Browser search links hijacked

Page 1 of 4 123 ... LastLast

  1. Posts : 14
    Windows 7 Home Premium x65 w service pack 1
       #1

    Browser search links hijacked


    1) IE 8 / Google search results, click on any and get redirected to another site.
    IE 8 / Bing search results, click on any and get redirected to another site.
    Google Chrome, complete a search, click on any and get redirected to another site.
    Mozilla / Google search results, click on any and get redirected to another site.
    Some times, Avast network shield will alert me to threat adn indicate a Malicious URL has been blocked.
    If I enter a URL in the URL text box, I can get to the site.

    2) While IE8 is not running, Avast network shield will display a Malicious URL is blocked. Object 64.111.211.158. I open task manager to find IE is not in the Applicaiton window, but is running as a process. I will end the process (2 of them), then approximately 10 minutes later the ieexplore process shows up again and I here the Avast network shield announce Malicious URL is blocked.

    3) I have tried many recipes to cure this and have made zero progress. For example, Ran TDS Killer (if found nothing), then Flushed DNS cache, then ran TFC, then ran dds ( i have both files), then ESET (it found nothing).

    Please help!
      My Computer


  2. Posts : 1
    Windows 7
       #2

    Hi i had exact same problem with Avast.
    Seems like this is becoming more frequent.
    I eventually got rid of this .
    The Cure is here .
    Malicious URL Blocked.. Annoying problem wont go away.
    Hope this helps
    acuk
      My Computer


  3. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #3

    Hi,

    My suggestion is to follow these instructions posted in a recent security thread by Jacee, once of our Security Experts. In the meantime I'll drop a message to see if Jacee or Corinne (another Security Expert) can help you out with this:

    Download DDS from one of these links:

    Mirror 1 Mirror 2 Mirror 3
    • Disable any script blocking protection <LI sab="1806">Right click the dds icon to run the tool as Administrator
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.

    Regards,
    Golden

    ***EDIT : I sent a message to Jacee and Corinne to have a look at this for you.
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #4

    The URL belongs to United States Isprime Inc
    Do you recognize this ISP?
    Are you file sharing? (P2P)
      My Computer


  5. Posts : 14
    Windows 7 Home Premium x65 w service pack 1
    Thread Starter
       #5

    Jacee, I don't recognize Isprime. No P2P file sharing.

    Golden, Contents of both logs to follow.

    Acuk, Checking your link next.

    Thanks all.


