Jump to content
Sign in to follow this  
amaasing

Search Redirects

Recommended Posts

I have been trying to eliminate this for a couple of weeks now and have not been successful. I run Windows 7 64 bit, IE 8, but mostly use Chrome. Google is my default Search engine. When executing a search and selecting a link shown, many times I am re-directed to a completely different site. Example: Search for 'Malware'. See PCTools as the top Sponsored Link and click on it. I will be taken anywhere but to PCTools site. Today I was taken to AreaConnet Yellow Pages, PC Security Shield, just to name a few. With IE, I was never able to get to PCTools. With Chrome, I could get to it after closing the tab that opened with the re-direct and clicking on the link one more time.

 

In addition, many times when I attempt to navigate through a site, a new tab will open to a re-directed site. However, going back to the original tab, I am where the link was suppose to go. It's like popups.....but taking you to sites instead.

 

I have used Cuil Search Engine and so far have not been redirected, but let's face it.....don't want to use that Search Engine. :(

 

Have ran SuperAntiSpyware along with MalwareBytes and found nothing. Use Avast! and nothing there either. Can't use a lot of the standard rootkit tools since I am 64 bit. Also, my son's PC is infected as well, but I haven't started trying to clean his. My point there is that he 'appears' to have been infected first (but can't be sure) and we are on a home network, so don't know if that is an issue or not. I have never NOT been able to remove crap from our PCs before now since I am an IT professional and am quite comfortable doing things to my PC. But nothing I do finds this baby......so Help Me, Obi Wan, you are my only hope.

 

Thanks for the help in advance. As instructed, the DDS and Attach files are below.

 

DDS.txt

 

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Grace at 10:42:05.73 on Sun 06/13/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6836 [GMT -6:00]

 

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenSurvey\NielsenUninstallModule.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Grace\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Grace\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Grace\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Grace\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\freecorder\tbFree.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 8\SnagItBHO.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\freecorder\tbFree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files (x86)\google\chrome frame\application\5.0.375.62\npchrome_frame.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\freecorder\tbFree.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 8\SnagItIEAddin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [Google Update] "c:\users\grace\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [dellsupportcenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Google Quick Search Box] "c:\program files (x86)\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Freecorder FLV Service] "c:\program files (x86)\freecorder\FLVSrvc.exe" /run

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files (x86)\virtualclonedrive\VCDDaemon.exe" /s

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NSWatchDog] c:\progra~2\netrat~1\netsight\nielse~1\NIELSE~1.EXE &PT=MP&MI=60672797977&OS=Microsoft_Windows_7_version_6.1

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Save Flash In This Page by Flash Saver - c:\progra~2\flashs~1\save.htm

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~2\flashs~1\save.htm

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files (x86)\google\chrome frame\application\5.0.375.62\npchrome_frame.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files (x86)\techsmith\snagit 8\dllx64\SnagItBHO64.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

 

============= SERVICES / DRIVERS ===============

 

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-16 53488]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-12 121936]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/21 20:27:11];c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2009-11-21 146928]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-11-21 92160]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-12 22096]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-12 63568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-4-28 120832]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y60x64.sys [2009-6-10 281088]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-29 135664]

 

=============== Created Last 30 ================

 

2010-06-13 15:57:20 0 d-----w- c:\programdata\PCPitstop

2010-06-13 15:54:08 0 d-----w- c:\program files (x86)\Trend Micro

2010-06-13 09:04:52 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-06-13 09:04:52 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-06-12 17:53:17 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-12 17:53:16 0 ----a-w- c:\windows\syswow64\config.nt

2010-06-12 17:52:14 38848 ----a-w- c:\windows\syswow64\avastSS.scr

2010-06-12 17:52:14 165032 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-06-12 17:52:12 0 d-----w- c:\programdata\Alwil Software

2010-06-12 17:52:12 0 d-----w- c:\program files\Alwil Software

2010-06-12 17:28:59 91648 ----a-w- c:\windows\syswow64\avifil32.dll

2010-06-12 17:24:57 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-06-12 17:24:57 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-06-12 17:24:57 139264 ----a-w- c:\windows\system32\cabview.dll

2010-06-12 17:24:57 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-06-09 13:59:02 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-06-09 13:59:02 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-06-09 13:59:02 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-06-09 13:59:02 145184 ----a-w- c:\windows\syswow64\java.exe

2010-06-06 23:22:08 148398 ----a-w- C:\MGlogs.zip

2010-06-06 23:22:07 0 d-----w- C:\MGtools

2010-06-06 22:03:30 0 d-----w- c:\users\grace\appdata\roaming\SUPERAntiSpyware.com

