When I click a link, I'm redirected

Status
Not open for further replies.
And you still cant get Malwarebytes to load? Can you download it again and this time rename it and save it the the root of c: and let me know
 
Still can't get it to work. When I double click it, I get the window that says "Malwarebytes' Anti-Malware has stopped working. A problem caused the program to stop working correctly..."
 
Both FF and IE. So far GC seems to be fine. I'm noticing a common name when the redirects occur. A lot of the time "filter.oridianppc.com" shows up in the address bar when I'm being redirected.
 
ComboFix 09-04-17.01 - Brundrett 04/16/2009 15:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1225 [GMT -4:00]
Running from: c:\users\Brundrett\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxnxpfslvvrqxqueommtsiudgicqdpuxvt.sys
c:\windows\system32\gaopdxvrrbhswqhogovttpwkxufmxxvcauwucc.dll
c:\windows\system32\tmp.reg
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 18:57 . 2009-04-16 18:57 216110665 ----a-w c:\windows\MEMORY.DMP
2009-04-16 17:32 . 2009-04-16 17:32 -------- d-----w C:\fsaua.data
2009-04-16 16:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 16:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 16:58 . 2009-04-16 16:58 -------- d-----w C:\Malwarebytes' Anti-Malware
2009-04-16 16:58 . 2009-04-16 16:58 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-16 16:58 . 2009-04-16 16:58 -------- d-----w c:\programdata\Malwarebytes
2009-04-16 16:55 . 2009-04-16 16:55 2967800 ----a-w C:\help.exe
2009-04-15 20:20 . 2009-04-15 20:20 -------- d-----w C:\VundoFix Backups
2009-04-15 20:15 . 2009-04-15 20:15 691 ----a-w c:\users\Brundrett\AppData\Roaming\GetValue.vbs
2009-04-15 20:15 . 2009-04-15 20:15 35 ----a-w c:\users\Brundrett\AppData\Roaming\SetValue.bat
2009-04-15 17:52 . 2009-04-16 16:56 41 ----a-w c:\windows\Filzip.ini
2009-04-15 17:24 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-12 02:12 . 2009-04-12 02:12 -------- d-----w c:\users\Brundrett\AppData\Roaming\Media Player Classic
2009-04-07 02:45 . 2009-04-16 18:56 4 ----a-w c:\windows\system32\gaopdxcounter
2009-04-05 16:04 . 2007-03-07 23:51 129784 ------w c:\windows\system32\pxafs.dll
2009-03-23 19:29 . 2007-05-23 21:26 49904 ----a-r c:\windows\system32\drivers\BVRPMPR5.SYS
2009-03-23 19:28 . 2009-03-23 19:32 -------- d-----w C:\Netgear
2009-03-21 02:05 . 2009-03-21 02:05 -------- d-----w c:\users\Brundrett\AppData\Local\IsolatedStorage
2009-03-21 02:04 . 2009-04-14 00:14 -------- d-----w c:\users\Brundrett\AppData\Local\Deployment
2009-03-21 02:04 . 2009-03-21 02:04 -------- d-----w C:\SonicSwap Installer
2009-03-19 21:00 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 21:00 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-03-19 20:59 . 2009-03-19 21:00 -------- d-----w c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 20:59 . 2009-03-19 21:00 -------- d-----w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 17:30 . 2008-06-13 19:07 -------- d-----w c:\users\Brundrett\AppData\Roaming\OpenOffice.org2
2009-04-16 16:53 . 2008-03-08 18:23 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 3
2009-04-16 16:36 . 2008-04-16 04:15 -------- d-----w c:\users\Brundrett\AppData\Roaming\uTorrent
2009-04-15 22:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 22:12 . 2007-05-31 23:27 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 22:12 . 2007-05-31 23:24 -------- d-----w c:\program files\Microsoft Works
2009-04-15 20:49 . 2009-04-15 20:20 134 ----a-w C:\VundoFix.txt
2009-04-15 20:17 . 2009-04-15 20:15 3695 ----a-w C:\rapport.txt
2009-04-15 19:16 . 2009-04-15 19:16 -------- d-----w c:\program files\CleanUp!
2009-04-15 19:11 . 2009-04-15 19:11 -------- d-----w c:\program files\MSConfig CleanUp
2009-04-15 19:08 . 2008-06-15 19:41 -------- d-----w c:\program files\Full Tilt Poker
2009-04-15 19:08 . 2007-05-09 21:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 16:28 . 2007-08-09 01:13 -------- d-----w c:\programdata\Viewpoint
2009-04-15 15:59 . 2009-04-15 15:59 -------- d-----w c:\program files\Trend Micro
2009-04-09 19:58 . 2008-04-13 22:07 -------- d-----w c:\program files\Cool MP3 Splitter
2009-04-09 02:53 . 2009-04-05 16:04 -------- d-----w c:\program files\Winamp
2009-03-28 00:06 . 2007-07-29 21:13 -------- d-----w c:\users\Brundrett\AppData\Roaming\dvdcss
2009-03-19 21:00 . 2009-03-19 20:59 -------- d-----w c:\program files\iTunes
2009-03-19 20:59 . 2009-03-19 20:59 -------- d-----w c:\program files\iPod
2009-03-19 20:59 . 2007-12-24 01:17 -------- d-----w c:\program files\Common Files\Apple
2009-03-19 20:57 . 2009-03-19 20:57 -------- d-----w c:\program files\Bonjour
2009-03-19 20:57 . 2009-03-19 20:56 -------- d-----w c:\program files\QuickTime
2009-03-19 20:53 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-19 20:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-19 20:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-17 03:38 . 2009-04-15 17:23 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 17:23 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 17:23 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-12 07:09 . 2008-07-07 04:02 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-11 03:29 . 2008-05-10 22:38 -------- d-----w c:\users\Brundrett\AppData\Roaming\FrostWire
2009-03-10 23:10 . 2007-12-02 05:27 -------- d-----w c:\program files\Pando Networks
2009-03-07 04:35 . 2009-03-07 04:35 -------- d-----w c:\program files\Microsoft
2009-03-07 04:35 . 2009-03-07 04:35 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-07 04:34 . 2007-12-14 22:23 -------- d-----w c:\program files\Windows Live
