1,105,375 Community Members

Google Redirect Virus in MSIE 8

rexesq
Newbie Poster
7 posts since Feb 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
Unverified Member
 
0
 

I appearts that I have the Google Redirect malware somewhere. About 2/3 of the time,when I click on a Google result, I get redirected. This behavior happens only in MSIE; it does not happen in Chrome. I have run Super Antispyware, MS Security Essentials, and MBAM multiple times. SASW finds some cookies but no other malware. MBAM does notshow anything. Neither does Security Essentials. I played around with the Host file but it did not change anything. I also tried disabling the MSIE add-ons but the redirect behavior persisted.

Per the sticky, here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/13/2011 9:56:51 AM
mbam-log-2011-12-13 (09-56-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 498828
Time elapsed: 1 hour(s), 18 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Both GMERone and two logs were empty.

Here are the two DDS scan logs:

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by dcw at 2:24:13 on 2011-12-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1005 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\UnHackMe\regruninfo.exe
C:\Program Files (x86)\UnHackMe\reanimator.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\dcw\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dcw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.bigseekpro.com/hypercam/{EC735098-7000-46AE-AB99-E6557A6C6B5F}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
mURLSearchHooks: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {33e9369a-6ec4-1afa-4b5a-456b799772a4} - C:\Windows\SysWOW64\dwmaapi.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{D5BE0425-872C-4F01-A2D1-9D23029FA11E} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{FB4A8BCB-31F6-43A0-8399-7CBFE70D6667} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{FB4A8BCB-31F6-43A0-8399-7CBFE70D6667}\828496C647F6E69202269702C4561607E4564777F627B637E2E65647 : DhcpNameServer = 66.255.85.8 4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Windows Live ID Sign-in Helper: {33E9369A-6EC4-1AFA-4B5A-456B799772A4} - C:\Windows\SysWOW64\dwmaapi.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
BHO-X64: Tucows Downloads - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No File
BHO-X64: BHO Project - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Tucows Downloads Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - C:\Program Files (x86)\Tucows_Downloads\prxtbTuco.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106518&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Tucows Downloads Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106518&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z058&partner_id=300&product_id=409&affiliate_id=&channel=VLCTLNSINGLE04_NCEX_PLUSY&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110409&user_guid=D16DB677FA5A4DB295A3C8EEA5E34361&machine_id=df3e61d53998474abe478d950aa65c13&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}\components\RadioWMPCoreGecko9.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
FF - component: C:\Users\dcw\AppData\Roaming\Mozilla\Firefox\Profiles\yo2jnf7p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: GetDislike: codec@codec.com - C:\Program Files (x86)\Mozilla Firefox\extensions\codec@codec.com
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Shop to Win: {ebcfd043-312f-448d-96f4-25ba0f1ea646} - %profile%\extensions\{ebcfd043-312f-448d-96f4-25ba0f1ea646}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: ShopToWin22: {7cd0c597-24e0-45b0-8bde-2e79b3fc0499} - %profile%\extensions\{7cd0c597-24e0-45b0-8bde-2e79b3fc0499}
FF - Ext: SocialRibbons LP5: {3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c} - %profile%\extensions\{3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c}
FF - Ext: IMinent Toolbar: {C9B68337-E93A-44EA-94DC-CB300EC06444} - %profile%\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Tucows Downloads Community Toolbar: {bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d} - %profile%\extensions\{bde6f3a2-2ce8-4430-94e0-cd4ce39eeb0d}
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-28 14904]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-12-11 133944]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-10-28 306232]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664]
S2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-14 06:48:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70B483C6-50D4-4C81-A262-4B8008C8708D}\offreg.dll
2011-12-14 06:48:44 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70B483C6-50D4-4C81-A262-4B8008C8708D}\mpengine.dll
2011-12-13 03:34:19 39192 ----a-w- C:\Windows\SysWow64\Partizan.exe
2011-12-12 13:06:37 24416 ----a-w- C:\Windows\SysWow64\drivers\regguard.sys
2011-12-12 13:01:39 438 ----a-w- C:\Windows\SysWow64\PARTIZAL.EXE
2011-12-12 13:00:59 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-12-12 12:59:17 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2011-12-12 12:59:13 2 --shatr- C:\Windows\winstart.bat
2011-12-12 12:59:05 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-12-12 12:58:50 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-12-11 19:28:51 216376 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2011-12-11 19:28:50 133944 ----a-w- C:\Windows\SysWow64\atashost.exe
2011-12-11 19:28:37 -------- d-----w- C:\ProgramData\WebEx
2011-12-11 04:11:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-11 02:57:26 98816 ----a-w- C:\Windows\sed.exe
2011-12-11 02:57:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-11 02:57:26 256000 ----a-w- C:\Windows\PEV.exe
2011-12-11 02:57:26 208896 ----a-w- C:\Windows\MBR.exe
2011-12-11 02:29:27 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-11 02:29:25 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-12-11 02:28:52 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-10 21:34:57 -------- d-----w- C:\Program Files\Elantech
2011-12-03 04:59:58 -------- d-----w- C:\Windows\SysWow64\3083
2011-11-28 22:38:12 -------- d-----w- C:\Program Files (x86)\Activision
2011-11-28 02:43:50 -------- d-----w- C:\Users\dcw\AppData\Local\Conduit
2011-11-28 02:43:48 -------- d-----w- C:\Program Files (x86)\Tucows_Downloads
2011-11-27 02:46:10 -------- d-----w- C:\Program Files\Linksys
2011-11-26 16:35:32 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-11-24 04:41:22 -------- d-sh--w- C:\Windows\ftpcache
.
==================== Find3M ====================
.
2011-12-05 05:32:49 1056 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-12-02 07:23:21 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-24 18:12:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 03:07:06 151552 ----a-w- C:\Windows\KMSEmulator.exe
2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-19 07:07:44 17920 ----a-w- C:\Windows\System32\bdmjpeg64.dll
2011-09-19 07:07:36 62976 ----a-w- C:\Windows\System32\bdmpega64.acm
2011-09-19 07:07:30 62464 ----a-w- C:\Windows\System32\bdmpegv64.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 2:26:59.32 ===============

