muffun
2011-07-30, 14:56
hi there i have got my friends pc and everytime you go on the internet and type something in google it opens then changes the web page to something different. i have ran spybot and has found rightclick media which i have fixed. started spybot again and was clean but the internet is still doing the same. looked in control panel and unistall programs and found relevantknowledge which i cant remove and found out it was spyware. any help is most appreciated thanks
Dan
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Danny at 12:42:37 on 2011-07-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.833 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Winstep\WsxService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Winstep\Nexus.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winstep\Nexus.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nexus] c:\program files\winstep\Nexus.exe autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28E5E673-5777-4EF7-9F67-9BE848D5F03F} : DhcpNameServer = 192.168.1.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\lq8ty3rp.default\
FF - prefs.js: keyword.URL - hxxp://www.resulturl.com/?tmp=nemo_results_removelink&prt=rsturlwd4&keywords=
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-23 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-23 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-27 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-23 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-23 42184]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-7-25 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\winstep\wsxservice --> c:\program files\winstep\WsxService [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-7-23 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-27 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-25 15872]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-7-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-7-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-7-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-7-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-7-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-7-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-7-25 109864]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-25 1343400]
.
=============== Created Last 30 ================
.
2011-07-29 07:58:11 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa334483-4e6e-4c02-9569-77c22af26c61}\mpengine.dll
2011-07-27 14:37:30 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-07-27 14:37:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-07-27 14:37:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-07-27 14:37:14 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2011-07-27 14:37:14 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2011-07-27 14:37:14 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-27 14:37:14 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2011-07-27 14:37:14 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2011-07-27 14:37:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-27 14:36:53 -------- d-----w- c:\program files\Airport Simulator
2011-07-27 14:34:27 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-27 14:34:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-27 14:33:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-27 14:33:43 -------- d-----w- c:\users\danny\appdata\roaming\DAEMON Tools Lite
2011-07-27 14:33:43 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-27 14:07:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-27 14:07:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:57:01 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-07-25 18:25:52 -------- d-----w- c:\windows\system32\SPReview
2011-07-25 18:25:32 -------- d-----w- c:\windows\system32\EventProviders
2011-07-25 18:17:35 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 18:13:39 -------- d-----w- c:\program files\Intuwave Ltd
2011-07-25 17:59:42 -------- d-----w- c:\users\danny\appdata\local\Sony
2011-07-25 17:56:14 -------- d-----w- c:\program files\common files\Sony Shared
2011-07-25 17:56:00 -------- d-----w- c:\users\danny\appdata\local\Downloaded Installations
2011-07-25 17:55:55 -------- d-----w- c:\programdata\Sony Corporation
2011-07-25 17:55:55 -------- d-----w- c:\program files\Sony
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-25 17:53:19 -------- d-----w- c:\users\danny\appdata\local\Apple
2011-07-25 17:49:12 -------- d-----w- c:\program files\Sony Media Go Install
2011-07-25 07:58:59 86528 ----a-w- c:\windows\system32\isoburn.exe
2011-07-25 07:46:24 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-25 02:31:11 -------- d-----w- c:\windows\system32\Wat
2011-07-25 02:03:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-24 04:48:54 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-24 04:47:59 2616320 ----a-w- c:\windows\explorer.exe