    Code:
    DDS (Ver_2011-06-23.01) - NTFSAMD64 
    Internet Explorer: 8.0.7601.17514
    Run by Cathy at 18:02:56 on 2011-07-05
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6104.4328 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\dleacoms.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
    C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: mlxchange.com\wpn
    Trusted Zone: msn.com\dell
    Trusted Zone: realtytools.com
    Trusted Zone: Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    Trusted Zone: trueforms.com\*
    Trusted Zone: trueforms.com\www
    Trusted Zone: trueformsonline.com\*
    Trusted Zone: trueformsonline.com\www
    DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} - hxxps://www.trueformsonline.com/Downloads/TFLauncher_2/tflauncher.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://wpn.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.northwood.com/_include/common/Aurigma/ImageUploader4.cab
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A} : DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A}\473757E616D696 : DhcpNameServer = 66.255.85.8 66.255.85.9
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO-X64: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64:     Search Helper - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64:     URLRedirectionBHO - No File
    BHO-X64: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\wv4gzxua.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Cathy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-3 42184]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-17 705856]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-7-25 33448]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-05 17:08:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCDDD30-FFD8-472E-B62C-7A201BB20FA2}\mpengine.dll
    2011-07-05 17:02:59 -------- d-----w- C:\Users\Cathy\AppData\Local\{B0998613-16B8-4964-B625-ACCA793D751F}
    2011-07-05 02:33:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{7C4C6A61-2D59-4C51-A9C3-8314B8C886C4}
    2011-07-04 18:38:39 -------- d-----w- C:\Program Files (x86)\ESET
    2011-07-04 17:22:41 864032 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3c2ba3fc9a7a702965c7eeb981442ae190e690dc_cab_12c16fc2\btwdins.exe
    2011-07-04 17:15:03 13824 ----a-w- C:\Windows\System32\ffnd.exe
    2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FreeFixer
    2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Local\FreeFixer
    2011-07-04 16:53:29 -------- d-----w- C:\Program Files\FreeFixer
    2011-07-04 14:33:18 -------- d-----w- C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
    2011-07-04 03:23:04 -------- d-----w- C:\MGtools
    2011-07-04 01:42:51 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
    2011-07-04 01:42:51 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
    2011-07-04 01:42:50 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
    2011-07-04 01:42:50 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
    2011-07-04 01:42:50 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
    2011-07-04 01:42:49 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Simply Super Software
    2011-07-04 01:42:49 -------- d-----w- C:\ProgramData\Simply Super Software
    2011-07-04 01:42:49 -------- d-----w- C:\Program Files (x86)\Trojan Remover
    2011-07-03 23:25:15 -------- d-----w- C:\Windows\System32\SPReview
    2011-07-03 23:24:29 -------- d-----w- C:\Windows\System32\EventProviders
    2011-07-03 23:09:49 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-07-03 23:08:14 -------- d-----w- C:\ProgramData\RegCure
    2011-07-03 22:10:20 -------- d-----w- C:\cComboFix22287c
    2011-07-03 22:05:47 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FixCleaner
    2011-07-03 22:05:37 -------- d-----w- C:\Program Files (x86)\FixCleaner
    2011-07-03 19:35:57 -------- d-----w- C:\Users\Cathy\AppData\Roaming\SUPERAntiSpyware.com
    2011-07-03 18:04:43 98816 ----a-w- C:\Windows\sed.exe
    2011-07-03 18:04:43 518144 ----a-w- C:\Windows\SWREG.exe
    2011-07-03 18:04:43 256000 ----a-w- C:\Windows\PEV.exe
    2011-07-03 18:04:43 208896 ----a-w- C:\Windows\MBR.exe
    2011-07-03 18:03:30 -------- d-----w- C:\cComboFix
    2011-07-03 17:59:57 -------- d-----w- C:\Users\Cathy\AppData\Local\{DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE}
    2011-07-03 16:51:54 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-07-03 16:51:53 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-07-03 16:51:38 40112 ----a-w- C:\Windows\avastSS.scr
    2011-07-03 04:07:39 388096 ----a-r- C:\Users\Cathy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-07-03 04:07:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-07-03 03:42:49 -------- d-----w- C:\Users\Cathy\AppData\Local\{1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A}
    2011-07-03 03:37:22 -------- d-----w- C:\587fdcd6432f26a1a7
    2011-07-03 03:36:22 -------- d-----w- C:\Users\Cathy\AppData\Local\{6F22307F-1E91-48CA-978A-F94E157AD1FC}
    2011-07-03 03:25:28 -------- d-----w- C:\Users\Cathy\AppData\Local\{7E674969-9B23-4E56-BF88-C6C7D494314F}
    2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Windows Live Writer
    2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live Writer
    2011-07-02 18:30:43 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Malwarebytes
    2011-07-02 18:30:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-02 11:47:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{F5BDBC52-89CF-4F86-A914-688D38CA0AF0}
    2011-07-02 06:44:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
    2011-07-02 06:43:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
    2011-07-02 06:42:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-07-02 06:42:54 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-07-02 06:42:54 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-07-02 06:42:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-07-02 06:42:46 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-07-02 06:42:33 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-07-02 06:42:33 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-07-01 12:19:19 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Deployment
    2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Apps
    2011-06-30 22:23:52 -------- d-----w- C:\Windows\en
    2011-06-30 22:21:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2011-06-30 22:21:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2011-06-30 22:21:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2011-06-30 22:21:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2011-06-30 22:20:37 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee46193f1cc37730c\InstallManager_WLE_WLE.exe
    2011-06-30 22:20:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DSETUP.dll
    2011-06-30 22:20:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DXSETUP.exe
    2011-06-30 22:20:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\dsetup32.dll
    2011-06-30 22:20:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DSETUP.dll
    2011-06-30 22:20:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DXSETUP.exe
    2011-06-30 22:20:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\dsetup32.dll
    2011-06-30 22:20:06 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live
    2011-06-30 01:27:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-06-29 23:50:34 -------- d-----w- C:\ProgramData\AVAST Software
    2011-06-29 23:50:34 -------- d-----w- C:\Program Files\AVAST Software
    2011-06-29 22:43:01 -------- d-----w- C:\48f0b1d1bef8a61d3a
    2011-06-16 23:57:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-16 02:09:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-14 02:44:33 -------- d--h--w- C:\Users\Cathy\AppData\Local\Midnight Synergy
    2011-06-14 02:42:57 -------- d-----w- C:\ProgramData\Big Fish Games
    .
    ==================== Find3M  ====================
    .
    2011-07-03 23:34:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-03 23:34:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    .
    ============= FINISH: 18:11:40.26 ===============
     
