Active google search results redirecting

eilidh · 2009/02/18

[Active] google search results redirecting

hi guys

I'm having a similar problem to a few other people on the board in that google search engine results continually redirect to useless websites in a new tab. I've tried running McAfee, Ad-Aware and Spybot but they're not finding anything. I'm a bit useless with computers so help would be greatly appreciated.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Eilidh at 15:27:56.47 on 18/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2038.490 [GMT 0:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Eilidh\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.club-vaio.com
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
StartupFolder: c:\users\eilidh\appdata\roaming\micros~1\windows\startm~1\programs\startup\autobahn.lnk - c:\programdata\autobahn\autobahn.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eilidh\appdata\roaming\mozilla\firefox\profiles\qll7cua9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-4-14 229376]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-17 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-17 812544]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-4-14 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-4-14 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-4-14 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-14 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-14 87328]

=============== Created Last 30 ================

2009-02-18 14:44 <DIR> --d----- C:\QUARANTINE
2009-02-18 11:22 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-02-18 11:22 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-02-18 11:22 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-02-18 11:22 72,264 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-02-18 11:22 64,360 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-02-18 11:22 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-02-18 11:22 168,776 a------- c:\windows\system32\drivers\mfehidk.sys
2009-02-18 11:21 <DIR> --d----- c:\program files\McAfee
2009-02-18 11:21 <DIR> --d----- c:\program files\common files\McAfee
2009-02-18 10:54 <DIR> --d----- c:\windows\pss
2009-02-18 10:50 <DIR> --d----- C:\fixwareout
2009-02-08 09:54 <DIR> --d----- c:\program files\Trend Micro
2009-02-08 09:53 <DIR> --d----- C:\HJT
2009-02-04 15:26 222,996,769 a------- c:\windows\MEMORY.DMP

==================== Find3M ====================

2008-12-18 13:15 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-10-24 17:10 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-24 17:10 86,016 a------- c:\windows\inf\infstor.dat
2008-10-24 17:10 51,200 a------- c:\windows\inf\infpub.dat
2008-10-18 05:40 56 a---h--- c:\programdata\ezsidmv.dat
2008-10-18 05:40 56 a---h--- c:\progra~2\ezsidmv.dat
2008-09-20 21:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-13 17:36 28,095 a------- c:\users\eilidh\appdata\roaming\nvModes.dat
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:28:27.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/09/2008 02:06:39
System Uptime: 18/02/2009 12:23:04 (3 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | N/A | 1867/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 226 GiB total, 153.246 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP198: 31/01/2009 00:00:04 - Scheduled Checkpoint
RP199: 01/02/2009 00:21:33 - Scheduled Checkpoint
RP200: 02/02/2009 02:25:43 - Scheduled Checkpoint
RP201: 03/02/2009 01:31:00 - Windows Update
RP202: 04/02/2009 16:15:36 - Scheduled Checkpoint
RP203: 06/02/2009 00:00:02 - Scheduled Checkpoint
RP204: 07/02/2009 00:01:03 - Scheduled Checkpoint
RP205: 08/02/2009 00:17:45 - Scheduled Checkpoint
RP206: 09/02/2009 01:04:01 - Scheduled Checkpoint
RP207: 10/02/2009 00:00:06 - Scheduled Checkpoint
RP208: 11/02/2009 00:10:33 - Scheduled Checkpoint
RP209: 12/02/2009 00:47:11 - Scheduled Checkpoint
RP210: 13/02/2009 00:25:33 - Scheduled Checkpoint
RP211: 14/02/2009 00:18:07 - Scheduled Checkpoint
RP212: 15/02/2009 02:18:33 - Scheduled Checkpoint
RP213: 16/02/2009 00:00:08 - Scheduled Checkpoint
RP214: 17/02/2009 00:55:12 - Scheduled Checkpoint
RP215: 18/02/2009 01:00:13 - Scheduled Checkpoint
RP216: 18/02/2009 11:04:26 - Removed Bonjour
RP217: 18/02/2009 11:06:31 - Removed MobileMe Control Panel
RP218: 18/02/2009 11:21:51 - Installed McAfee VirusScan Enterprise

