BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Redirect virus and other issues. please help
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > Redirect virus and other issues. please help  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Redirect virus and other issues. please help
[ << Previous Thread | Next Thread >> ]

wz
New Member


Date Joined Jun 2010
Total Posts : 17
 
   Posted 6/22/2010 10:53 PM (GMT +3)    Quote: Redirect virus and other issues. please helpAlert an admin about: Redirect virus and other issues. please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:31 PM, on 6/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
K:\PROGRA~1\GFI\GFIBAC~1\GFIHINST.EXE
K:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: BgGamingMonitor.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - K:\PROGRA~1\GFI\GFIBAC~1\GFIHINST.EXE
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - K:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 10907 bytes

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Compaq_Owner at 15:46:58.75 on Tue 06/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.895.25 [GMT -4:00]
AV: BullGuard Antivirus *On-access scanning enabled* (Updated)   {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled*   {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\SvcHost.exe -k BullGuard_Main
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\SvcHost.exe -k BullGuard_LowPriv
C:\WINDOWS\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
K:\PROGRA~1\GFI\GFIBAC~1\GFIHINST.EXE
K:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\31433J5P\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: BgGamingMonitor.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-6-1 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-6-1 59664]
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-4-28 58576]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2004-8-4 14336]
R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2004-8-4 14336]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2004-8-4 14336]
R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2010-6-8 348480]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;k:\progra~1\gfi\gfibac~1\GFIHINST.EXE [2010-2-4 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;k:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2010-2-4 2261800]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-12-4 31640]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-12-4 256792]
R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2010-6-8 301376]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-6-1 33552]
S3 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-6-8 122688]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
=============== Created Last 30 ================
2010-06-17 20:11:03 0 d-----w- c:\docume~1\compaq~1\applic~1\BullGuard
2010-06-17 20:05:29 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard
2010-06-17 20:04:45 0 d-----w- c:\program files\BullGuard Ltd
2010-06-13 15:32:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-11 21:08:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-06-11 15:51:25 0 d-----w- c:\program files\World of Warcraft
2010-06-11 15:50:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2010-06-11 15:47:08 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-06-08 09:08:54 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-06-02 13:25:45 98816 ----a-w- c:\windows\sed.exe
2010-06-02 13:25:45 77312 ----a-w- c:\windows\MBR.exe
2010-06-02 13:25:45 256512 ----a-w- c:\windows\PEV.exe
2010-06-02 13:25:45 161792 ----a-w- c:\windows\SWREG.exe
2010-06-02 00:20:56 0 d-----w- c:\program files\Trend Micro
2010-06-02 00:10:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 16:02:40 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-06-01 16:02:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 16:02:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 16:02:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 16:02:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-01 13:04:27 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-01 13:04:27 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-01 13:04:27 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-01 13:04:25 0 d-----w- c:\program files\ThreatFire
2010-06-01 06:20:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
==================== Find3M  ====================