2010-06-06 22:03:30 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-06-06 22:03:26 0 d-----w- c:\programdata\SASCORE

2010-06-06 22:03:25 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-06 21:52:12 2392974 ----a-w- C:\MGtools.exe

2010-06-06 21:07:08 0 d-----w- c:\program files (x86)\CCleaner

2010-06-06 20:25:30 0 d-----w- c:\program files (x86)\Sophos

2010-06-06 17:29:39 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-06-06 16:11:14 0 d-----w- c:\users\grace\appdata\roaming\Malwarebytes

2010-06-06 16:11:06 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-06 16:11:06 0 d-----w- c:\programdata\Malwarebytes

2010-06-06 16:11:06 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-06-05 23:50:23 0 d--h--w- C:\VritualRoot

2010-06-05 23:49:59 0 d-----w- c:\programdata\COMODO

2010-06-05 23:49:32 792992 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-06-05 15:55:13 0 d-----w- c:\program files (x86)\SDHelper (Spybot - Search & Destroy)

2010-06-05 15:55:13 0 d-----w- c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)

2010-06-05 15:55:13 0 d-----w- c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)

2010-06-05 15:30:03 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-06-05 15:03:02 218112 ----a-w- c:\program files (x86)\HijackThis.exe

2010-05-19 04:15:35 0 d-----w- c:\programdata\Comodo Downloader

2010-05-15 16:41:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk64_01009.Wdf

2010-05-15 16:37:15 0 d-----w- c:\program files (x86)\NetRatingsNetSight

 

==================== Find3M ====================

 

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-16 14:01:07 70984 ----a-w- c:\users\grace\g2mdlhlpx.exe

2010-04-03 20:47:19 249856 ------w- c:\windows\Setup1.exe

2010-04-03 20:47:18 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-03-18 15:42:23 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 10:42:44.15 ===============

 

Attach.txt

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 11/21/2009 8:21:13 PM

System Uptime: 6/13/2010 10:28:18 AM (0 hours ago)

 

Motherboard: Dell Inc. | | 0R849J

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 1974/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 581 GiB total, 428.204 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 8.012 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is FIXED (FAT32) - 233 GiB total, 143.675 GiB free.

H: is Removable

I: is Removable

J: is Removable

K: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 6980 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet 6980 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

 

==== System Restore Points ===================

 

RP19: 2/16/2010 - Scheduled Checkpoint

RP20: 2/24/2010 - Scheduled Checkpoint

RP21: 3/4/2010 - Scheduled Checkpoint

RP22: 3/12/2010 - Scheduled Checkpoint

RP24: 4/2/2010 10:01:41 AM - Installed Oblivion

RP23: 4/2/2010 10:01:41 AM - Installed DirectX 9.0

RP25: 4/3/2010 10:29:57 PM - Removed Windows Live Sign-in Assistant

RP26: 4/3/2010 10:30:43 PM - Removed Windows Live Sync

RP27: 4/3/2010 10:31:06 PM - Removed Windows Live Upload Tool

RP28: 4/4/2010 9:15:05 AM - Device Driver Package Install: Elaborate Bytes AG Storage controllers

RP29: 4/12/2010 - Scheduled Checkpoint

RP30: 4/16/2010 12:01:55 AM - Installed Java™ 6 Update 18

RP31: 4/16/2010 12:02:47 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

RP32: 4/16/2010 12:03:36 AM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

RP33: 4/16/2010 12:04:14 AM - Installed OpenOffice.org 3.2

RP34: 4/17/2010 5:53:45 PM - Installed Norton Online Backup

RP35: 4/24/2010 8:59:23 PM - Scheduled Checkpoint

RP36: 4/25/2010 3:42:51 PM - Installed HP Install Network Printer Wizard

RP37: 5/3/2010 - Scheduled Checkpoint

RP38: 5/10/2010 1:09:11 AM - Scheduled Checkpoint

RP39: 5/18/2010 12:44:00 AM - Scheduled Checkpoint

RP40: 5/18/2010 7:37:41 PM - Removed Norton Online Backup

RP41: 5/18/2010 10:19:18 PM - Installed COMODO Internet Security

RP42: 5/26/2010 12:00:01 AM - Scheduled Checkpoint

RP43: 6/3/2010 12:31:23 AM - Scheduled Checkpoint

RP44: 6/5/2010 9:57:53 AM - Spybot-S&D Spyware removal

RP45: 6/6/2010 11:04:45 AM - Removed AVG Free 9.0

RP46: 6/6/2010 11:09:11 AM - Removed COMODO Internet Security

RP47: 6/6/2010 11:14:52 AM - Removed COMODO livePCsupport

RP48: 6/6/2010 11:29:30 AM - Windows Update

RP49: 6/9/2010 7:51:43 AM - Removed Java™ 6 Update 18

RP50: 6/9/2010 7:58:40 AM - Installed Java™ 6 Update 20

RP51: 6/12/2010 11:25:36 AM - Windows Update

RP52: 6/12/2010 11:51:54 AM - avast! Free Antivirus Setup

RP53: 6/13/2010 3:00:23 AM - Windows Update

RP54: 6/13/2010 9:53:54 AM - Installed HiJackThis

 