2011-07-24 04:46:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-24 04:46:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-24 04:46:54 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-24 04:46:53 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-24 04:46:53 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-24 04:46:53 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-24 04:44:28 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-24 04:44:28 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-24 04:44:28 107520 ----a-w- c:\windows\system32\cdd.dll
2011-07-23 21:14:08 -------- d-----w- c:\windows\Panther
2011-07-23 21:10:01 -------- d-----w- C:\Windows.old
2011-07-23 14:22:46 -------- d-----w- c:\users\danny\appdata\local\Microsoft Games
2011-07-23 14:17:10 -------- d-----w- c:\program files\uTorrent
2011-07-23 14:16:26 -------- d-----w- c:\users\danny\appdata\roaming\uTorrent
2011-07-23 14:16:26 -------- d-----w- c:\users\danny\appdata\local\uTorrent
2011-07-23 14:03:53 -------- d-----w- c:\program files\VideoLAN
2011-07-23 14:00:55 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 14:00:54 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-23 14:00:14 40112 ----a-w- c:\windows\avastSS.scr
2011-07-23 14:00:08 -------- d-----w- c:\programdata\AVAST Software
2011-07-23 14:00:08 -------- d-----w- c:\program files\AVAST Software
2011-07-23 13:49:45 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-07-23 13:49:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-07-23 13:49:45 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-07-23 13:48:37 -------- d-----w- c:\program files\ATI Technologies
2011-07-23 13:48:34 -------- d-----w- c:\program files\ATI
2011-07-23 13:45:08 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-07-23 13:44:59 -------- d-----w- C:\Intel
2011-07-23 13:36:34 -------- d-----w- c:\program files\PC Medkit
2011-07-23 13:35:00 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-23 13:27:01 -------- d-----w- c:\windows\system32\AGEIA
2011-07-23 13:26:57 -------- d-sh--w- c:\windows\Installer
2011-07-23 13:26:54 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-23 13:26:50 490088 ----a-w- c:\windows\system32\nvuninst.exe
2011-07-23 13:26:31 -------- d-----w- C:\NVIDIA
2011-07-23 13:18:03 -------- d-----w- c:\users\danny\appdata\roaming\Blitware
2011-07-23 13:18:02 -------- d-----w- c:\program files\Driver Robot
2011-07-23 12:49:06 -------- d-----w- c:\program files\RelevantKnowledge
2011-07-23 12:48:22 -------- d-----w- c:\program files\windows-7-themes.com
2011-07-23 12:46:33 798208 ----a-w- c:\windows\system32\NextControls.ocx
2011-07-23 12:46:33 608448 ----a-w- c:\windows\system32\comctl32.ocx
2011-07-23 12:46:33 1347344 ----a-w- c:\windows\system32\msvbvm50.dll
2011-07-23 12:46:33 -------- d-----w- c:\program files\Winstep
2011-07-23 12:40:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-23 12:35:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 12:34:31 -------- d-----w- c:\users\danny\appdata\local\Mozilla
2011-07-23 12:26:46 -------- d-----w- c:\windows\system32\wbem\Performance
2011-07-23 12:21:52 -------- d-sh--w- C:\Recovery
2011-07-23 12:05:05 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2011-07-26 02:26:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-25 18:21:25 148736 ----a-w- c:\programdata\hpeEE2A.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 12:44:52.47 ===============
couldnt attach the attch file from the log as it wont accept rar and im not sure how to convert from rar to zip cheers
Dan
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Danny at 12:42:37 on 2011-07-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.833 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Winstep\WsxService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Winstep\Nexus.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winstep\Nexus.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nexus] c:\program files\winstep\Nexus.exe autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28E5E673-5777-4EF7-9F67-9BE848D5F03F} : DhcpNameServer = 192.168.1.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\lq8ty3rp.default\
FF - prefs.js: keyword.URL - hxxp://www.resulturl.com/?tmp=nemo_results_removelink&prt=rsturlwd4&keywords=
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-23 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-23 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-27 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-23 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-23 42184]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-7-25 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\winstep\wsxservice --> c:\program files\winstep\WsxService [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-7-23 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-27 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-25 15872]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-7-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-7-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-7-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-7-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-7-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-7-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-7-25 109864]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-25 1343400]
.
=============== Created Last 30 ================
.
