HP Laptop with redirector

[drjohnamy]

Hi again, this time my laptop has a bug. It's an HP G62 runnung Windows 7 Home Premium SP1 with AMD Athlon II p320 dual core 2.09 GHz, 64 bit.
I have WIN 7 Security 2012 popping up all over the place. I ran Registry Mechanic and SpyBot S&D, but no help. I've booted up in safe mode and run ERUNT ans DDS.
Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by John at 19:28:20 on 2011-12-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1935 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OCAEBNDVDUpdate] C:\Program Files (x86)\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C} : NameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\2427566716274675962756C6563737D2843523 : DhcpNameServer = 192.168.192.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\24C657563456461627D27657563747 : DhcpNameServer = 69.1.30.11 69.1.30.10
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\2656C6B696E6E2266616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\37471697262796467656 : DhcpNameServer = 69.1.30.10 69.1.30.11 8.8.8.8
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\C696E6B6379737 : DhcpNameServer = 69.1.30.11 69.1.30.10
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-3-14 632792]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-14 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-21 00:26:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EEB740A-0034-4066-B636-6B455B2CF609}\offreg.dll
2011-12-20 01:25:24 -------- d-----we C:\Windows\system64
2011-12-20 01:25:05 337408 ----a-w- C:\Users\John\AppData\Local\eqb.exe
2011-12-20 01:25:04 337408 ----a-w- C:\Users\John\AppData\Local\eqy.exe
2011-12-19 23:57:47 -------- d-----w- C:\Users\John\AppData\Local\{99D0F5F1-5DE7-4ADB-A373-DC1B84194381}
2011-12-19 23:57:35 -------- d-----w- C:\Users\John\AppData\Local\{50CC582F-FE5C-42C8-9F56-D7488F8E07A0}
2011-12-18 17:14:24 -------- d-----w- C:\Users\John\AppData\Local\{51C2C4EE-E09F-4E70-8911-EA335DC06FE0}
2011-12-18 17:14:12 -------- d-----w- C:\Users\John\AppData\Local\{7A7477AE-7AE1-4B0E-B2B5-471E63864151}
2011-12-18 02:12:55 -------- d-----w- C:\Users\John\AppData\Local\{2E2CC646-C1FA-41C2-855F-FFBED5192AC4}
2011-12-18 02:12:43 -------- d-----w- C:\Users\John\AppData\Local\{AC05147B-0B13-4DE2-9498-1B2C560F6EC7}
2011-12-18 01:10:03 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EEB740A-0034-4066-B636-6B455B2CF609}\mpengine.dll
2011-12-16 01:07:30 -------- d-----w- C:\Users\John\AppData\Local\{98C8B4BC-D646-429C-99EE-A41DBDBF87A9}
2011-12-16 01:07:18 -------- d-----w- C:\Users\John\AppData\Local\{838F1832-3563-4FDE-9B4B-4551B3012D78}
2011-12-15 01:53:21 -------- d-----w- C:\Users\John\AppData\Local\{AABFC1F2-D1AF-438F-9F03-52FAE652141B}
2011-12-15 01:53:09 -------- d-----w- C:\Users\John\AppData\Local\{BAAE2F96-DC15-4046-9943-A237D07A272F}
2011-12-15 01:31:28 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 01:31:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 01:31:26 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 01:31:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 01:31:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 01:31:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 00:40:44 -------- d-----w- C:\Users\John\AppData\Local\{0ADA6A77-F4A0-4AD8-88F7-B6740C803C9A}
2011-12-14 00:40:32 -------- d-----w- C:\Users\John\AppData\Local\{09D89E92-A46C-43A5-8D56-5A4DC0A203A3}
2011-12-09 22:17:56 -------- d-----w- C:\Users\John\AppData\Local\{CAF47799-95A2-46EE-903D-668DC1B317E2}
2011-12-09 22:17:44 -------- d-----w- C:\Users\John\AppData\Local\{11DBD611-83DE-426A-93AB-39EDB7367AE1}
2011-12-08 01:16:42 -------- d-----w- C:\Users\John\AppData\Local\{EAE4756C-2562-4BE1-B555-C681B28FBA9D}
2011-12-08 01:16:30 -------- d-----w- C:\Users\John\AppData\Local\{7C427E85-C635-4DCB-8046-58AE52B9EA87}
2011-12-07 02:21:36 -------- d-----w- C:\Users\John\AppData\Local\{6ED50E27-5BDF-401B-91AA-EC046ADE5FD4}
2011-12-07 02:21:24 -------- d-----w- C:\Users\John\AppData\Local\{B32846B8-61C1-4F77-B435-DFA4AE6D6B95}
2011-12-05 23:49:54 -------- d-----w- C:\Users\John\AppData\Local\{53EE16BA-3630-4FDA-BE72-32D531683F41}