==== Installed Programs ======================

4oD
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Alps Pointing-device for VAIO
Apple Mobile Device Support
Apple Software Update
µTorrent
AutoUpdate
Browser Address Error Redirector
Choice Guard
Click to Disc
Click to Disc Editor
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Google Earth
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 7
K-Lite Codec Pack 4.1.7 (Full)
McAfee VirusScan Enterprise
Microsoft Application Error Reporting
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
My Club VAIO
NVIDIA Drivers
OpenMG Secure Module 5.0.00
Picasa 2
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Safari
Setting Utility Series
Skypeâ„¢ 3.8
Sony Video Shared Library
SpywareBlaster 4.1
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide
VAIO Launcher
Vaio Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Smart Network
VAIO Update 3
VAIO Wallpaper Contents
Veoh Web Player Beta
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinDVD for VAIO
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

18/02/2009 00:34:22, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/02/2009 00:36:19, Error: Service Control Manager [7022] - The NSUService service hung on starting.
18/02/2009 10:05:32, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001F3AF6B0F7 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
18/02/2009 11:31:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfetdik
18/02/2009 14:17:02, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.20.46.106 for the Network Card with network address 001F3AF6B0F7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

I also ran combofix with the following log.

ComboFix 09-02-17.02 - Eilidh 2009-02-18 17:21:34.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1289 [GMT 0:00]
Running from: c:\users\Eilidh\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\gaopdxnbbedpbt.sys
c:\windows\system32\drivers\gaopdxuesvqycj.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxdtgtkktj.dll
c:\windows\system32\gaopdxvccbevrm.dll