Here is the DDS Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/6/2010 4:12:28 AM
System Uptime: 12/13/2011 1:02:57 AM (25 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K50IJ
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | Socket 478 | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 48.372 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslba073ef0
Device ID: ROOT\LEGACY_MPKSLBA073EF0\0000
Manufacturer:
Name: MpKslba073ef0
PNP Device ID: ROOT\LEGACY_MPKSLBA073EF0\0000
Service: MpKslba073ef0
.
==== System Restore Points ===================
.
RP644: 12/6/2011 12:03:01 AM - Scheduled Checkpoint
RP645: 12/8/2011 8:06:43 AM - Windows Update
RP646: 12/10/2011 9:57:34 PM - ComboFix created restore point
RP647: 12/11/2011 2:06:03 PM - Windows Update
RP648: 12/12/2011 8:03:56 AM - RegRun Virus Scan
RP649: 12/12/2011 8:06:04 AM - RegRun Virus Scan
RP650: 12/12/2011 10:16:31 PM - RegRun Virus Scan
RP651: 12/12/2011 10:31:00 PM - RegRun Virus Scan
RP652: 12/12/2011 10:39:19 PM - RegRun Virus Scan
.
==== Installed Programs ======================
.
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)
Abacus Accounting
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Adobe AIR
Adobe Audition 3.0
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 9.4.6 MUI
Adobe Shockwave Player 11.5
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS Ai Charger
ASUS CopyProtect
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
Asus_Camera_ScreenSaver
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Media
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 6.1
BufferChm
C7200
C7200_Help
Call of Duty(R) 4 - Modern Warfare(TM)
Conduit Engine
Copy
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Fax
Garmin USB Drivers
Garmin WebUpdater
GetDislike
GOM Player
Google Chrome
Google Update Helper
GPBaseService2
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
Java Auto Updater
LinksysEasyLinkAdvisor
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678)
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office Groove MUI (English) 2010
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office OneNote MUI (Thai) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665)
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft PhotoDraw 2000 V2
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox (3.6.20)
MSXML 4.0 SP2 (KB954430)
PDF Settings CS5
PDFCreator
Platform
PPT2DVD
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
Pure Networks Platform
PxMergeModule
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skypeâ„¢ 5.5
SmartWebPrinting
SolutionCenter
Status
Suunto Dive Manager 3.0.0
Toolbox
TrayApp
Tucows Downloads Toolbar
UltraVNC v1.0.2
UnHackMe 5.99 release
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Manager
Vegas Movie Studio Platinum 9.0
VIA Platform Device Manager
WebEx
WebReg
Wireless Console 3
WordPerfect Office X3
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 4:35:31 AM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
12/8/2011 2:37:45 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
12/7/2011 12:04:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
12/13/2011 6:45:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/13/2011 3:12:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.856.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/12/2011 8:02:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2011 5:32:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2011 10:34:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2011 10:34:08 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
12/12/2011 10:33:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FastBootAgent service to connect.
12/12/2011 10:33:55 PM, Error: Service Control Manager [7000] - The FastBootAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2011 10:31:50 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/12/2011 10:24:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2011 4:13:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/11/2011 3:08:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
12/11/2011 2:34:03 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/11/2011 2:32:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/10/2011 9:57:14 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/10/2011 9:48:55 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
12/10/2011 9:48:55 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2011 8:54:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/10/2011 11:10:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2011 10:10:37 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/10/2011 10:09:01 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/10/2011 10:08:32 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.100.104 with the system having network hardware address 00-23-15-C3-2F-4C. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

