What is happening/search

castle96

I 'google' (well, seems to be 'bing' now - when did that change), find what I want on a page of results, click on that... and I am taken off to ebay, or 123toys.com, or even a !!!!!! site !
What has got into my computer and how to find it/get rid.

Happens most of the time, not always. On IE and F/fox.

However if I have the exact site name and type it into the search box, or if I click on a site that is in my list of favourites, no problem.

bluesnake

here is the probable answer https://forums.moneysavingexpert.com/discussion/133269

waddler_8

Definitely malware.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

• Double click DDS to run it.
• When it's finished, DDS will open two logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

castle96

"dds.scr is not commonly downloaded and could harm your computer" or so it says when I try

waddler_8

Ignore it and download it.

macman

Google changing to Bing is because you accepted a change to your default search engine, and probably installed the Bing toolbar. Once the malware is cleaned, change your default search engine to Google and uninstall the Bing toolbar.
What AV are you using? Not McAfee by any chance?

waddler_8

To put you mind at rest.

http://windows.microsoft.com/en-gb/windows7/SmartScreen-Filter-frequently-asked-questions-IE9

What does it mean when I see a message that says a file isn't "commonly downloaded"?

When you download a program from the Internet, SmartScreen Filter will check the program against a list of programs that are downloaded by a significant number of other Internet Explorer users and a list of programs that are known to be unsafe. If the program you're downloading isn't on either list, SmartScreen Filter will display a warning that the file isn't "commonly downloaded." It doesn't necessarily mean the website is fraudulent or that the program is malware, but you probably shouldn't download or install the program unless you trust the website and the publisher.

http://www.bleepingcomputer.com/download/dds/

DDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in our security forum to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow us to quickly ascertain whether or not malware may be running on your computer.

techspec

You may have got Bing from a recent microsoft optional update.

Bing is not Google - its Microsoft.

As explained above - remove it (it will will be in the programs list).

Then miss it out when updating windows.

waddler_8

Don't let the toolbar issue cloud the main problem though - there's a good possibilty that your computer may have a rookit infection whilst your computer is used in a botnet to commit clickfraud.

http://www.microsoft.com/security/sir/story/default.aspx#!botnetsection_clickfraud

castle96

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 08/04/2008 18:03:42
System Uptime: 22/10/2012 14:31:35 (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 325 GiB total, 225.369 GiB free.
is FIXED (NTFS) - 10 GiB total, 8.734 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP835: 25/09/2012 11:05:55 - Scheduled Checkpoint
RP836: 26/09/2012 11:48:13 - Scheduled Checkpoint
RP837: 02/10/2012 16:10:43 - Windows Update
RP839: 06/10/2012 14:56:31 - Installed Rapport
RP840: 07/10/2012 12:25:25 - Windows Update
RP841: 09/10/2012 16:01:31 - Scheduled Checkpoint
RP842: 10/10/2012 16:46:44 - Scheduled Checkpoint
RP843: 11/10/2012 10:05:43 - Windows Update
RP844: 12/10/2012 15:14:15 - Windows Update
RP845: 15/10/2012 16:47:00 - Scheduled Checkpoint
RP846: 19/10/2012 16:16:00 - Scheduled Checkpoint
RP847: 20/10/2012 10:40:50 - Windows Update
RP848: 21/10/2012 12:40:08 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM 7
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3.0
ATI Catalyst Install Manager
AVG 2011
AVG 2012
AVG PC Tuneup 2011
Bing Maps 3D
BitTorrent
BitTorrentBar Toolbar
Brother MFL-Pro Suite
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer
CyberLink DVD Suite Deluxe
D3DX10
Demand Five Player
Download Updater (AOL LLC)
EASEUS Deleted File Recovery 2.1.1
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Chrome Frame
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Games
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
iolo technologies' Search and Recover
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
LabelPrint
Lidl-Photos
LightScribe System Software 1.10.23.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Combat Flight Simulator
Microsoft Office 2000 Disc 2
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Moneydance 2010
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Nero - Burning Rom
Nikon View 6
Norton PC Checkup
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Orange menu application
Orange signup
PaperPort Image Printer
PIXresizer 2.0.1
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Rapport
Realtek High Definition Audio Driver
Registry Mechanic 10.0
Safari
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Skins
Sky Broadband
Sky Go Desktop
Smart Menus (Windows Live Toolbar)
Spotify
The Weather Channel Desktop 6
ubi.com
Uninstall Entriq MediaSphere
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoToolkit01
Viewpoint Media Player
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
22/10/2012 14:32:31, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/10/2012 10:48:05, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/10/2012 10:35:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/10/2012 17:01:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

I have AVG A/virus 2011 free editiion (which wil not open/work). I have McFee Security Scan Plus on desktop.
Seems I have no AV actually running ! Is there a free/good one ? Windows Defender IS running "spyware and other malware protection". I have to turn this on each time.

The second DDS file follows in next post.

Thanks for your help people - advice/way forward ?

castle96

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by castle96 at 14:52:11 on 2012-10-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1521 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aol.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\22.0.1229.94\npchrome_frame.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [YHWVPZAEFL] rundll32 "c:\users\castle96\appdata\roaming\0ð#pctlspo.dll",xczrgelb
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Sky Broadband; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/offroad-4x4/en/"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [RMAlert] "c:\program files\registry mechanic\Alert.exe" /PRODUCT=RM /R
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110623075457
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4FC639E6-D119-460A-A2A4-68C5E76F4821} : DHCPNameServer = 192.168.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\22.0.1229.94\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\castle96\appdata\roaming\mozilla\firefox\profiles\g4fyi8aq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - plugin: c:\program files\entriq\mediasphere\3.8.2.9\npEntriqMediaMozillaPlugin.dll
FF - plugin: c:\program files\entriq\mediasphere\3.8.2.9\npEntriqVersionCheckMozillaPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-1-4 20392]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-4 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-22 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-22 166840]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-10 172032]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-7 21504]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-29 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-29 712048]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-12-18 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-10 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-10 152064]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250808]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-22 65848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-10-20 09:46:18 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{474c04fd-6215-46d9-9f52-705f83c072fc}\mpengine.dll
2012-10-19 14:35:03

---

d

---

w- c:\users\castle96\appdata\local\Macromedia
2012-10-11 09:21:46 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 09:21:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 09:21:10 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 09:21:10 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 09:21:10 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 09:20:59 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 09:20:59 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-23 14:11:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-22 15:34:42 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-10-10 14:32:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 14:32:09 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 11:39:08 139264 --sha-r- c:\users\castle96\appdata\roaming\0ð#pctlspo.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:53:34.07 ===============

TREAT ME GENTLY WITH REPLIES. I DON'T KNOW WHAT I AM DOING HERE ....