Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Browser search links hijacked

04 Jul 2011   #1
trie66

Windows 7 Home Premium x65 w service pack 1
 
 
Browser search links hijacked

1) IE 8 / Google search results, click on any and get redirected to another site.
IE 8 / Bing search results, click on any and get redirected to another site.
Google Chrome, complete a search, click on any and get redirected to another site.
Mozilla / Google search results, click on any and get redirected to another site.
Some times, Avast network shield will alert me to threat adn indicate a Malicious URL has been blocked.
If I enter a URL in the URL text box, I can get to the site.

2) While IE8 is not running, Avast network shield will display a Malicious URL is blocked. Object 64.111.211.158. I open task manager to find IE is not in the Applicaiton window, but is running as a process. I will end the process (2 of them), then approximately 10 minutes later the ieexplore process shows up again and I here the Avast network shield announce Malicious URL is blocked.

3) I have tried many recipes to cure this and have made zero progress. For example, Ran TDS Killer (if found nothing), then Flushed DNS cache, then ran TFC, then ran dds ( i have both files), then ESET (it found nothing).

Please help!


My System SpecsSystem Spec
.
05 Jul 2011   #2
acuk

Windows 7
 
 

Hi i had exact same problem with Avast.
Seems like this is becoming more frequent.
I eventually got rid of this .
The Cure is here .
Malicious URL Blocked.. Annoying problem wont go away.
Hope this helps
acuk
My System SpecsSystem Spec
05 Jul 2011   #3
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

My suggestion is to follow these instructions posted in a recent security thread by Jacee, once of our Security Experts. In the meantime I'll drop a message to see if Jacee or Corinne (another Security Expert) can help you out with this:

Download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection <LI sab="1806">Right click the dds icon to run the tool as Administrator
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.

Regards,
Golden

***EDIT : I sent a message to Jacee and Corinne to have a look at this for you.
My System SpecsSystem Spec
.

05 Jul 2011   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The URL belongs to United States Isprime Inc
Do you recognize this ISP?
Are you file sharing? (P2P)
My System SpecsSystem Spec
05 Jul 2011   #5
trie66

Windows 7 Home Premium x65 w service pack 1
 
 

Jacee, I don't recognize Isprime. No P2P file sharing.

Golden, Contents of both logs to follow.

Acuk, Checking your link next.

Thanks all.


