Please Help: Constant Hijacking & Shockwave Crashes

**Cynner** · 2013-11-13, 18:59

ComboFix Log:

ComboFix 13-11-12.01 - Cynner 11/13/2013 12:43:19.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.3916 [GMT -5:00]
Running from: c:\users\Cynner\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))
.
.
2013-11-13 16:23 . 2013-11-13 16:23 -------- d-----w- c:\users\Cynner\AppData\Roaming\Steve Jackson Games
2013-11-13 16:21 . 2001-08-23 10:00 3584 ----a-w- c:\windows\SysWow64\temp.000
2013-11-13 13:54 . 2013-11-13 13:54 -------- d-----w- c:\program files (x86)\ESET
2013-11-13 13:39 . 2013-11-13 13:39 -------- d-----w- c:\users\Cynner\AppData\Roaming\Malwarebytes
2013-11-13 13:38 . 2013-11-13 13:38 -------- d-----w- c:\programdata\Malwarebytes
2013-11-13 13:38 . 2013-11-13 13:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-13 13:38 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-13 12:36 . 2013-11-13 16:22 -------- d-----w- c:\program files (x86)\GURPS Character Assistant 4
2013-11-12 02:19 . 2013-11-12 02:19 -------- d-----w- c:\windows\ERUNT
2013-11-12 00:24 . 2013-11-12 00:31 -------- d-----w- C:\AdwCleaner
2013-11-11 23:07 . 2013-11-11 23:07 -------- d-----w- C:\_OTL
2013-11-05 19:44 . 2013-11-05 19:49 -------- d-----w- c:\users\Cynner\AppData\Local\Ubisoft Game Launcher
2013-11-05 19:42 . 2013-11-05 19:42 -------- d-----w- c:\programdata\Solidshield
2013-11-05 19:41 . 2013-11-05 19:41 -------- d-----w- c:\users\Cynner\AppData\Roaming\Ubisoft
2013-11-05 19:37 . 2013-11-05 19:37 -------- d-----w- c:\program files (x86)\Ubisoft
2013-11-05 19:35 . 2008-05-30 19:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
2013-11-01 15:34 . 2013-11-01 15:34 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-01 11:39 . 2013-11-01 11:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-01 11:39 . 2013-11-01 11:39 -------- d-----w- c:\windows\system32\Macromed
2013-10-30 11:22 . 2013-10-30 11:22 -------- d-----w- c:\windows\SysWow64\Adobe
2013-10-28 21:19 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-28 21:19 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-28 21:19 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-28 21:19 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-28 21:19 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-28 21:19 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-28 21:19 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-27 10:33 . 2013-10-27 10:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 10:33 . 2013-10-27 10:33 -------- d-----w- c:\program files\iTunes
2013-10-27 10:33 . 2013-10-27 10:33 -------- d-----w- c:\program files (x86)\iTunes
2013-10-27 10:33 . 2013-10-27 10:33 -------- d-----w- c:\program files\iPod
2013-10-23 20:11 . 2013-10-23 20:11 -------- d-----w- c:\users\Cynner\AppData\Local\FalloutNV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 07:03 . 2013-04-10 03:13 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-11 07:09 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-11 07:09 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-11 07:09 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-11 07:09 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-11 07:09 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-11 07:09 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-11 07:09 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-11 07:09 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-11 07:09 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-11 07:09 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-11 07:09 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-11 07:09 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-11 07:09 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-11 07:09 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-11 07:09 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-11 07:09 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-11 07:09 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-11 07:09 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-11 07:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-11 07:09 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-11 07:09 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-11 07:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 17:50 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 17:50 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 17:50 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 17:50 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 17:50 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 17:50 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 17:50 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 17:50 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 17:50 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 17:50 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 17:50 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 17:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 17:50 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 17:50 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 17:50 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 17:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 17:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 17:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 17:50 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 17:50 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 17:49 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-27 11:54 . 2013-04-10 02:08 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-27 11:54 . 2013-04-10 02:08 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-27 11:53 . 2013-08-27 11:53 15928264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-08-27 11:53 . 2013-08-27 11:53 13419112 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-08-27 11:53 . 2013-08-27 11:53 6324896 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-08-27 11:53 . 2013-08-27 11:53 7642344 ----a-w- c:\windows\system32\nvopencl.dll
2013-08-27 11:53 . 2013-08-27 11:53 27786528 ----a-w- c:\windows\system32\nvoglv64.dll
2013-08-27 11:53 . 2013-08-27 11:53 21106464 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-08-27 11:53 . 2013-08-27 11:53 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-08-27 11:53 . 2013-08-27 11:53 467744 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-08-27 11:53 . 2013-08-27 11:53 11248416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-08-27 11:53 . 2013-08-27 11:53 620832 ----a-w- c:\windows\system32\NvFBC64.dll
2013-08-27 11:53 . 2013-08-27 11:53 548128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-08-27 11:53 . 2013-08-27 11:53 1832224 ----a-w- c:\windows\system32\nvdispco6432078.dll
2013-08-27 11:53 . 2013-08-27 11:53 15149048 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-08-27 11:53 . 2013-08-27 11:53 1511712 ----a-w- c:\windows\system32\nvdispgenco6432078.dll
2013-08-27 11:53 . 2013-08-27 11:53 9281544 ----a-w- c:\windows\system32\nvcuda.dll
2013-08-27 11:53 . 2013-08-27 11:53 2958112 ----a-w- c:\windows\system32\nvcuvid.dll
2013-08-27 11:53 . 2013-08-27 11:53 2780960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-08-27 11:53 . 2013-08-27 11:53 2362656 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-08-27 11:53 . 2013-08-27 11:53 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-08-27 11:53 . 2013-04-13 21:24 7719528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-08-27 11:53 . 2013-04-13 21:24 12431872 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-08-27 11:53 . 2013-08-27 11:53 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-08-27 11:53 . 2013-08-27 11:53 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-08-27 11:53 . 2013-04-13 21:24 2937256 ----a-w- c:\windows\system32\nvapi64.dll
2013-08-27 11:53 . 2013-04-13 21:24 2598368 ----a-w- c:\windows\SysWow64\nvapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2013-11-06 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Cynner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01359863
*Deregistered* - 01359863
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-13 00:28 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.48\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-01 11:39]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 15:01]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 15:01]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174226332-4133268913-245238529-1001Core.job
- c:\users\Cynner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-01 06:17]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174226332-4133268913-245238529-1001UA.job
- c:\users\Cynner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-01 06:17]
.
2013-11-13 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-04-11 18:44]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Cynner\AppData\Roaming\Mozilla\Firefox\Profiles\1u5r9ac1.default-1383319193926\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-28280050.sys
SafeBoot-51523295.sys
SafeBoot-62613469.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13 12:57:27
ComboFix-quarantined-files.txt 2013-11-13 17:57
.
Pre-Run: 460,476,727,296 bytes free
Post-Run: 460,298,702,848 bytes free
.
- - End Of File - - FDEE17C04637D7FBFDF56708478C471F
A36C5E4F47E84449FF07ED3517B43A31

