Inactive Browser search redirect

[calmman]

When using Google, Bing or Yahoo for searching the internet, I get the results and if I click on the results I quite often get redirected to bogus websites. I am using IE9 on a Win7 machine. Also, Firefox 4.02 has the problem and Google Chrome does not work at all.

I have ran several different programs including Spybot, Malwarebytes, ComboFix, HitmanPro, HijackThis. None of these programs have found anything. I am also running Symantec Endpoint for virus protection and it does not find anything. I have also tried running tdsskiller.exe but it will not run on this machine. It starts for a moment and the process goes away.

Also, I have noticed that if you right-click on the search results and say open (or open in new tab) and the redirect does not happen. I'm not sure if its helpful, but here a few examples of the websites that I get redirected too:
linkinghub.elsevier.com, newsrelief.com, scour.com, search.yellowise.com, www.dances.us, www.find-quick-results.com, www.majordownloads.org, www.nmi.us

Here are my logs according your guide...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6842

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/12/2011 1:54:14 PM
mbam-log-2011-06-12 (13-54-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 313154
Time elapsed: 1 hour(s), 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-12 12:44:48
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB2Z
Running: 9kt7vt9j.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uxddapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:308] 86E1BE7A
Thread System [4:312] 86E1E008

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 12:50:29 on 2011-06-12
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1875 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: EPOWER
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://jran.uscourts.gov/whalecomec3fa3937e2db7cbeb853a3e330df9604e1202f274702c43/whalecom0/iNotes6W.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://jran.uscourts.gov/whalecomec3fa3937e2db7cbeb853a3e330df9604e1202f274702c43/whalecom0/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6D1573F6-C18B-48C0-A71A-27EC9C79AAD0} : DhcpNameServer = 68.87.68.162 68.87.74.162
TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\2375942554338373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\2457666616C6F6 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\3454740275F627B63747164796F6E6 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\5516D6377457563747 : DhcpNameServer = 144.30.3.201 144.30.3.202 144.30.3.203
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\04mjwujv.default\
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-16 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2010-4-27 147563]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-7-20 171872]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2009-12-26 125568]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [2010-4-6 25992]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [2010-4-6 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-6 105592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-10 122880]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-7 119256]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-19 249888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-6-8 17480]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-26 75040]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2010-1-28 18952]
S4 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-7-23 163680]
.
=============== Created Last 30 ================
.
2011-06-12 17:45:44 607310 ------r- c:\temp\dds.scr
2011-06-12 17:43:11 302592 ----a-w- c:\temp\9kt7vt9j.exe
2011-06-12 16:29:47 1437488 ----a-w- C:\TDSSKiller.exe
2011-06-12 16:28:02 -------- d-----w- c:\users\administrator\appdata\local\ElevatedDiagnostics
2011-06-12 16:25:57 -------- d--h--w- c:\windows\PIF
2011-06-12 16:17:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-12 16:02:20 -------- d-----w- c:\users\administrator\appdata\roaming\Intel
2011-06-09 21:47:31 -------- d-----w- c:\users\administrator\appdata\local\Adobe
2011-06-09 21:40:01 -------- d-----w- c:\users\administrator\appdata\local\Google
2011-06-09 19:41:05 -------- d-----w- c:\users\administrator\appdata\local\bluesoleil
2011-06-09 17:25:19 -------- d-----w- C:\temp
2011-06-09 17:13:58 -------- d-----w- c:\programdata\STOPzilla!
2011-06-09 15:14:01 -------- d-----w- c:\program files\IObit
2011-06-09 13:25:57 98816 ----a-w- c:\windows\sed.exe
2011-06-09 13:25:57 518144 ----a-w- c:\windows\SWREG.exe
2011-06-09 13:25:57 256512 ----a-w- c:\windows\PEV.exe
2011-06-09 13:25:57 208896 ----a-w- c:\windows\MBR.exe
2011-06-08 20:58:40 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-08 20:57:06 -------- d-----w- c:\programdata\Hitman Pro
2011-06-08 20:52:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE429.tmp
2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE428.tmp
2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE3F8.tmp
2011-06-08 18:57:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 18:57:49 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 18:57:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 22:32:48 1437488 ----a-w- c:\temp\tdsskiller\TDSSKiller.exe
2011-06-07 19:14:25 -------- d-----w- c:\windows\system32\SPReview
2011-06-07 19:13:25 -------- d-----w- c:\windows\system32\EventProviders
2011-06-06 19:19:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-06 19:18:55 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-06-06 19:18:55 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2011-06-06 19:18:54 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-06-06 19:18:37 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-06 19:18:36 -------- d-----w- c:\programdata\Symantec
2011-06-06 19:18:36 -------- d-----w- c:\program files\Symantec
2011-05-25 14:13:49 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 13:44:20 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 17:19:37 -------- d-----w- c:\programdata\PC-Doctor for Windows
.
==================== Find3M ====================
.
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 12:50:54.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2010 12:48:43 PM
System Uptime: 6/12/2011 12:37:28 PM (0 hours ago)
.
Motherboard: LENOVO | | 28479UU
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | U2E1 | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 138.917 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP170: 6/9/2011 11:26:38 AM - Windows 7 Service Pack 1