2009-03-07 04:29 . 2009-03-07 04:29 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-03 04:46 . 2009-04-15 17:23 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 17:23 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 17:23 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-15 17:23 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 17:23 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 17:23 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 17:23 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 17:23 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 17:23 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 17:23 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 17:23 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 17:23 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-15 17:23 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-02 00:51 . 2008-12-03 02:15 -------- d-----w c:\users\Brundrett\AppData\Roaming\Orbit
2009-02-13 08:49 . 2009-04-15 17:23 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 17:23 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 08:51 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 23:52 . 2009-02-06 23:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-19 20:49 . 2007-10-13 06:03 680 ----a-w c:\users\Brundrett\AppData\Local\d3d9caps.dat
2009-01-19 17:47 . 2007-07-22 19:55 88064 ----a-w c:\users\Brundrett\AppData\Local\GDIPFONTCACHEV1.DAT
2008-10-09 22:11 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-21 00:29 . 2008-05-03 15:02 688 ----a-w c:\users\Brundrett\AppData\Roaming\wklnhst.dat
2008-02-07 17:44 . 2008-02-07 17:44 8 ----a-w c:\users\Brundrett\AppData\Roaming\usb.dat.bin
2007-08-03 04:04 . 2007-08-03 04:04 82720 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-17 01:2007-07-28 13:22 16:37 . c:\program files\mozilla firefox\components\jar50.dll
2009-02-17 01:2007-07-28 13:22 16:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-17 01:2007-07-28 13:22 16:38 . c:\program files\mozilla firefox\components\myspell.dll
2009-02-17 01:2007-07-28 13:22 16:39 . c:\program files\mozilla firefox\components\spellchk.dll
2009-02-17 01:2007-07-28 13:22 16:39 . c:\program files\mozilla firefox\components\xpinstal.dll
2007-10-02 04:09 . 2007-07-28 05:25 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-02 04:09 . 2007-07-28 05:25 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-02 04:09 . 2007-07-28 05:25 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 18:46 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 18:46 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 18:34 52224 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVTonic Control Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TVTonic Control Panel.lnk
backup=c:\windows\pss\TVTonic Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Brundrett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Brundrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 20:46 534648 ----a-w c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 08:06 40048 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 15:37 2321600 ----a-r c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 15:06 178688 ----a-w c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 16:30 405504 ----a-w c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-02-11 12:35 801904 ----a-w c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16 454784 ----a-w c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 20:20 133104 ----atw c:\users\Brundrett\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49 55416 ----a-w c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 15:06 413696 ----a-w c:\program files\TOSHIBA\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14 34352 ----a-w c:\program files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2008-01-18 14:32 451896 ----a-w c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-01-08 21:20 451896 ----a-w c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
2009-02-19 10:40 3913032 ----a-w c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-11-06 18:13 49168 ----a-w c:\program files\Protector Suite QL\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-19 05:24 448632 ----a-w c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 07:42 144784 ----a-w c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supertintin_msn]
2007-11-16 00:52 729088 ----a-w c:\program files\Supertintin for Msn\supertintin_msn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-11-01 18:08 438272 ----a-w c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-06-20 12:37 1316136 ----a-w c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-07-27 12:00 204800 ----a-w c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-20 06:16 411768 ----a-w c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-06-19 19:15 3664944 ----a-w c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w c:\windows\system32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-16 00:07 4390912 ----a-w c:\windows\RtHDVCpl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B7F8709-6366-4025-8CD2-7C79C8A00239}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{32C3E4DF-49F1-4653-8EDE-41BB8456CF60}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{D03FABDA-5584-4DA7-8C6E-1BCF8426072D}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{FED71BD6-39CA-43B6-8316-41BEC288DFD5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{775C15B2-4385-42CA-91C7-4264A4AF282F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A109EA17-330B-421E-AE48-87773CF5C90B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{71AE2D43-6567-437F-BB44-4DAAD39CDCEC}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1359579D-D3ED-4534-A7F6-01AB0FCF3568}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9FC54113-4CE7-4489-938F-415505611D5B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{7413D919-3DCD-4B4A-83F7-582BD2964607}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{618A153E-47AE-44D7-87B9-93C2E5ED8F96}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1720A24D-E37F-472F-895A-8E8ED55CAC1C}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2B67DCD0-F19D-4D96-A41D-A8820ECD10B4}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{33AA5C77-B7D9-4F1E-8177-0DA12E37970E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B37FE9B2-3B31-4389-9E79-7E43EAFEF284}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8305F09F-843C-4459-9A1E-C0203D32F993}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{75495040-A1EE-467F-B2B3-EDE2975F1A73}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{D34D19DA-D6A2-4874-AE27-E4989B9B1C5E}"= UDP:86:BroadCam Web Server
