service;c:\winnt\system32\drivers\iexim.sys [2010-3-10 32128]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\winnt\system32\drivers\IntcHdmi.sys [2009-7-31 110080]
R3 MpFilter;Microsoft Malware Protection Driver;c:\winnt\system32\drivers\MpFilter.sys [2010-10-20 69616]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\winnt\system32\drivers\tap0901t.sys [2009-12-19 27136]
R3 whlva;SSL Network Tunneling;c:\winnt\system32\drivers\whlva.sys [2010-2-25 21384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
S3 DMService;Whale Component Manager;c:\winnt\downloaded program files\dm.1\DMService.exe [2010-2-14 468368]
S3 whliocsv;Microsoft Forefront UAG SSL Network Tunneling Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\whliocsv.exe [2010-2-25 156048]
S3 WinRM;Windows Remote Management (WS-Management);c:\winnt\system32\svchost.exe -k WINRM [2009-1-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
S4 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-2-14 149904]

=============== File Associations ===============

JSEFile=c:\winnt\system32\Notepad.exe "%1" %*
VBEFile=c:\winnt\system32\Notepad.exe "%1" %*
VBSFile=c:\winnt\system32\Notepad.exe "%1" %*
vbsfile\shell\edit\command=c:\winnt\system32\Notepad.exe %1

=============== Created Last 30 ================

2011-01-08 07:09:50 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{426fc116-400c-4a73-9924-ff0cf13c00a0}\mpengine.dll
2011-01-04 08:08:18 -------- d-----w- c:\docume~1\aggarwm1\applic~1\Malwarebytes
2011-01-04 08:08:13 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-01-04 08:08:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-04 08:08:07 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-01-04 08:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-04 06:54:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-04 06:54:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-04 05:35:06 -------- d-----w- c:\program files\Yontoo Layers Client
2011-01-04 05:35:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2010-12-30 04:12:35 45568 -c----w- c:\winnt\system32\dllcache\wab.exe
2010-12-30 04:12:19 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-30 04:12:18 81920 -c----w- c:\winnt\system32\dllcache\isign32.dll
2010-12-21 21:06:24 -------- d-----w- c:\docume~1\aggarwm1\applic~1\Microsoft Corporation
2010-12-21 21:00:39 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-21 21:00:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-21 21:00:08 112832 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
2010-12-21 20:56:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-21 20:56:58 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-21 20:56:58 -------- d-----w- c:\program files\common files\Merge Modules
2010-12-15 15:24:25 -------- d-----w- c:\program files\MATLAB

==================== Find3M ====================

2011-01-08 16:22:47 414 ----a-w- c:\documents and settings\aggarwm1\userpolicy.bin
2011-01-07 17:56:21 203 ----a-w- c:\winnt\system32\lsprst7.dll
2010-11-18 18:12:44 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-08 14:03:09 71 ----a-w- c:\winnt\system32\ssprs.dll
2010-11-06 00:34:04 841216 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:34:04 1830912 ----a-w- c:\winnt\system32\inetcpl.cpl
2010-11-06 00:34:03 78336 ----a-w- c:\winnt\system32\ieencode.dll
2010-11-06 00:34:03 17408 ----a-w- c:\winnt\system32\corpol.dll
2010-11-03 12:00:49 389120 ----a-w- c:\winnt\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
2010-10-19 20:51:33 222080 ------w- c:\winnt\system32\MpSigStub.exe
2010-10-19 13:55:43 11324 ----a-w- c:\winnt\otacucena.dll

============= FINISH: 11:35:01.18 ===============
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top