RP171: 6/9/2011 12:12:50 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP173: 6/9/2011 12:21:19 PM - StopZILLA! Restore Point.
RP174: 6/9/2011 12:23:03 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP175: 6/9/2011 4:43:15 PM - Installed Java(TM) 6 Update 26
RP176: 6/9/2011 4:46:55 PM - Removed Adobe Reader 9.4.1.
RP177: 6/12/2011 11:06:16 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Access Help
Adobe Acrobat X Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AT&T Service Activation
BlueSoleil 6.4.314.3
Bridge
BridgeDist
Business Contact Manager for Outlook 2007 SP2
Case CATalyst Version 12
CCleaner
Create Recovery Media
D3DX10
Defraggler (remove only)
DIBS
DirectX 9 Runtime
E-Transcript
Google Chrome
Integrated Camera Driver Installer Package Ver.1.0.1.2
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel(R) TV Wizard
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 26
JMicron Flash Media Controller Driver
Junk Mail filter update
Lenovo Central
Lenovo Idea Notes
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Research AutoCollage Touch 2009
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband Connect
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
On Screen Display
OpenOffice.org 3.1
PC Connectivity Solution
RealLegal E-Transcript 7.0
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
SearchMaster
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spybot - Search & Destroy
Symantec Endpoint Protection
System Update
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Verizon Wireless Mobile Broadband Self Activation
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
WinUSR
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 9:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI TPPWRIF vpcvmm Wanarpv6
6/9/2011 8:57:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/9/2011 7:58:52 AM, Error: Service Control Manager [7000] - The Hitman Pro 3.5 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified.
6/9/2011 7:58:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xbc459000, 0x00000000, 0x82eb5b43, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060911-72743-01.
6/9/2011 4:56:00 PM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
6/9/2011 3:19:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x86f31d98, 0x82f45940, 0x82f45890). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060911-43586-01.
6/9/2011 2:37:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 12:33:07 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
6/9/2011 12:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service BsHelpCS with arguments "-Service" in order to run the server: {1CE3EB56-16B9-40A0-8110-284EF53ACF04}
6/9/2011 12:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service BlueSoleilCS with arguments "-Service" in order to run the server: {DC22CE61-F0A5-415C-986E-4DF78C2D1029}
6/9/2011 12:29:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
6/9/2011 12:29:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl is3srv lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs TPPWRIF vpcvmm Wanarpv6
6/9/2011 12:19:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
6/9/2011 12:05:22 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x80070020.
6/8/2011 9:42:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Windows 7 Service Pack 1 (KB976932).
6/8/2011 9:33:16 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
6/8/2011 9:32:09 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
6/8/2011 3:14:26 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/7/2011 4:54:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2508429).
6/7/2011 4:52:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Update for Windows 7 (KB2492386).
6/7/2011 4:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2508272).
6/7/2011 4:49:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Update for Windows 7 (KB2506928).
6/7/2011 4:47:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2510531).
6/7/2011 4:44:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2509553).
6/7/2011 4:42:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2507618).
6/6/2011 2:20:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/6/2011 2:10:59 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/6/2011 2:10:41 PM, Error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 2:08:20 PM, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/6/2011 2:05:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx86
6/6/2011 2:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/6/2011 2:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/6/2011 2:00:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
6/6/2011 12:58:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
6/6/2011 12:56:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/6/2011 12:44:28 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: An instance of the service is already running.
6/6/2011 12:43:28 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 9:04:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 (KB976932).
6/5/2011 9:04:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Internet Explorer 9 for Windows 7.
6/12/2011 12:42:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/12/2011 12:39:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs
6/12/2011 12:31:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 12:25:46 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/12/2011 12:25:46 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
6/12/2011 12:24:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/12/2011 12:24:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/12/2011 12:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/12/2011 12:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2011 12:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/12/2011 12:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/12/2011 11:32:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl is3srv lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs tdx TPPWRIF vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 11:16:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/10/2011 6:44:43 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "32" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
6/10/2011 6:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
.
==== End Of File ===========================

Thanks for any help you can provide. This is the most time I have spent on malware in a long time and I am tired.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.