2010-06-22 19:27:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-22 19:27:15 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-28 09:41:04 58576 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2010-04-23 10:19:50 98128 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2010-04-09 20:48:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2007-12-18 15:20:38 6562371 ----a-w- c:\program files\EDRSetup.exe
2007-12-20 18:26:04 22 --sha-w- c:\windows\sminst\HPCD.sys
============= FINISH: 15:50:00.92 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2009 11:14:55 PM
System Uptime: 6/22/2010 3:26:52 PM (0 hours ago)
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 180 GiB total, 65.983 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.987 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 466 GiB total, 281.552 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP267: 3/25/2010 10:01:30 AM - Software Distribution Service 3.0
RP268: 3/26/2010 11:00:32 AM - System Checkpoint
RP269: 3/27/2010 11:19:28 AM - System Checkpoint
RP270: 3/28/2010 11:42:19 AM - System Checkpoint
RP271: 3/29/2010 12:10:02 PM - System Checkpoint
RP272: 3/30/2010 7:19:12 AM - Software Distribution Service 3.0
RP273: 3/31/2010 7:48:39 AM - System Checkpoint
RP274: 4/1/2010 9:17:36 AM - Avg Update
RP275: 4/1/2010 9:18:43 AM - Avg Update
RP276: 4/2/2010 9:43:42 AM - System Checkpoint
RP277: 4/3/2010 10:00:18 AM - System Checkpoint
RP278: 4/4/2010 10:40:01 AM - System Checkpoint
RP279: 4/5/2010 11:24:11 AM - System Checkpoint
RP280: 4/6/2010 8:10:08 AM - Installed HP Unload DLL Patch
RP281: 4/7/2010 9:48:11 AM - System Checkpoint
RP282: 4/8/2010 9:37:30 AM - Avg Update
RP283: 4/8/2010 10:18:30 AM - Software Distribution Service 3.0
RP284: 4/9/2010 10:26:47 AM - System Checkpoint
RP285: 4/10/2010 11:02:24 AM - System Checkpoint
RP286: 4/11/2010 11:46:03 AM - System Checkpoint
RP287: 4/12/2010 9:05:49 AM - Avira AntiVir Personal - 4/12/2010 9:05
RP288: 4/13/2010 11:50:22 AM - System Checkpoint
RP289: 4/14/2010 12:24:37 PM - System Checkpoint
RP290: 4/15/2010 10:56:06 AM - Software Distribution Service 3.0
RP291: 4/16/2010 11:51:33 AM - System Checkpoint
RP292: 4/17/2010 12:52:43 PM - System Checkpoint
RP293: 4/18/2010 12:59:01 PM - System Checkpoint
RP294: 4/19/2010 1:27:44 PM - System Checkpoint
RP295: 4/20/2010 1:31:02 PM - System Checkpoint
RP296: 4/21/2010 1:32:05 PM - System Checkpoint
RP297: 4/22/2010 9:33:08 AM - Avg Update
RP298: 4/22/2010 9:34:14 AM - Avg Update
RP299: 4/23/2010 10:00:11 AM - System Checkpoint
RP300: 4/24/2010 10:03:03 AM - System Checkpoint
RP301: 4/25/2010 11:17:04 AM - System Checkpoint
RP302: 4/25/2010 12:09:30 PM - Printer Driver Amyuni Document Converter 400 Installed
RP303: 4/26/2010 12:27:30 PM - System Checkpoint
RP304: 4/27/2010 1:20:09 PM - System Checkpoint
RP305: 4/28/2010 1:27:30 PM - System Checkpoint
RP306: 4/29/2010 6:18:52 PM - System Checkpoint
RP307: 4/30/2010 7:02:21 PM - System Checkpoint
RP308: 5/1/2010 7:23:05 PM - System Checkpoint
RP309: 5/2/2010 7:28:18 PM - System Checkpoint
RP310: 5/3/2010 7:32:54 PM - System Checkpoint
RP311: 5/5/2010 9:00:19 AM - Avg Update
RP312: 5/6/2010 10:05:30 AM - System Checkpoint
RP313: 5/7/2010 10:20:50 AM - System Checkpoint
RP314: 5/8/2010 11:53:24 AM - System Checkpoint
RP315: 5/9/2010 12:34:45 PM - System Checkpoint
RP316: 5/10/2010 12:54:00 PM - System Checkpoint
RP317: 5/11/2010 1:33:06 PM - System Checkpoint
RP318: 5/12/2010 2:28:43 PM - System Checkpoint
RP319: 5/13/2010 3:09:02 PM - System Checkpoint
RP320: 5/14/2010 4:03:36 PM - System Checkpoint
RP321: 5/15/2010 9:46:11 AM - Software Distribution Service 3.0
RP322: 5/16/2010 10:29:08 AM - System Checkpoint
RP323: 5/17/2010 11:45:19 AM - System Checkpoint
RP324: 5/18/2010 12:13:10 PM - System Checkpoint
RP325: 5/19/2010 1:26:13 PM - System Checkpoint
RP326: 5/20/2010 1:48:59 PM - System Checkpoint
RP327: 5/21/2010 2:47:55 PM - System Checkpoint
RP328: 5/22/2010 3:47:55 PM - System Checkpoint
RP329: 5/23/2010 4:23:52 PM - System Checkpoint
RP330: 5/24/2010 5:49:48 PM - System Checkpoint
RP331: 5/25/2010 7:31:06 PM - System Checkpoint
RP332: 5/27/2010 9:28:11 AM - System Checkpoint
RP333: 5/28/2010 10:42:23 AM - System Checkpoint
RP334: 5/29/2010 11:10:24 AM - System Checkpoint
RP335: 5/30/2010 11:54:46 AM - System Checkpoint
RP336: 5/31/2010 1:57:56 PM - System Checkpoint
RP337: 6/1/2010 8:09:03 PM - Installed Java(TM) 6 Update 20
RP338: 6/2/2010 8:59:37 AM - Removed AVG Free 9.0
RP339: 6/2/2010 9:00:57 AM - Removed AVG Free 9.0