Code:
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Cathy at 18:02:56 on 2011-07-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6104.4328 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: mlxchange.com\wpn
Trusted Zone: msn.com\dell
Trusted Zone: realtytools.com
Trusted Zone: Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: trueforms.com\*
Trusted Zone: trueforms.com\www
Trusted Zone: trueformsonline.com\*
Trusted Zone: trueformsonline.com\www
DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} - hxxps://www.trueformsonline.com/Downloads/TFLauncher_2/tflauncher.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://wpn.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.northwood.com/_include/common/Aurigma/ImageUploader4.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A}\473757E616D696 : DhcpNameServer = 66.255.85.8 66.255.85.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\wv4gzxua.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cathy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-3 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-17 705856]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-7-25 33448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-07-05 17:08:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCDDD30-FFD8-472E-B62C-7A201BB20FA2}\mpengine.dll
2011-07-05 17:02:59 -------- d-----w- C:\Users\Cathy\AppData\Local\{B0998613-16B8-4964-B625-ACCA793D751F}
2011-07-05 02:33:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{7C4C6A61-2D59-4C51-A9C3-8314B8C886C4}
2011-07-04 18:38:39 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-04 17:22:41 864032 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3c2ba3fc9a7a702965c7eeb981442ae190e690dc_cab_12c16fc2\btwdins.exe
2011-07-04 17:15:03 13824 ----a-w- C:\Windows\System32\ffnd.exe
2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FreeFixer
2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Local\FreeFixer
2011-07-04 16:53:29 -------- d-----w- C:\Program Files\FreeFixer
2011-07-04 14:33:18 -------- d-----w- C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
2011-07-04 03:23:04 -------- d-----w- C:\MGtools
2011-07-04 01:42:51 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2011-07-04 01:42:51 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2011-07-04 01:42:50 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2011-07-04 01:42:50 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2011-07-04 01:42:50 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2011-07-04 01:42:49 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Simply Super Software
2011-07-04 01:42:49 -------- d-----w- C:\ProgramData\Simply Super Software
2011-07-04 01:42:49 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2011-07-03 23:25:15 -------- d-----w- C:\Windows\System32\SPReview
2011-07-03 23:24:29 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-03 23:09:49 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-03 23:08:14 -------- d-----w- C:\ProgramData\RegCure
2011-07-03 22:10:20 -------- d-----w- C:\cComboFix22287c
2011-07-03 22:05:47 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FixCleaner
2011-07-03 22:05:37 -------- d-----w- C:\Program Files (x86)\FixCleaner
2011-07-03 19:35:57 -------- d-----w- C:\Users\Cathy\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 18:04:43 98816 ----a-w- C:\Windows\sed.exe
2011-07-03 18:04:43 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-03 18:04:43 256000 ----a-w- C:\Windows\PEV.exe
2011-07-03 18:04:43 208896 ----a-w- C:\Windows\MBR.exe
2011-07-03 18:03:30 -------- d-----w- C:\cComboFix
2011-07-03 17:59:57 -------- d-----w- C:\Users\Cathy\AppData\Local\{DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE}
2011-07-03 16:51:54 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 16:51:53 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 16:51:38 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 04:07:39 388096 ----a-r- C:\Users\Cathy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-03 04:07:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-03 03:42:49 -------- d-----w- C:\Users\Cathy\AppData\Local\{1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A}
2011-07-03 03:37:22 -------- d-----w- C:\587fdcd6432f26a1a7
2011-07-03 03:36:22 -------- d-----w- C:\Users\Cathy\AppData\Local\{6F22307F-1E91-48CA-978A-F94E157AD1FC}
2011-07-03 03:25:28 -------- d-----w- C:\Users\Cathy\AppData\Local\{7E674969-9B23-4E56-BF88-C6C7D494314F}
2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Windows Live Writer
2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live Writer
2011-07-02 18:30:43 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Malwarebytes
2011-07-02 18:30:34 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-02 11:47:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{F5BDBC52-89CF-4F86-A914-688D38CA0AF0}
2011-07-02 06:44:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
2011-07-02 06:43:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2011-07-02 06:42:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-02 06:42:54 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-02 06:42:54 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-02 06:42:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-02 06:42:46 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-02 06:42:33 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-02 06:42:33 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-01 12:19:19 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Deployment
2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Apps
2011-06-30 22:23:52 -------- d-----w- C:\Windows\en
2011-06-30 22:21:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-06-30 22:21:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-06-30 22:21:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-06-30 22:21:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-06-30 22:20:37 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee46193f1cc37730c\InstallManager_WLE_WLE.exe
2011-06-30 22:20:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DSETUP.dll
2011-06-30 22:20:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DXSETUP.exe
2011-06-30 22:20:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\dsetup32.dll
2011-06-30 22:20:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DSETUP.dll
2011-06-30 22:20:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DXSETUP.exe
2011-06-30 22:20:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\dsetup32.dll
2011-06-30 22:20:06 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live
2011-06-30 01:27:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-29 23:50:34 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-29 23:50:34 -------- d-----w- C:\Program Files\AVAST Software
2011-06-29 22:43:01 -------- d-----w- C:\48f0b1d1bef8a61d3a
2011-06-16 23:57:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-16 02:09:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 02:44:33 -------- d--h--w- C:\Users\Cathy\AppData\Local\Midnight Synergy
2011-06-14 02:42:57 -------- d-----w- C:\ProgramData\Big Fish Games
.
==================== Find3M  ====================
.
2011-07-03 23:34:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-03 23:34:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 18:11:40.26 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2010 7:21:02 PM
System Uptime: 7/5/2011 5:52:13 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium(R) Dual-Core CPU       T4500  @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 241.036 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 7/3/2011 7:25:04 PM - Windows 7 Service Pack 1
RP93: 7/4/2011 3:00:11 AM - Windows Update
RP94: 7/4/2011 1:15:39 PM - Windows Update
RP95: 7/4/2011 1:58:05 PM - Windows Update
RP96: 7/5/2011 1:06:22 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Advanced Audio FX Engine
avast! Free Antivirus
Banctec Service Agreement
Bejeweled
Bejeweled 2 Deluxe
Bejeweled(R) 3
Big Fish Games: Game Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Toolbar
Dell Webcam Central
DirectXInstallService
EMC 10 Content
ESET Online Scanner v3
Fishdom H2O: Hidden Odyssey ™
FreeFixer
GamesBar 2.0.1.78
Gardenscapes™
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
RegCure
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sonic CinePlayer Decoder Pack
TelevisionFanatic
ToolkitCMA
Trojan Remover 6.8.2
TrueForms Online 4.6
TrueForms Online 4.6.0.23
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/5/2011 5:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/5/2011 5:53:14 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
7/5/2011 5:53:09 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter SABKUTIL
7/5/2011 5:53:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
7/5/2011 5:53:00 PM, Error: Service Control Manager [7000]  - The dleaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/5/2011 5:49:34 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/4/2011 3:01:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2547666).
7/4/2011 2:19:53 PM, Error: Service Control Manager [7034]  - The Dock Login Service service terminated unexpectedly.  It has done this 1 time(s).
7/4/2011 1:22:41 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2481121921/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2066051128/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 6:47:54 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/3/2011 6:45:17 PM, Error: Application Popup [1060]  - \??\C:\cComboFix22287c\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/3/2011 6:04:16 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
7/3/2011 2:42:33 PM, Error: Application Popup [1060]  - \??\C:\cComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/3/2011 11:34:00 AM, Error: Microsoft Antimalware [3002]  - 
7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:30:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/3/2011 11:30:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/3/2011 11:30:33 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/3/2011 11:30:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/3/2011 11:27:47 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:26:08 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/3/2011 11:25:47 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The vds service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Virtual Disk service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}
7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
7/2/2011 9:57:44 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
7/2/2011 5:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/2/2011 2:34:21 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 2:26:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 11:54:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 11:53:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
7/2/2011 11:53:26 PM, Error: Service Control Manager [7000]  - The IPsec Policy Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/2/2011 11:52:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
7/2/2011 11:52:56 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/1/2011 9:55:51 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/1/2011 9:43:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/1/2011 8:19:51 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/1/2011 10:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
6/30/2011 8:03:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661).
6/30/2011 6:36:54 PM, Error: NetBT [4321]  - The name "MSHOME         :1d" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
6/29/2011 9:13:20 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
6/29/2011 7:06:43 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/29/2011 7:05:19 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
6/29/2011 6:53:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/29/2011 6:49:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/29/2011 6:45:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
.
==== End Of File ===========================
My System SpecsSystem Spec
06 Jul 2011   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