"{8A02FB6E-68DB-4B70-A4B4-294A4D08FDA6}"= TCP:67:DHCP Discovery Service
"{07BE147A-A03C-4A4A-99D0-8BFA25BD8F0E}"= TCP:67:DHCP Discovery Service
"{26446228-E7A8-41B2-BA4B-9A0F943872A3}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{71F73568-6AD1-45A3-986E-70FFE06337A2}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{14C789C1-0176-433A-9120-BAAE76B2043C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{B09B9456-E149-469F-B6A3-C242FE788816}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{C786E933-5D6B-40B0-8B49-9EE2685E405D}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{40481033-C6DE-4AD0-9A69-D88746BDBADF}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{6BDC2699-4022-446F-9573-76BCD38C1827}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{139E57B7-05EA-4D0E-AFBA-D0B446AD8DA0}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"{453C1F4C-9628-456E-BF89-059B43AC54CF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC31940F-E8AB-47DB-BCBA-3591E6141DA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{01B75D8C-1514-4BB1-A164-D88C1F63F8B8}"= UDP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:pure Networks Network Magic Service
"{7738A8D3-C634-419E-B354-7AD8C87B55F8}"= TCP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:pure Networks Network Magic Service
"TCP Query User{A10CC4E0-294E-4F23-BDFC-F6EEB1A81DBC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6AB54B2C-53EA-492A-89F6-83709F50144F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E07578C3-C878-4600-9C2A-C084C9CFCD82}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C70F6B90-400D-4D55-80A1-0380D525E2D0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B16F088-F94A-436C-990B-04EDA0142517}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D0CC7B81-9C13-4456-8C40-6ABFE340BFCD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{41BA362D-CE89-42FB-BCC2-0AE098F4D204}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{4B2E0EA1-073C-4BEE-B848-2859630A70D5}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{DD556CDE-79E9-4251-8D02-A691A9C04D9A}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C70CAED8-4E17-44A8-B2D8-CF43494EA91A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AC7EC220-3916-4FAB-959F-9A67AA5C3673}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{26595EB5-C300-4CA5-BFFB-4F1A5B03DC6B}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8B14D1A2-D8D2-448D-84B9-19E58A2771E1}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{BA561D42-0282-45E7-BDB1-984E3A879C7A}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R3 EyelineService;Eyeline Service;c:\program files\NCH Software\Eyeline\eyeline.exe [2008-01-06 425988]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 TpChoice;Touch Pad Detection Filter driver; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2007-09-18 141840]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2007-09-18 228368]
S2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [2008-08-02 142336]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635030261-218505837-1128197117-1000.job
- c:\users\Brundrett\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 142.150.238.13:3124
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Brundrett\AppData\Roaming\Mozilla\Firefox\Profiles\iurzkuxa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Brundrett\AppData\Roaming\Mozilla\Firefox\Profiles\iurzkuxa.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\Brundrett\AppData\Roaming\Mozilla\Firefox\Profiles\iurzkuxa.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\Brundrett\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Brundrett\AppData\Roaming\Mozilla\Firefox\Profiles\iurzkuxa.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 15:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(2660)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-16 15:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 19:19

Pre-Run: 30,963,372,032 bytes free
Post-Run: 30,811,312,128 bytes free

444 --- E O F --- 2009-04-15 22:16
 
Stupid me... I should have told you to run this sooner, for some reason I was thinking it didnt run on Vista, duh :confused:

anyways.....Can you install Malwarebytes now? I see a lot of deletions that have been preventing this or maybe not.

Are you still being redirected?

Post another hijackthis log as well so I can see if anything shows up after that scan
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:58 PM, on 4/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\Explorer.exe
C:\Users\Brundrett\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.150.238.13:3124
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 6009 bytes




Yeah, Malwarebytes finally works. It also seems as though everything is back to normal. I haven't been redirected yet, and when I click back, it takes me back to my search results. Thanks for all the help.
 
Remove these

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D354ADF-DB1A-45D6-885D-3F39E238889C}: NameServer = 85.255.112.82,85.255.112.152

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE5097A-3344-4C76-B51B-916B718A7636}: NameServer = 85.255.112.82,85.255.112.152

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.82,85.255.112.152

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.82,85.255.112.152

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.82,85.255.112.152
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom