Google being redirected to monster search when clicking links

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MoeGreene0

Thread Starter
Joined
Dec 21, 2012
Messages
3
Hello all,

I seem to have a contaminated system. Please help! When I search anything in google (in Google Chrome, doesn't happen in IE strangely) and I click a result link, I get redirected to monstersearch.
 

MoeGreene0

Thread Starter
Joined
Dec 21, 2012
Messages
3
HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:33 PM, on 12/21/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
C:\Users\Mr. X\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
O1 - Hosts: 216.239.32.20 www.google.de # bck9
O1 - Hosts: 216.239.32.20 www.google.dk # bck9
O1 - Hosts: 216.239.32.20 www.google.es # bck9
O1 - Hosts: 216.239.32.20 www.google.fi # bck9
O1 - Hosts: 216.239.32.20 www.google.fr # bck9
O1 - Hosts: 216.239.32.20 www.google.it # bck9
O1 - Hosts: 216.239.32.20 www.google.lt # bck9
O1 - Hosts: 216.239.32.20 www.google.lv # bck9
O1 - Hosts: 216.239.32.20 www.google.nl # bck9
O1 - Hosts: 216.239.32.20 www.google.pl # bck9
O1 - Hosts: 216.239.32.20 www.google.pt # bck9
O1 - Hosts: 216.239.32.20 www.google.ro # bck9
O1 - Hosts: 216.239.32.20 www.google.ru # bck9
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mr. X\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: UVA ITC Network Setup Tool Cert Checker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
--
End of file - 18712 bytes

DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Mr. X at 23:55:48 on 2012-12-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6077.3106 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Mr. X\AppData\Local\Apps\2.0\NXBCZX1J.C68\2AQHB5PC.LHG\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\wusa.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mr. X\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mr. X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Google Update] "C:\Users\Mr. X\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Mr. X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVAITC~1.LNK - C:\Windows\Installer\{A4766C69-E64B-47D4-984C-BE9E91FDDBF3}\_93C62315C0D5B38E0A1810.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\249637F6E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\34C61627B656024556D607C65647F6E6723702E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\36166716C6965627 : DHCPNameServer = 128.143.2.7 128.143.3.7 128.143.22.119
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\75F6F64627F677021407162747D656E64737 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\8496024586562756 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8C7D1A75-35BB-45E0-AFCD-D779D91A77FF}\D656469616C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EE490C56-892B-4273-9D9C-57375CA7BC7F} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F395D31E-B01B-4BDD-801A-540774D8ED12} : DHCPNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 11889889;11889889;C:\Windows\System32\drivers\11889889.sys [2012-11-20 460888]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-15 111776]
R1 3667364drv;3667364drv;C:\Windows\System32\drivers\3667364drv.sys [2012-11-20 556632]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-23 30568]
R1 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2012-2-13 108304]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-25 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-4-25 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2012-4-25 14904]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-16 676936]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2012-4-25 60416]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2012-4-25 55808]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-25 2314240]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-15 733808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-4-25 35104]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-4-25 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2012-4-25 58368]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-16 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-4-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-4-25 79360]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-10-2 18360]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-25 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-12-22 04:48:04 -------- d-----w- C:\28d871d01ab26bfbc8
2012-12-22 04:46:21 -------- d-----w- C:\Users\Mr. X\AppData\Local\ElevatedDiagnostics
2012-12-22 04:34:39 -------- d-----w- C:\Users\Mr. X\AVG Antivirus & Internet Security 2013 0 2805 Final (32-64bit)
2012-12-21 22:25:40 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 22:25:40 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 22:25:39 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 22:25:39 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 15:56:18 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F92AAA80-F0A4-44A6-8088-72E9E6503283}\mpengine.dll
2012-12-20 06:33:03 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-12-20 06:33:03 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-12-20 06:33:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-12-20 06:33:01 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-12-20 06:33:00 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-12-20 06:32:58 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-12-20 06:29:14 -------- d-----w- C:\Program Files (x86)\Farming Simulator 2013
2012-12-19 20:27:00 110080 ----a-r- C:\Users\Mr. X\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2012-12-19 20:27:00 110080 ----a-r- C:\Users\Mr. X\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2012-12-19 20:27:00 -------- d-----w- C:\sh4ldr
2012-12-19 20:27:00 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2012-12-19 20:26:22 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2012-12-19 20:25:32 -------- d-----w- C:\Users\Mr. X\SpyHunter 4.1.11.0 + Crack
2012-12-18 06:11:49 -------- d-----w- C:\Users\Mr. X\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}
2012-12-18 03:28:31 -------- d-----w- C:\Users\Mr. X\AppData\Roaming\calibre
2012-12-17 23:49:28 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-12-12 04:36:00 -------- d-----w- C:\Users\Mr. X\Infogrid Pacific
2012-12-12 04:35:59 -------- d-----w- C:\Users\Mr. X\AppData\Roaming\Infogrid Pacific Pte. Ltd
2012-12-12 04:35:59 -------- d-----w- C:\Users\Mr. X\AppData\Local\Infogrid Pacific Pte. Ltd
2012-12-11 17:10:10 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-11 17:09:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-11 17:09:51 -------- d-----w- C:\Program Files\iTunes
2012-12-11 17:09:51 -------- d-----w- C:\Program Files\iPod
2012-12-11 17:09:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-11 03:54:26 -------- d-----w- C:\Users\Mr. X\Second Shift - Order by Hugh Howey (Wool 07)
2012-12-08 18:19:08 -------- d-----w- C:\ProgramData\Nike
2012-12-08 18:19:07 -------- d-----w- C:\Program Files (x86)\Nike
2012-11-28 01:59:06 -------- d-----w- C:\Users\Mr. X\AppData\Roaming\SumatraPDF
2012-11-28 01:59:02 -------- d-----w- C:\Program Files (x86)\SumatraPDF
2012-11-24 05:02:17 -------- d-----w- C:\ProgramData\Orbit
2012-11-24 01:05:47 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-24 01:05:45 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-22 21:06:17 -------- d-----w- C:\Program Files (x86)\The Walking Dead Episode 5
.
==================== Find3M ====================
.
2012-12-20 16:28:55 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-12-19 22:30:09 151880 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-12-19 22:30:09 111776 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-12-19 22:30:09 105024 ----a-w- C:\Windows\System32\WRusr.dll
2012-12-13 20:11:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 20:11:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20:36 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-21 08:38:03 556632 ----a-w- C:\Windows\System32\drivers\3667364drv.sys
2012-11-21 08:38:03 460888 ----a-w- C:\Windows\System32\drivers\11889889.sys
2012-11-20 22:32:40 3123272 ----a-r- C:\Windows\SysWow64\pbsvc.exe
2012-11-15 15:30:10 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 17:15:47 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 03:08:38 44928 ----a-w- C:\Windows\System32\drivers\mcvidrv_x64.sys
2012-10-11 03:08:36 29696 ----a-w- C:\Windows\System32\drivers\mcaudrv_x64.sys
2012-10-10 01:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:32:16 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 02:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
2012-09-28 15:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 15:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-25 22:39:14 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 21:55:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
.
============= FINISH: 23:57:37.76 ===============

ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/25/2012 11:19:56 AM
System Uptime: 12/21/2012 9:56:13 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | G60JX
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 263.235 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 7.138 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP112: 12/17/2012 6:48:43 PM - Installed calibre
RP113: 12/18/2012 1:08:57 AM - Installed 7-Zip 9.30 (x64 edition)
RP114: 12/18/2012 10:35:59 AM - Windows Update
RP115: 12/19/2012 3:26:27 PM - Installed SpyHunter
RP116: 12/20/2012 1:32:04 AM - Installed DirectX
RP117: 12/21/2012 10:55:35 AM - Windows Update
RP119: 12/21/2012 3:36:00 PM - Windows Defender Checkpoint
RP120: 12/21/2012 5:25:24 PM - Windows Update
RP121: 12/21/2012 11:27:43 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
Hosts: 216.239.32.20 www.google.cl # bck9
Hosts: 216.239.32.20 www.google.co.il # bck9
Hosts: 216.239.32.20 www.google.co.in # bck9
Hosts: 216.239.32.20 www.google.co.jp # bck9
Hosts: 216.239.32.20 www.google.co.kr # bck9
Hosts: 216.239.32.20 www.google.co.nz # bck9
Hosts: 216.239.32.20 www.google.co.uk # bck9
Hosts: 216.239.32.20 www.google.co.ve # bck9
Hosts: 216.239.32.20 www.google.co.za # bck9
Hosts: 216.239.32.20 www.google.com # bck9
Hosts: 216.239.32.20 www.google.com.ar # bck9
Hosts: 216.239.32.20 www.google.com.au # bck9
Hosts: 216.239.32.20 www.google.com.br # bck9
Hosts: 216.239.32.20 www.google.com.co # bck9
Hosts: 216.239.32.20 www.google.com.gr # bck9
Hosts: 216.239.32.20 www.google.com.hk # bck9
Hosts: 216.239.32.20 www.google.com.mx # bck9
Hosts: 216.239.32.20 www.google.com.my # bck9
Hosts: 216.239.32.20 www.google.com.pe # bck9
Hosts: 216.239.32.20 www.google.com.ph # bck9
Hosts: 216.239.32.20 www.google.com.pk # bck9
Hosts: 216.239.32.20 www.google.com.sg # bck9
Hosts: 216.239.32.20 www.google.com.tr # bck9
Hosts: 216.239.32.20 www.google.com.tw # bck9
Hosts: 216.239.32.20 www.google.com.ua # bck9
Hosts: 216.239.32.20 www.google.de # bck9
Hosts: 216.239.32.20 www.google.dk # bck9
Hosts: 216.239.32.20 www.google.es # bck9
Hosts: 216.239.32.20 www.google.fi # bck9
Hosts: 216.239.32.20 www.google.fr # bck9
Hosts: 216.239.32.20 www.google.it # bck9
Hosts: 216.239.32.20 www.google.lt # bck9
Hosts: 216.239.32.20 www.google.lv # bck9
Hosts: 216.239.32.20 www.google.nl # bck9
Hosts: 216.239.32.20 www.google.pl # bck9
Hosts: 216.239.32.20 www.google.pt # bck9
Hosts: 216.239.32.20 www.google.ro # bck9
Hosts: 216.239.32.20 www.google.ru # bck9
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Alt.Binz 0.39.4
Amazon MP3 Downloader 1.0.17
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ASUS AI Recovery
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_ScreenSaver_GSeries
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AVG Security Toolbar
Blue Coat K9 Web Protection
Bonjour
Borderlands 2
calibre
CCleaner
CDisplay 1.8
Cheat Engine 6.2
ControlDeck
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Creative MediaSource 5
CueCard (remove only)
Curse Client
DAEMON Tools Pro
Darksiders II
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
ESET Online Scanner v3
Express Gate
Farming Simulator 2013
Fast Boot
Glary Utilities Pro 2.50.0.1632
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
ITC Network Setup Tool
iTunes
Java Auto Updater
Java(TM) 6 Update 31
League of Legends
Malwarebytes Anti-Malware version 1.65.1.1000
Max Payne 3
Media Player Codec Pack 4.2.2
Microsoft .NET Framework 2.0 SDK (x64) - ENU
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mumble 1.2.3
Nike+ Connect
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
Octoshape add-in for Adobe Flash Player
ooVoo
Overwolf
Pando Media Booster
PeerBlock 1.1 (r518)
ProtectDisc Driver, Version 11
PROTOTYPE 2
PunkBuster Services
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.05.02.02
Rockstar Games Social Club
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sid Meier's Civilization V
Skype&#8482; 5.10
Sound Blaster Audigy HD
SpyHunter
StarCraft II
Steam
SumatraPDF
SUPERAntiSpyware
Superbrothers: Sword & Sworcery EP
Synaptics Pointing Device Driver
The Walking Dead Episode 5 (c) Telltales version 1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB 2.0 2.0M UVC WebCam
Ventrilo Client for Windows x64
VLC media player 2.0.4
Webroot SecureAnywhere
WIDCOMM Bluetooth Software
Windows Live ID Sign-in Assistant
WinFlash
WinRAR 4.00 (64-bit)
Wireless Console 3
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
12/21/2012 11:29:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
.
==== End Of File ===========================
 

MoeGreene0

Thread Starter
Joined
Dec 21, 2012
Messages
3
I've been trying for the longest time to install Service Pack 1 as well, going through Windows troubleshoot programs, online discussions. I've fixed a handful of XXXXXXX errors which prevent the update from going through, but I think whatever malware I had may have corrupted my system's Update files as well.
 

Conspire

Malware Specialist
Joined
Feb 3, 2011
Messages
452
Hello there, MoeGreene0

Welcome to TSG

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Also note that I will not respond to this thread if I don't receive your reply for 3 days.

---------------------------------------------------------------------------------------------------

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top