First flush the DNS cache and restore MS's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Next, unhide 'hidden files and folders'. From the control panel click on Folder Options, then the "View" tab. Tick 'show hidden objects' and uncheck 'hide extentions for known file types', press "apply" and "okay"

Now, navigate to
C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
upload the data to Jotti's and have it scanned. Save the report and post it back here.
Jotti's malware scan
My System SpecsSystem Spec
06 Jul 2011   #7
trie66

Windows 7 Home Premium x65 w service pack 1
 
 
Ran Flush, No file in directory

Ran Flush.bat, no problem.

There was not a file in the directory you specified.

I attached a .jpg of the settings page and the empty folder.

Thanks,


Attached Thumbnails
Browser search links hijacked-empty-folder.jpg  
Attached Images
Browser search links hijacked-settings.jpg 
My System SpecsSystem Spec
06 Jul 2011   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Tell me if you're still getting re-directed with a Bing Search or a Google search
My System SpecsSystem Spec
07 Jul 2011   #9
trie66

Windows 7 Home Premium x65 w service pack 1
 
 
Links still redirected

Still getting redirected with Bing and Google search.
My System SpecsSystem Spec
07 Jul 2011   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Right click (to run as Administrator) combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
My System SpecsSystem Spec
Reply

 Browser search links hijacked




Thread Tools




Similar help and support threads
Thread Forum
links is missing when pasting text with links in any browser or office
Hi, When I'm copying text withe links from the web and trying to paste it, The links is missing. I try to paste it into word or excel, and in all kinds of html editors in all browsers but the links are still missing. only text is shown. Is anybody here knows how to fix it? Tx very much...
Browsers & Mail
My IE11 Google browser has been Hijacked!?
Yesterday when I opened IE11 (fully win updated) after a cold startup, I noticed that the "Install Google Chrome" button was missing (FF27.01 too)? Then when I went to browse Redbox, nothing was showing properly (very slow/garbled!))? I rebooted & ran negative KIS2013 Full/Critical/rootkit scans....
System Security
hijacked links
can anyone please help me!!!! Every time I click a link on a webpage I get hijacked to a different page (usually selling some rubbish) how on earth do I stop this from happening I do not have a virus or anything nasty on my computer and all my security is totally up to date. Please somebody help...
System Security
My IE 10 browser has been hijacked
Thank goodness I have the Chrome browser. My IE will not open pages. When I place my cursor in the address bar and enter any address (e.g.: google.com), the cursor jumps back to the beginning of the address and nothing happens. I have done a full scan with MSE: nothing found Ran ADW cleaner...
System Security
IE Browser hijacked: suspect Delta search is the culprit
I have done the following without any success Ran ADW cleaner at least 3 times and restarted each time Ran thorough scan with MSE: negative Performed full scan with Malwarebytes and SuperAntispyware: deleted all adware/spyware I went to IE options and disabled all BHO that were in the list...
System Security
Browser Hijacked
Over the past few days I have been trying to resolve an issue with IE8 having been Hijacked. Most of the time when I use a search through Google or Bing, upon clicking one of the results I will get a random redirect. I have tried scanning with MSE, Malwarebytes, Onecare.live, and Spybot S&D. I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:16.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App