**Cynner** · 2013-11-13, 19:07

Hooked up to the Network (we have a busy network):
Router Linksys WRT310nV2 - which has had it's router reset to factory settings a couple of times to try to fix things
My desktop, wired into the network
My husband's desktop, pretty much the same as mine and has the same symptoms, wired into the network
My son's laptop, older HP running Windows Vista, connected via wireless but seldom turned on. Has not been turned on for the last week.
Roommate's laptop, new to the network, the problem has existed longer than she's lived here, but she gets the re-direct error now as well.
3 iPhones (intermittently shows redirect symptoms on Safari when trying to use Google)
1 iPad (intermittently shows redirect symptoms on Safari when trying to use Google)
Playstation 3, wired into the network
2 XBOX systems, wireless on the network
1 AppleTV, wireless on the network, normally turned off
Another Router; Linksys Wireless-G, set up to connect Printer to the network

**Cynner** · 2013-11-13, 19:07

Oh, and a secure Government laptop using VPN through the router that never has any problems.

**OCD** · 2013-11-14, 07:08

Hi Cynner,

You said you reset your router. Please check these instructions and confirm that this is the procedure you followed.

=========================

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for re-directions.

=========================

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

=========================

In your next post please provide the following:
Results.txt

**Cynner** · 2013-11-15, 03:54

Router reset using the 'pinhole'.
I had reset it to factory settings via the admin screen previously.
No re-directs yet, will report again in the morning.

MinitoolBox Result.Txt:

MiniToolBox by Farbar Version: 13-07-2013
Ran by Cynner (administrator) on 14-11-2013 at 21:48:11
Running from "C:\Users\Cynner\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Maleficent
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : A4-BA-DB-01-BB-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5f3:796d:ef:3742%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, November 14, 2013 9:40:49 PM
Lease Expires . . . . . . . . . . : Friday, November 15, 2013 9:40:48 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-F6-A4-DA-A4-BA-DB-01-BB-30
DNS Servers . . . . . . . . . . . : 192.168.1.1
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.md.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:30a0:15af:ba73:c4ec(Preferred)
Link-local IPv6 Address . . . . . : fe80::30a0:15af:ba73:c4ec%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400d:c04::71
74.125.29.101
74.125.29.100
74.125.29.138
74.125.29.139
74.125.29.113
74.125.29.102

Pinging google.com [74.125.29.102] with 32 bytes of data:
Reply from 74.125.29.102: bytes=32 time=21ms TTL=42
Reply from 74.125.29.102: bytes=32 time=22ms TTL=42

Ping statistics for 74.125.29.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=112ms TTL=45
Reply from 206.190.36.45: bytes=32 time=109ms TTL=45

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 112ms, Average = 110ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...a4 ba db 01 bb 30 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 266
192.168.1.100 255.255.255.255 On-link 192.168.1.100 266
192.168.1.255 255.255.255.255 On-link 192.168.1.100 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:9d38:6abd:30a0:15af:ba73:c4ec/128
On-link
10 266 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::30a0:15af:ba73:c4ec/128
On-link
10 266 fe80::d5f3:796d:ef:3742/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2013 00:31:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/14/2013 00:30:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/13/2013 04:55:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/13/2013 08:54:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/13/2013 08:54:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/13/2013 08:54:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/13/2013 00:30:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/12/2013 00:30:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (11/14/2013 09:42:56 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/14/2013 09:42:56 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/14/2013 09:42:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/14/2013 09:40:55 PM) (Source: Service Control Manager) (User: )
Description: The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s).