==== Installed Programs ======================

 

7-Zip 4.65

Acrobat.com

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Amazon Kindle For PC v1.0

AnalogX POW!

Apophysis 2.0

avast! Free Antivirus

Beyond Divinity V1.0

BufferChm

CamStudio

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

ccc-core-static

CCC Help English

CCleaner

CustomerResearchQFolder

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Video Chat

Destinations

DeviceManagementQFolder

Divine Divinity

dj6980

eSupportQFolder

FileZilla Client 3.3.0.1

Flash Saver

Free Studio version 4.2

Free Video to Flash Converter version 4.2

Freecorder 4.0 Application

Freecorder Toolbar

GIMP 2.6.8

Google Chrome

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

HiJackThis

HijackThis 1.99.1

HP Install Network Printer Wizard

HP Photosmart Essential

HP Product Detection

HP Update

HPProductAssistant

HPSSupply

InfraRecorder

IrfanView (remove only)

Jasc Paint Shop Pro 9

Java Auto Updater

Java™ 6 Update 20

Junk Mail filter update

K-Lite Codec Pack 5.4.4 (Basic)

LP6980_Help

LP6980Trb

Malwarebytes' Anti-Malware

MarketResearch

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ Run Time Lib Setup

Morrowind

MSVCRT

Oblivion

Open Workbench

OpenOffice.org 3.2

OpenProj

PDF Reader 2

PDFZilla V1.2.7

PowerDVD DX

Pyramid Challenge

Realtek High Definition Audio Driver

Replay Video Capture

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

SF_CDB_ProductContext

SF_CDB_Software

SnagIt 8

SolutionCenter

Sophos Anti-Rootkit 1.5.4

Status

Supercast

SWF Optimizer

TES Construction Set

Toolbox

TrayApp

Uninstall 1.0.0.1

UnloadSupport

Visual C++ 8.0 Runtime Setup Package (x64)

WebReg

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

 

==== Event Viewer Messages From Past Week ========

 

6/9/2010 8:41:58 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\38B5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/9/2010 8:02:40 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\F1F4.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/9/2010 4:13:13 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading

6/9/2010 4:13:13 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\E199.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/9/2010 3:35:38 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\AE29.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/6/2010 2:50:27 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\99E2.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/6/2010 2:25:50 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\61B2.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/6/2010 10:18:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 prohlp02 prosync1 sfhlp01

6/13/2010 12:45:04 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/13/2010 12:45:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/13/2010 12:45:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/13/2010 12:45:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/13/2010 12:44:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/13/2010 12:44:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache inspect nnfwdk prodrv06 prohlp02 prosync1 SASDIFSV SASKUTIL sfhlp01 spldr Wanarpv6

6/13/2010 12:22:24 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/13/2010 12:22:22 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/13/2010 12:22:22 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 12:22:06 AM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 10:29:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqcxs08 service to connect.

6/13/2010 10:29:27 AM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/13/2010 10:29:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: inspect prodrv06 prohlp02 prosync1 sfhlp01

6/13/2010 10:29:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

6/13/2010 10:29:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.

6/13/2010 10:29:12 AM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/13/2010 10:28:48 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

6/13/2010 10:28:48 AM, Error: atikmdag [43029] - Display is not active

6/13/2010 10:28:30 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/13/2010 1:36:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi,

 

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:

    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Share this post


Link to post
Share on other sites

Thank you so much for your reply. However, I was able to get this fixed just last night, so please close this post.

 

I do thank you for your time though. I know you volunteer and I do appreciate what you do.

 

Thanks.

 

By the way, the malicious element was in my home network router. I disconnected all PCs from the router, ran MalwareBytes to see if anything was there on each PC, then did a hard re-set of the router. Connected everything back up, changed my login / password on the router and am now surfing without re-directs on all PCs. I have also followed the instructions on this site for updating my protection, so again......thanks for the help there.

 

gg

Edited by amaasing

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×