rexesq
Newbie Poster
7 posts since Feb 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
Unverified Member
 
0
 

One other weird thing: My webcam is now upside down, which first manifested when the redirecting started.

Member Avatar
alex.kerchner
Newbie Poster
1 post since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

You're better off running hijack this (if you can get it onto a thumbdrive and trasfer, as the pain in the ### redirects stop you from getting or using real software). You can post the results to the guys that run the 'hijack this'... super nerds. I'm a tech but sh*t they got me beat.

I'm dealing with something nasty as well right now for the second time this year. Check out some of the stuff linux has out... you can run a complete OS right off a CD or thumbdrive without even touching the hard drive. Ubuntu is the most like windows and most popular flavor... no more reintalling or looking for drivers. They all come preinstalled. Anyway, thatz what I used to clean my virus inflicted immenent hard drive failure. The virus was in my BIOS (a rootkit)... was a nasty nasty #######. Some people were actually replacing their BIOS CHIPS!!!

I'm a fighter though, so after two months I figured out that I had to pull the cmos battery and cycle the power, bc it stayed in RAM, and I had to immmediately keep punching the function button for the boot menu. Only then could I boot a linux based OS off a cd and REFLASH THE BIOS... It was on several of my machines. One thing that helped get rid of the original virus was upgading to Win7 temporarily (on the machines that would recognize my CD/DVD drives that went MIA on other machines.

What you're dealing with may be similar bc the way mine started out was redirection. The more I tried to downoad fixes from anywhere, the worse it got until it crashed my original machine. Oh here's the best part, it wouldn't let me reinstall xp or run any of the fixes to my HD. Running FDISK led to the hard drive saying at 50% it was going to fail, it wasn't malfunctioning bc of a harware issue, trust me.

Anyway, the point is: don't be OCD like me and try to download every WINDOWS fix in the world because you may end up with a doorstopper or paperweight. I almost had a few.

Get advice from professionsls (ie hijack this) if you can, before trying anything else. Maybe all you need is a good DoD wipe of the hard drive, and a fresh OS install... i dunno, just my thoughts and experience. hope you find(found) help... maybe this will help someone if not you.

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article