RP340: 6/2/2010 9:01:48 AM - Installed AVG Free 9.0
RP341: 6/3/2010 10:18:21 AM - System Checkpoint
RP342: 6/4/2010 11:27:33 AM - System Checkpoint
RP343: 6/5/2010 1:12:23 PM - System Checkpoint
RP344: 6/6/2010 1:57:32 PM - System Checkpoint
RP345: 6/7/2010 2:57:32 PM - System Checkpoint
RP346: 6/8/2010 5:38:59 PM - System Checkpoint
RP347: 6/9/2010 7:32:46 PM - System Checkpoint
RP348: 6/10/2010 8:03:54 PM - System Checkpoint
RP349: 6/11/2010 8:15:09 PM - System Checkpoint
RP350: 6/12/2010 9:30:06 PM - System Checkpoint
RP351: 6/13/2010 11:27:05 AM - Removed Java(TM) 6 Update 15
RP352: 6/13/2010 11:27:44 AM - Removed J2SE Runtime Environment 5.0
RP353: 6/13/2010 11:28:21 AM - Removed Java(TM) 6 Update 15
RP354: 6/13/2010 11:32:09 AM - Installed Java(TM) 6 Update 20
RP355: 6/14/2010 11:40:31 AM - System Checkpoint
RP356: 6/15/2010 1:29:10 PM - System Checkpoint
RP357: 6/16/2010 3:39:16 PM - System Checkpoint
RP358: 6/17/2010 9:02:32 PM - System Checkpoint
RP359: 6/18/2010 9:11:58 PM - System Checkpoint
RP360: 6/19/2010 9:42:23 PM - System Checkpoint
RP361: 6/21/2010 10:00:04 AM - System Checkpoint
RP362: 6/22/2010 2:30:26 PM - System Checkpoint
==== Installed Programs ======================
1AVCenter
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
3GP Player 2009
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Advanced SystemCare 3
Agere Systems PCI Soft Modem
AI RoboForm (All Users)
AiO_Scan
AiOSoftware
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bonjour
Bounce Symphony from Compaq (remove only)
BullGuard
CCleaner
Compaq Connections
Compaq Organize
Copy
CreativeProjects
CrossLoop 2.70
Crystal Maze from Compaq (remove only)
Director
DocProc
Duplicate Cleaner 1.4.4
EASEUS Data Recovery Wizard 4.8 Beta
Easy Internet Sign-up
easyQuizzy 1.8
EPSON CX9400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX9400Fax Series Scanner Driver Update
Fax
Final Drive Nitro from Compaq (remove only)
GFI Backup 2009 - Home Edition
Glary Utilities Pro 2.23.0.923
Help and Support Additions
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
HP Unload DLL Patch
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InterVideo WinDVD Player
iPixSoft Flash Slideshow Creator (1.8.6.2)
iTunes
Java Auto Updater
Java(TM) 6 Update 20
KBD
Lexibox Deluxe from Compaq (remove only)
Linksys WUSB100 RangePlus Wireless USB Adapter
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Neverland
Overball from Compaq (remove only)
overland
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
PhotoGallery
PhraseExpress v7.0.158
Picasa 3
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PrintScreen
Process Lasso
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2010
QuickProjects
QuickTime
Readme
RealPlayer
Recuva
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Revo Uninstaller 1.85
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Shooting Stars Pool from Compaq (remove only)
SiS VGA Utilities
SkinsHP1
SkinsHP2
Skype™ 4.1
Slyder from Compaq (remove only)
Smart Defrag
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Super Granny from Compaq (remove only)
The Cleaner 2010
ThreatFire
Tradewinds from Compaq (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Wondershare iPhone Ringtone Converter(Build 1.0.3.0)
World of Warcraft
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
6/22/2010 3:27:54 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  fasttx2k
6/17/2010 4:10:35 PM, error: Service Control Manager [7022]  - The BullGuard firewall service service hung on starting.
==== End Of File ===========================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4161
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
6/22/2010 3:24:02 PM
mbam-log-2010-06-22 (15-24-02).txt
Scan type: Full scan (C:\|D:\|K:\|)
Objects scanned: 493483
Time elapsed: 4 hour(s), 36 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Compaq_Owner\desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Back to Top
 
New Topic Locked Topic Printable version of : Redirect virus and other issues. please help
 
Forum Information
Currently it is Tuesday, September 30, 2014 9:04 AM (GMT +3)
There are a total of 60,626 posts in 13,326 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36431 registered members. Please welcome our newest member, yoko90.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard Backup: 3 GB of files are "missing" but freespace calcuation seems to think they (10)9/27/2014 2:53:48 PM (Robert Mateescu)