Error: (11/14/2013 03:22:36 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/14/2013 03:22:36 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/14/2013 03:20:34 AM) (Source: Service Control Manager) (User: )
Description: The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s).

Error: (11/13/2013 00:51:39 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/13/2013 00:50:05 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/13/2013 00:46:59 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (11/14/2013 00:31:12 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/14/2013 00:30:57 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/13/2013 04:55:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cynner\Downloads\esetsmartinstaller_enu.exe

Error: (11/13/2013 08:54:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cynner\Downloads\esetsmartinstaller_enu.exe

Error: (11/13/2013 08:54:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cynner\Downloads\esetsmartinstaller_enu.exe

Error: (11/13/2013 08:54:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cynner\Downloads\esetsmartinstaller_enu.exe

Error: (11/13/2013 00:30:16 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/12/2013 00:30:55 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

CodeIntegrity Errors:
===================================
Date: 2013-11-14 21:39:34.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-14 15:36:45.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-14 05:41:02.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-14 05:29:15.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 18:50:43.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 18:06:00.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 16:42:03.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 15:56:45.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 14:42:36.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 14:03:33.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.2.8900)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.5.146)
Amarok (remove only) (Version: 2.7.0-1)
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)
Anno 2070
Any DVD Converter Professional 4.6.0
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
AviSynth 2.5
BioShock
BioShock 2
BioShock Infinite
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
CPUID CPU-Z 1.64.0
Creative Audio Control Panel (Version: 3.00)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition (Version: 1.02)
D3DX10 (Version: 15.4.2368.0902)
Darksiders
DarksidersInstaller (Version: 1.00.1000)
Dell Support Center (Version: 3.2.6032.125)
Dishonored
EA Installer (Version: 2.2.0.62)
EA Shared Game Component: Activation (Version: 2.2.0)
EA Shared Game Component: Activation (Version: 2.2.0.62)
ERUNT 1.1j
ESET Online Scanner v3
Fallout 3 - Game of the Year Edition
Fallout 3 Patch v1.5 (Version: 1.5)
Fallout: New Vegas
Ghost Master
GOG.com Downloader version 3.4.8 (Version: 3.4.8)
Google Chrome (Version: 31.0.1650.57)
Google Earth (Version: 7.1.1.1888)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.21.165)
GURPS Character Assistant 4
iCloud (Version: 3.0.2.163)
iTunes (Version: 11.1.2.32)
iTunesFolderWatch (Version: 2.1.10)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Codec Pack 9.9.5 (64-bit) (Version: 9.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mass Effect™ 2 (Version: 1.2.1604.0)
Mass Effect™ 3 (Version: 1.05.0.0)
Master of Orion 1 and 2 (Version: 2.0.0.16)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.672.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NirSoft ShellExView
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA 3D Vision Driver 320.78 (Version: 320.78)
NVIDIA Control Panel 320.78 (Version: 320.78)
NVIDIA Graphics Driver 320.78 (Version: 320.78)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2078)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OpenAL
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Origin (Version: 9.1.15.109)
Outcast
PC Tools Registry Mechanic 11.1 (Version: 11.1)
Pharaoh Gold (Version: 2.0.0.12)
Photo Gallery (Version: 16.4.3508.0205)
PS3 Media Server (Version: 1.82.0)
QuickTime (Version: 7.74.80.86)
Raptr
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30093)
Sid Meier's Civilization V
SimCity™ (Version: 1.0.0.0)
SpeedFan (remove only)
Spotify (Version: 0.9.0.133.gd18ed589)
Spybot - Search & Destroy (Version: 2.1.21)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Torchlight
Tropico 4
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 8182.99 MB
Available physical RAM: 6281.2 MB
Total Pagefile: 16364.16 MB
Available Pagefile: 14541.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.53 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:689.15 GB) (Free:427.43 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:9.42 GB) (Free:4.54 GB) NTFS
4 Drive j: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:352.04 GB) NTFS

========================= Users: ========================================

User accounts for \\MALEFICENT

Administrator Cynner Guest
UpdatusUser

**** End of log ****

**OCD** · 2013-11-15, 06:07

Hi Cynner,

No re-directs yet, will report again in the morning.

**Cynner** · 2013-11-16, 03:05

Computer has been good all day today, and I've been googling like mad

Hopefully it sticks!

**OCD** · 2013-11-16, 05:32

Hi Cynner,

Why don't you "test drive" the system for a few days, if all is well we will do some housekeeping and send you on your way.

**OCD** · 2013-11-19, 18:21

Hi Cynner,

How is the computer running?

**OCD** · 2013-11-22, 23:43

Hi Cynner,

Just checking in to see if you still need help?

Thread: Please Help: Constant Hijacking & Shockwave Crashes

Thread Tools

Display

Posting Permissions