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/22/2010 7:21:02 PM
    System Uptime: 7/5/2011 5:52:13 PM (1 hours ago)
    .
    Motherboard: Dell Inc. |  | 0G848F
    Processor: Pentium(R) Dual-Core CPU       T4500  @ 2.30GHz | Microprocessor | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 241.036 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP92: 7/3/2011 7:25:04 PM - Windows 7 Service Pack 1
    RP93: 7/4/2011 3:00:11 AM - Windows Update
    RP94: 7/4/2011 1:15:39 PM - Windows Update
    RP95: 7/4/2011 1:58:05 PM - Windows Update
    RP96: 7/5/2011 1:06:22 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Advanced Audio FX Engine
    avast! Free Antivirus
    Banctec Service Agreement
    Bejeweled
    Bejeweled 2 Deluxe
    Bejeweled(R) 3
    Big Fish Games: Game Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cozi
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Toolbar
    Dell Webcam Central
    DirectXInstallService
    EMC 10 Content
    ESET Online Scanner v3
    Fishdom H2O: Hidden Odyssey ™
    FreeFixer
    GamesBar 2.0.1.78
    Gardenscapes™
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    HiJackThis
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Live! Cam Avatar Creator
    LoJack Factory Installer
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PowerDVD DX
    RegCure
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Sonic CinePlayer Decoder Pack
    TelevisionFanatic
    ToolkitCMA
    Trojan Remover 6.8.2
    TrueForms Online 4.6
    TrueForms Online 4.6.0.23
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/5/2011 5:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/5/2011 5:53:14 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
    7/5/2011 5:53:09 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter SABKUTIL
    7/5/2011 5:53:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
    7/5/2011 5:53:00 PM, Error: Service Control Manager [7000]  - The dleaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    7/5/2011 5:49:34 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    7/4/2011 3:01:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2547666).
    7/4/2011 2:19:53 PM, Error: Service Control Manager [7034]  - The Dock Login Service service terminated unexpectedly.  It has done this 1 time(s).
    7/4/2011 1:22:41 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2481121921/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2066051128/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    7/3/2011 6:47:54 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
    7/3/2011 6:45:17 PM, Error: Application Popup [1060]  - \??\C:\cComboFix22287c\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/3/2011 6:04:16 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
    7/3/2011 2:42:33 PM, Error: Application Popup [1060]  - \??\C:\cComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/3/2011 11:34:00 AM, Error: Microsoft Antimalware [3002]  - 
    7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
    7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
    7/3/2011 11:30:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/3/2011 11:30:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/3/2011 11:30:33 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/3/2011 11:30:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/3/2011 11:27:47 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
    7/3/2011 11:26:08 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    7/3/2011 11:25:47 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The vds service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Virtual Disk service failed to start due to the following error:  The service did not start due to a logon failure.
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not start due to a logon failure.
    7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
    7/3/2011 11:19:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}
    7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
    7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
    7/2/2011 9:57:44 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
    7/2/2011 5:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    7/2/2011 2:34:21 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL spldr Wanarpv6
    7/2/2011 2:26:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL spldr Wanarpv6
    7/2/2011 11:54:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
    7/2/2011 11:53:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
    7/2/2011 11:53:26 PM, Error: Service Control Manager [7000]  - The IPsec Policy Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    7/2/2011 11:52:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
    7/2/2011 11:52:56 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    7/1/2011 9:55:51 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    7/1/2011 9:43:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    7/1/2011 8:19:51 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    7/1/2011 10:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
    6/30/2011 8:03:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661).
    6/30/2011 6:36:54 PM, Error: NetBT [4321]  - The name "MSHOME         :1d" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
    6/29/2011 9:13:20 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
    6/29/2011 7:06:43 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/29/2011 7:05:19 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
    6/29/2011 6:53:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/29/2011 6:49:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    6/29/2011 6:45:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
    .
    ==== End Of File ===========================
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #6

    First flush the DNS cache and restore MS's Hosts file:

    Copy and paste these lines in Note pad.

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

    Next, unhide 'hidden files and folders'. From the control panel click on Folder Options, then the "View" tab. Tick 'show hidden objects' and uncheck 'hide extentions for known file types', press "apply" and "okay"

    Now, navigate to
    C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
    upload the data to Jotti's and have it scanned. Save the report and post it back here.
    Jotti's malware scan
      My Computer


  7. Posts : 14
    Windows 7 Home Premium x65 w service pack 1
    Thread Starter
       #7

    Ran Flush, No file in directory


    Ran Flush.bat, no problem.

    There was not a file in the directory you specified.

    I attached a .jpg of the settings page and the empty folder.

    Thanks,
    Attached Thumbnails Attached Thumbnails Browser search links hijacked-settings.jpg   Browser search links hijacked-empty-folder.jpg  
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #8

    Tell me if you're still getting re-directed with a Bing Search or a Google search
      My Computer


  9. Posts : 14
    Windows 7 Home Premium x65 w service pack 1
    Thread Starter
       #9

    Links still redirected


    Still getting redirected with Bing and Google search.
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    Download Combofix from any of the links below, and save it to your desktop.<--Important
    Link 1
    Link 2
    Link 3

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
    • Right click (to run as Administrator) combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    Please be patient while the scan runs, at times it may appear to stall.
    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
    After rebooting ensure your Security applications have been re-enabled.

    In your next reply post:
    ComboFix.txt
      My Computer


 
Page 1 of 4 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:26.
Find Us