2011-07-29 07:58:11 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa334483-4e6e-4c02-9569-77c22af26c61}\mpengine.dll
2011-07-27 14:37:30 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-07-27 14:37:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-07-27 14:37:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-07-27 14:37:14 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2011-07-27 14:37:14 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2011-07-27 14:37:14 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-27 14:37:14 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2011-07-27 14:37:14 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2011-07-27 14:37:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-27 14:36:53 -------- d-----w- c:\program files\Airport Simulator
2011-07-27 14:34:27 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-27 14:34:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-27 14:33:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-27 14:33:43 -------- d-----w- c:\users\danny\appdata\roaming\DAEMON Tools Lite
2011-07-27 14:33:43 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-27 14:07:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-27 14:07:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:57:01 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-07-25 18:25:52 -------- d-----w- c:\windows\system32\SPReview
2011-07-25 18:25:32 -------- d-----w- c:\windows\system32\EventProviders
2011-07-25 18:17:35 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 18:13:39 -------- d-----w- c:\program files\Intuwave Ltd
2011-07-25 17:59:42 -------- d-----w- c:\users\danny\appdata\local\Sony
2011-07-25 17:56:14 -------- d-----w- c:\program files\common files\Sony Shared
2011-07-25 17:56:00 -------- d-----w- c:\users\danny\appdata\local\Downloaded Installations
2011-07-25 17:55:55 -------- d-----w- c:\programdata\Sony Corporation
2011-07-25 17:55:55 -------- d-----w- c:\program files\Sony
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-25 17:54:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-25 17:53:19 -------- d-----w- c:\users\danny\appdata\local\Apple
2011-07-25 17:49:12 -------- d-----w- c:\program files\Sony Media Go Install
2011-07-25 07:58:59 86528 ----a-w- c:\windows\system32\isoburn.exe
2011-07-25 07:46:24 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-25 02:31:11 -------- d-----w- c:\windows\system32\Wat
2011-07-25 02:03:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-24 04:48:54 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-24 04:47:59 2616320 ----a-w- c:\windows\explorer.exe
2011-07-24 04:46:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-24 04:46:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-24 04:46:54 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-24 04:46:53 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-24 04:46:53 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-24 04:46:53 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-24 04:44:28 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-24 04:44:28 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-24 04:44:28 107520 ----a-w- c:\windows\system32\cdd.dll
2011-07-23 21:14:08 -------- d-----w- c:\windows\Panther
2011-07-23 21:10:01 -------- d-----w- C:\Windows.old
2011-07-23 14:22:46 -------- d-----w- c:\users\danny\appdata\local\Microsoft Games
2011-07-23 14:17:10 -------- d-----w- c:\program files\uTorrent
2011-07-23 14:16:26 -------- d-----w- c:\users\danny\appdata\roaming\uTorrent
2011-07-23 14:16:26 -------- d-----w- c:\users\danny\appdata\local\uTorrent
2011-07-23 14:03:53 -------- d-----w- c:\program files\VideoLAN
2011-07-23 14:00:55 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 14:00:54 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-23 14:00:14 40112 ----a-w- c:\windows\avastSS.scr
2011-07-23 14:00:08 -------- d-----w- c:\programdata\AVAST Software
2011-07-23 14:00:08 -------- d-----w- c:\program files\AVAST Software
2011-07-23 13:49:45 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-07-23 13:49:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-07-23 13:49:45 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-07-23 13:48:37 -------- d-----w- c:\program files\ATI Technologies
2011-07-23 13:48:34 -------- d-----w- c:\program files\ATI
2011-07-23 13:45:08 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-07-23 13:44:59 -------- d-----w- C:\Intel
2011-07-23 13:36:34 -------- d-----w- c:\program files\PC Medkit
2011-07-23 13:35:00 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-23 13:27:01 -------- d-----w- c:\windows\system32\AGEIA
2011-07-23 13:26:57 -------- d-sh--w- c:\windows\Installer
2011-07-23 13:26:54 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-23 13:26:50 490088 ----a-w- c:\windows\system32\nvuninst.exe
2011-07-23 13:26:31 -------- d-----w- C:\NVIDIA
2011-07-23 13:18:03 -------- d-----w- c:\users\danny\appdata\roaming\Blitware
2011-07-23 13:18:02 -------- d-----w- c:\program files\Driver Robot
2011-07-23 12:49:06 -------- d-----w- c:\program files\RelevantKnowledge
2011-07-23 12:48:22 -------- d-----w- c:\program files\windows-7-themes.com
2011-07-23 12:46:33 798208 ----a-w- c:\windows\system32\NextControls.ocx
2011-07-23 12:46:33 608448 ----a-w- c:\windows\system32\comctl32.ocx
2011-07-23 12:46:33 1347344 ----a-w- c:\windows\system32\msvbvm50.dll
2011-07-23 12:46:33 -------- d-----w- c:\program files\Winstep
2011-07-23 12:40:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-23 12:35:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 12:34:31 -------- d-----w- c:\users\danny\appdata\local\Mozilla
2011-07-23 12:26:46 -------- d-----w- c:\windows\system32\wbem\Performance
2011-07-23 12:21:52 -------- d-sh--w- C:\Recovery
2011-07-23 12:05:05 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2011-07-26 02:26:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-25 18:21:25 148736 ----a-w- c:\programdata\hpeEE2A.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 12:44:52.47 ===============
couldnt attach the attch file from the log as it wont accept rar and im not sure how to convert from rar to zip cheers