Google Redirect Virus

I use a PC (Dell Inspiron) and run Windows XP.

I have been having problems with a Google redirect virus that will take me to other sites for certain Google searches. The sites will release viruses if you click on them. I am also having problems with my Firefox browser, some functions don't work properly like 3rd party services like PayPal and certain cgi Control Panels.

Repeated scans by PC Spyware Doctor reveal no viruses but the problems persist.

I would very much appreciate any guidance and help to remove these viruses and cleaning up my PC.

I have run the Defogger and DDS which will be pasted below.

I tried running the GMER Rootkit Unhooker. It runs all the way until right before the end when I will get several error messages relating to certain file names and stating that the file cannot be saved or the report cannot be written and then the program seems to end. I'm not sure if the report is complete.

DDS LOG

DDS (Ver_10-12-05.01) - NTFSx86
Run by Matt at 15:07:00.83 on Wed 12/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255553050517
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255553099037
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPandBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F037F929-F309-43D3-9D4F-2DBF0FECDD30} - c:\documents and settings\matt\local settings\application data\{F037F929-F309-43D3-9D4F-2DBF0FECDD30}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: XULRunner: {F037F929-F309-43D3-9D4F-2DBF0FECDD30} - c:\documents and settings\matt\local settings\application data\{F037F929-F309-43D3-9D4F-2DBF0FECDD30}
FF - Extension: Basic Brushed: basicbrushed@gmail.com - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\extensions\basicbrushed@gmail.com
FF - Extension: Bauhaus_Pure: {9d396f50-1c72-11de-8c30-0800200c9a66} - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\extensions\{9d396f50-1c72-11de-8c30-0800200c9a66}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Bauhaus Simple Smooth: {f3baa7ca-ffa7-4267-8b25-bd2daf5dd422} - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\i95u8ouv.default\extensions\{f3baa7ca-ffa7-4267-8b25-bd2daf5dd422}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-3 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-10-28 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-10-28 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-3 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-16 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-3 198608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-16 359624]
S0 cerc6;cerc6; [x]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-10-27 50704]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-12-3 70408]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-16 12872]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-16 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-10-28 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-12-07 21:47:41 -------- d--h--w- c:\windows\PIF
2010-11-26 19:31:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-26 19:31:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-26 19:31:50 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-10 20:10:50 -------- d-----w- c:\program files\Homestead
2010-11-10 19:39:20 -------- d-----w- c:\program files\TubeDownloader

==================== Find3M ====================

2010-10-27 22:30:12 0 ----a-w- c:\windows\Hgadoxegirifadu.bin
2010-10-27 22:27:14 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-10-27 22:27:14 100880 ----a-w- c:\windows\system32\Packet.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2008-12-23 02:14:00 772608 ----a-w- c:\program files\diskdata.exe
2005-08-23 00:25:18 453928 ----a-w- c:\program files\Uninstall.exe
2005-04-02 02:49:30 6185024 ----a-w- c:\program files\TrTPro.exe
2004-05-10 22:40:08 413696 ----a-w- c:\program files\StuffItEngine.dll
2004-05-10 22:40:08 401408 ----a-w- c:\program files\EngineShell.dll
2004-05-10 22:40:08 311296 ----a-w- c:\program files\foundation.dll
2003-03-19 15:14:52 499712 ----a-w- c:\program files\msvcp71.dll
2003-02-21 23:42:22 348160 ----a-w- c:\program files\msvcr71.dll

============= FINISH: 15:07:53.63 ===============


GMER LOG

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-08 23:31:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800BEVE-00UYT0 rev.01.04A01
Running: gmer.exe; Driver: C:\DOCUME~1\Matt\LOCALS~1\Temp\pwliapod.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF83D5A1C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF83FBCDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF83FBED0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF83D5C10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF83D5CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF83D590C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF841BD60]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF83D5E52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF83D7B30]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{729E003E-D1C8-F61A-3B5F-E470CE3E60EE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{729E003E-D1C8-F61A-3B5F-E470CE3E60EE}@oaakefhacbjbfdpkakcgepmkkhlbnj 0x6B 0x61 0x65 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{729E003E-D1C8-F61A-3B5F-E470CE3E60EE}@naclkglgjeacamapgjjjpkplegoi 0x6A 0x61 0x70 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{729E003E-D1C8-F61A-3B5F-E470CE3E60EE}@oaakefhacbjbfdpkakcgepmknhkaod 0x6A 0x61 0x62 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{729E003E-D1C8-F61A-3B5F-E470CE3E60EE}@naclkglgjeacamapgjjjpkkmjflf 0x6A 0x61 0x62 0x66 ...