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-18 14:44 . 2009-02-18 14:46 <DIR> d-------- C:\QUARANTINE
2009-02-18 11:22 . 2009-02-18 11:22 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2009-02-18 11:22 . 2006-11-17 03:06 1,495,552 --a------ c:\windows\System32\epoPGPsdk.dll
2009-02-18 11:22 . 2006-11-30 08:50 168,776 --a------ c:\windows\System32\drivers\mfehidk.sys
2009-02-18 11:22 . 2006-11-30 08:50 72,264 --a------ c:\windows\System32\drivers\mfeavfk.sys
2009-02-18 11:22 . 2006-11-30 08:50 64,360 --a------ c:\windows\System32\drivers\mfeapfk.sys
2009-02-18 11:22 . 2006-11-30 08:50 52,136 --a------ c:\windows\System32\drivers\mfetdik.sys
2009-02-18 11:22 . 2006-11-17 03:06 280 --a------ c:\windows\System32\epoPGPsdk.dll.sig
2009-02-18 11:21 . 2009-02-18 11:22 <DIR> d-------- c:\program files\McAfee
2009-02-18 11:21 . 2009-02-18 11:21 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-18 10:50 . 2009-02-18 10:50 <DIR> d-------- C:\fixwareout
2009-02-08 09:54 . 2009-02-08 09:54 <DIR> d-------- c:\program files\Trend Micro
2009-02-08 09:53 . 2009-02-18 15:13 <DIR> d-------- C:\HJT
2009-02-04 15:26 . 2009-02-04 15:27 222,996,769 --a------ c:\windows\MEMORY.DMP
2009-01-18 21:56 . 2009-01-18 21:56 <DIR> d-------- c:\users\All Users\Kontiki
2009-01-18 21:56 . 2009-01-18 21:56 <DIR> d-------- c:\programdata\Kontiki
2009-01-18 21:56 . 2009-01-18 21:56 <DIR> d-------- c:\program files\Kontiki
2009-01-18 21:56 . 2009-01-18 21:56 <DIR> d-------- c:\program files\Channel4
2009-01-18 21:55 . 2009-01-18 21:55 <DIR> d-------- c:\users\All Users\Channel4
2009-01-18 21:55 . 2009-01-18 21:55 <DIR> d-------- c:\programdata\Channel4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 16:13 --------- d-----w c:\users\Eilidh\AppData\Roaming\uTorrent
2009-02-18 12:30 --------- d-----w c:\users\Eilidh\AppData\Roaming\Skype
2009-02-18 11:22 --------- d-----w c:\programdata\McAfee
2009-02-18 11:05 --------- d-----w c:\program files\Google
2009-02-17 23:34 --------- d---a-w c:\programdata\TEMP
2009-02-17 23:25 --------- d-----w c:\programdata\Google Updater
2009-02-08 10:29 --------- d-----w c:\program files\SpywareBlaster
2009-01-15 03:03 --------- d-----w c:\program files\Windows Mail
2009-01-10 17:29 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-10 17:29 --------- d-----w c:\program files\Windows Live
2009-01-10 17:29 --------- d-----w c:\program files\Microsoft
2009-01-10 17:26 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-10 10:26 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-01-10 10:03 --------- d-----w c:\program files\Common Files\eSellerate
2008-12-18 13:15 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-18 13:15 --------- d-----w c:\program files\Java
2008-12-02 22:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-10-18 05:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-18 05:40 56 ---ha-w c:\programdata\ezsidmv.dat
2008-03-13 17:36 28,095 ----a-w c:\users\Eilidh\AppData\Roaming\nvModes.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-18_16.37.16.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-18 16:32:09 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-18 17:11:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-18 16:32:09 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-18 17:11:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-18 16:35:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-18 17:21:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-18 17:21:56 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-18 16:36:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-18 17:22:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-18 17:22:57 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-18 14:39:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-18 17:04:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-18 14:39:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 17:04:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-18 14:39:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-18 17:04:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-18 16:34:02 7,594 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2414685800-4066096053-3667734822-1003_UserData.bin
+ 2009-02-18 17:23:02 7,610 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2414685800-4066096053-3667734822-1003_UserData.bin
- 2009-02-18 16:34:02 66,820 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 17:22:58 67,046 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-18 16:33:58 41,334 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 17:22:52 41,620 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe "= "c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"MarketingTools "= "c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-04-14 36864]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-23 c:\windows\RtHDVCpl.exe]