2011-12-05 23:49:42 -------- d-----w- C:\Users\John\AppData\Local\{1C18891E-905E-43BA-A335-7EB644A4215C}
2011-12-05 01:18:44 -------- d-----w- C:\Users\John\AppData\Local\{644B3241-3050-4FAA-A924-52FFF974511C}
2011-12-04 00:30:55 -------- d-----w- C:\Users\John\AppData\Local\{3EE0D181-BDC3-41CA-AAA6-C101600669FD}
2011-12-04 00:30:43 -------- d-----w- C:\Users\John\AppData\Local\{B59A586F-ABD0-4440-B6BE-3AE927F54C55}
2011-12-03 00:53:23 -------- d-----w- C:\Users\John\AppData\Local\{703877FB-8E99-4F86-9115-175AD5CFCBA0}
2011-12-03 00:53:10 -------- d-----w- C:\Users\John\AppData\Local\{1970521A-C4E0-42B8-8B91-138CEF36FE17}
2011-12-01 23:12:41 -------- d-----w- C:\Users\John\AppData\Local\{A7675990-E740-4573-8A6F-E5259968A586}
2011-12-01 23:12:29 -------- d-----w- C:\Users\John\AppData\Local\{52168579-FE60-4585-AE60-7C31758893D8}
2011-11-30 23:35:05 -------- d-----w- C:\Users\John\AppData\Local\{BD35689A-9278-4CAF-B72F-6971DBD38D81}
2011-11-30 23:34:53 -------- d-----w- C:\Users\John\AppData\Local\{F9071B22-B45E-4636-A92A-B544D9918283}
2011-11-29 23:47:46 -------- d-----w- C:\Users\John\AppData\Local\{B75B7BAB-48FC-460A-B12F-FFB171D136A5}
2011-11-29 23:47:34 -------- d-----w- C:\Users\John\AppData\Local\{2E2AC596-B5B1-477D-9F01-BF85C893D9FA}
2011-11-28 23:17:33 -------- d-----w- C:\Users\John\AppData\Local\{CE2694E4-2580-493C-B504-B12E8396CD76}
2011-11-28 23:17:20 -------- d-----w- C:\Users\John\AppData\Local\{439C3738-8B98-4DAB-B61D-830F3D256927}
2011-11-25 23:47:19 -------- d-----w- C:\Users\John\AppData\Local\{7BFDF869-B904-4B82-B42E-51D56C0E8F51}
2011-11-25 23:47:05 -------- d-----w- C:\Users\John\AppData\Local\{DE0FEC84-662D-4495-A983-A241B0CBF14C}
2011-11-23 23:52:21 -------- d-----w- C:\Users\John\AppData\Local\{ED7E149F-6ADC-4FE2-BA1B-604BA44B8B9E}
2011-11-23 23:52:08 -------- d-----w- C:\Users\John\AppData\Local\{EC7EF1F4-11A2-431E-98EA-8C3FA4F850FF}
2011-11-21 23:48:02 -------- d-----w- C:\Users\John\AppData\Local\{7362F4B4-4ACD-447F-BC80-7A2BF9C023ED}
2011-11-21 23:47:49 -------- d-----w- C:\Users\John\AppData\Local\{1CD7C4ED-1577-4137-B3E8-33249F393FE6}
2011-11-21 01:24:55 -------- d-----w- C:\Users\John\AppData\Local\{F9F340F8-A29B-4D79-A82F-BF2507A0F976}
2011-11-21 01:24:43 -------- d-----w- C:\Users\John\AppData\Local\{8F4B6251-8ABD-4104-BB96-1900C92AB249}
.
==================== Find3M ====================
.
2011-11-11 01:40:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:30:02.47 ===============

[shelf life]

hi drjohnamy,

Your post is a few days old. If you still need help with the problem simply reply back.

[drjohnamy]

I have not booted the computer since I ran DDS.

[shelf life]

hi,

I have not booted the computer since I ran DDS.

Ok, thats a good thing.

see if you can download and install Malwarebytes and we will start with that.
Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

You may have problems trying to run a .exe. Try the above and we will go from there.

[drjohnamy]

Hi,
I downloaded MBAM to a jump drive, booted the HP in safemode wth networking, it updated MBAM and ran the scan. When it rebooted I saw my real homepage for the first time in days...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122503

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/25/2011 4:20:01 PM
mbam-log-2011-12-25 (16-20-01).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 374615
Time elapsed: 44 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\John\AppData\Local\eqy.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\John\AppData\Local\eqb.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\eqy.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\Temp\trfjqtwnkh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\Temp\ynp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\John\documents\rB2HY.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

[shelf life]

ok good. We will continue with combofix. There is a guide to read first, read through the guide then apply the directions on your own machine. Please run it after a normal boot up. If you have problems then run it in safe mode. Post the log:

Guide to using Combofix