---- Files - GMER 1.0.15 ----

File C:\Real\RealPlayer\Firstrun\localguide_files\blu_ulcorner.gif 59 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\globe_gettingstarted.gif 2173 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\header_gettingstarted.gif 1787 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\icn_channels.gif 409 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\icn_radio.gif 394 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\icn_search.gif 339 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\icn_web.gif 356 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\offline.gif 330 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\realone_header.gif 813 bytes
File C:\Real\RealPlayer\Firstrun\localguide_files\space.gif 43 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonLgray.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\Mixedproject.BMP 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\audiofile.ico 766 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\audio_list_ctrl.bmp 1758 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\Bootableproject.BMP 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\cdextraproject.bmp 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\CDImage.ico 1078 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\cdproject.ico 1078 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\creatorrects.ini 250 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\datadvdproject.bmp 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\dataproject.bmp 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbar.BMP 1702 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarhideactive.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarhidegray.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarhidemousedown.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarhidemouseover.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarshowactive.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarshowgray.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarshowmousedown.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbarshowmouseover.BMP 1418 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonLactive.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonLmousedown.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonLmouseover.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonRactive.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonRgray.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonRmousedown.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\grabberbuttonRmouseover.BMP 1518 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\logo.bmp 9286 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\MP3project.BMP 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\musicproject.bmp 11198 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\projectactive.BMP 33830 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\projectgray.BMP 33830 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\projectmousedown.BMP 33830 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\projectmouseover.BMP 33830 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\tile.bmp 2158 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\topactive.bmp 31534 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\topgray.BMP 31534 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\topmousedown.BMP 31534 bytes
File C:\Roxio\Easy CD Creator 5\Easy CD Creator\CreatorImages\topmouseover.bmp 31534 bytes
File C:\Safari\CFNetwork.resources\da.lproj 0 bytes
File C:\Safari\CFNetwork.resources\da.lproj\Localizable.strings 9002 bytes
File C:\Safari\CFNetwork.resources\de.lproj 0 bytes
File C:\Safari\CFNetwork.resources\de.lproj\Localizable.strings 9384 bytes
File C:\Safari\CFNetwork.resources\English.lproj 0 bytes
File C:\Safari\CFNetwork.resources\English.lproj\Localizable.strings 8934 bytes
File C:\Safari\CFNetwork.resources\es.lproj 0 bytes
File C:\Safari\CFNetwork.resources\es.lproj\Localizable.strings 9512 bytes
File C:\Safari\CFNetwork.resources\fi.lproj 0 bytes
File C:\Safari\CFNetwork.resources\fi.lproj\Localizable.strings 8984 bytes
File C:\Safari\CFNetwork.resources\fr.lproj 0 bytes
File C:\Safari\CFNetwork.resources\fr.lproj\Localizable.strings 9222 bytes
File C:\Safari\CFNetwork.resources\Info.plist 878 bytes
File C:\Safari\CFNetwork.resources\it.lproj 0 bytes
File C:\Safari\CFNetwork.resources\it.lproj\Localizable.strings 9328 bytes
File C:\Safari\CFNetwork.resources\ja.lproj 0 bytes
File C:\Safari\CFNetwork.resources\ja.lproj\Localizable.strings 8530 bytes
File C:\Safari\CFNetwork.resources\ko.lproj 0 bytes
File C:\Safari\CFNetwork.resources\ko.lproj\Localizable.strings 7804 bytes
File C:\Safari\CFNetwork.resources\nb.lproj 0 bytes
File C:\Safari\CFNetwork.resources\nb.lproj\Localizable.strings 8916 bytes

---- EOF - GMER 1.0.15 ----

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
• Please Do not Attach logs or put in code boxes.
• Tell me about any problems that have occurred during the fix.
• Tell me of any other symptoms you may be having as these can help also.
• Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• log from RKUnHooker
• let me know of any problems you may have had

Gringo

Hello

three day bump

It has been Three days since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Hello

three day bump

It has been Three days since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.

With Regards,
Gringo