c:\users\Eilidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\programdata\Autobahn\autobahn.exe [2008-09-12 708824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd "= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"msacm.l3fhg "= mp3fhg.acm
"msacm.divxa32 "= divxa32.acm
"VIDC.X264 "= x264vfw.dll
"VIDC.HFYU "= huffyuv.dll
"vidc.i263 "= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8FE1C8E1-FC5E-4B36-A0C4-F71999566110} "= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{39B78B33-5CD7-402D-AD55-5208FE11BFB8} "= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B68ACDF6-7781-4D31-9B9D-2D7E5C78482B} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A91F3B9A-A671-4BEB-BF04-801348D94A2E} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{292BD559-BED4-4EEB-970C-496FE391E098} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9B9364CD-BE1D-4EBE-9599-ED7E1284603D} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CE2E3F4C-C271-4B3B-BFB8-E02024B36820}c:\\program files\\utorrent\\utorrent.exe "= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{7F509E00-7D81-4B56-8042-E9EA75F077F6}c:\\program files\\utorrent\\utorrent.exe "= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{A801E0E7-C86F-4E5C-8BF7-6EDE2605E7CE}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{80C9B8E8-853A-4632-82B0-3E3A58F3B45C}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5DEEE232-AE47-40DE-8480-9A86F9A58480} "= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{E5609A80-6DA9-4ED5-8910-8774B00BAF9D} "= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"TCP Query User{230A8E1F-0D3B-47FF-9F63-77146A185BB8}c:\\program files\\mozilla firefox\\firefox.exe "= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B3205F5E-61C3-4929-80BC-D16B6A5BE30A}c:\\program files\\mozilla firefox\\firefox.exe "= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3DA32038-5285-4E06-81F9-E10FF25A15BA}c:\\program files\\mozilla firefox\\firefox.exe "= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DD5A5ADF-B539-46BE-BA09-5A1AA2F04D37}c:\\program files\\mozilla firefox\\firefox.exe "= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{F4337BDE-6057-47FB-9A48-82496E5F6C00} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8BB62B5C-A131-4F2D-B18C-3622D6418569} "= UDP:8080:NINJA
"{F94AF721-DFBD-4F2B-AE79-0B9F3FFEFEBB} "= UDP:7070:NINJA
"{419C6FF9-1D14-49C9-9E7C-22080E083CC4} "= UDP:554:NINJA
"{5B2DCE20-C2C8-4A8F-AF0C-B25244C7AB3A} "= TCP:4040:NINJA
"{72D299BB-4ADD-4EC5-B4C4-E624A8309C94} "= TCP:7007:NINJA
"{2DD63BAF-04CE-4438-B28E-48C164C01011} "= TCP:554:NINJA
"{B15542CC-7F82-4B96-BF71-49E4E001E781} "= UDP:6970:NINJA
"{05C49830-3C02-4491-AD62-E8E32F4E49FD} "= TCP:6971:NINJA
"{28E06A7D-F305-4C58-854D-4841CFD5CCFF} "= TCP:6972:NINJA
"{4184E502-9742-4218-8A4F-31B77F324352} "= TCP:6973:NINJA
"TCP Query User{6752F848-D4EB-4C89-8DBE-00F7E0F757C8}c:\\programdata\\autobahn\\autobahn.exe "= UDP:c:\programdata\autobahn\autobahn.exe:autobahn
"UDP Query User{BEF249BF-6F40-4FB1-8927-DF9F0B3A005F}c:\\programdata\\autobahn\\autobahn.exe "= TCP:c:\programdata\autobahn\autobahn.exe:autobahn
"{592459F9-F2A3-4F6E-AEC9-6482206E194C} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{209FA59E-C007-4692-871D-2892D65AD5BC} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{333BCE21-EBE2-4C30-8443-B8051DBA577E} "= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{EFA5C85D-2528-4BF8-90AE-F49B6BFE0031} "= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{5CAEE11C-B23C-4790-AE24-11CE2E4709D2} "= UDP:51711:utorrent
"{EA88F60C-6921-4074-BADE-6BAA43A1FC88} "= TCP:51711:utorrent
"TCP Query User{D17A8AFF-12DB-4BAF-A806-84C25D1494FB}c:\\program files\\java\\jre6\\bin\\java.exe "= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{5332656A-7C35-4CFE-BDCC-BE605E07D536}c:\\program files\\java\\jre6\\bin\\java.exe "= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{725304AF-3599-491A-ADF8-7202C76059C6} "= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{71A5A6BB-02E5-430B-992C-980025595859} "= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{EF758173-75E5-4E78-BB72-CDD3B851DF1B} "= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DEFDB4AE-38AD-477D-9F09-1659788353A8} "= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-04-14 229376]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2007-12-17 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-17 812544]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-04-14 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-04-14 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-04-14 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-04-14 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-04-14 87328]
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 15:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com
FF - ProfilePath - c:\users\Eilidh\AppData\Roaming\Mozilla\Firefox\Profiles\qll7cua9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 17:23:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-18 17:24:50
ComboFix-quarantined-files.txt 2009-02-18 17:24:48
ComboFix2.txt 2009-02-18 16:38:27

Pre-Run: 167,812,747,264 bytes free
Post-Run: 167,763,509,248 bytes free

221 --- E O F --- 2009-02-03 01:31:47

noahdfear · 2009/02/22

Welcome to WindowsBBS eilidh

My apologies for the wait. How's the computer behaving since running ComboFix?

Log in or Sign up

Active google search results redirecting

eilidh Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active google search results redirecting

eilidh Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches