Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect problem--- I'm stumped. [Solved]


  • This topic is locked This topic is locked

#1
bobgure

bobgure

    Member

  • Member
  • PipPip
  • 60 posts
Win XP sp3
Dell Dimension 3000
2GB RAM


Hi,and thanks in advance for your help.
My Google searches are being redirected to garbage/ad sites and also to a suspicious looking old style Google page.
My Avast AV did alert me to threats that were supposedly blocked.

I Ran TFC, ERUNT, MBAM (log enclosed)....

GMER kept freezing on me. I tried numerous times to no avail. So no GMER log.
This happened the last time I had a prob posted on here (and was directed to use Combofix at the time with success).

OTL log is also enclosed, although the "Extras.txt" file that was also meant to appear did not come up. I ran the program multiple time with no luck. Sorry!


I've also noticed that I cannot open up Windows Explorer. I click on it, the hourglass appears and then vanishes without anything opening. I'm not sure if any of this mishaps are related.
Thanks again for your help. I've run superantispyware,MBAM,Spybot,Avast and nothing comes up.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4165

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2010 8:06:19 PM
mbam-log-2010-06-02 (20-06-19).txt

Scan type: Quick scan
Objects scanned: 126261
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________________________

OTL logfile created on: 6/2/2010 9:34:44 PM - Run 4
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2045 2245 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.27 Gb Total Space | 7.78 Gb Free Space | 10.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUREVICS
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 21:13:39 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/04 23:15:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/13 06:10:20 | 003,064,824 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/03/13 06:10:16 | 006,658,552 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/27 22:22:44 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 21:13:39 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
MOD - [2010/03/13 06:10:20 | 000,948,728 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/05/13 19:43:56 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/18 14:38:10 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/18 14:38:10 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/03/13 05:39:10 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/03/13 05:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/03/13 05:38:54 | 000,226,680 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/03/21 12:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nyt.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.nyt.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0b8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 20:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 00:05:59 | 000,000,000 | ---D | M]

[2008/09/25 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2010/06/02 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions
[2010/05/30 21:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2008/11/28 23:37:18 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/06/26 12:00:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/25 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions\[email protected]
[2010/05/11 19:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\xsfvnrqh.default\extensions\[email protected]
[2010/06/02 17:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 23:41:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/04 23:13:05 | 000,385,193 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/06/02 06:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/01 19:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/01 19:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/01 19:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\egcfkrjjx
[2010/05/30 21:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/30 21:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/05/30 21:47:50 | 005,178,688 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\WebUpdaterforWindows_242.exe
[2010/05/30 21:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\GARMIN
[2010/05/25 23:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/05/24 22:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\Dynamic Wing Tsun
[2010/05/23 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\uuuuu
[2010/05/23 12:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\New Folder
[2010/05/20 22:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\The.Secret.Life.Of.Bees[2008][Director's.Cut]DvDrip-aXXo
[2010/05/18 22:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\Rapid downloader
[2010/05/12 00:03:29 | 000,053,760 | ---- | C] (Tolunay Orkun) -- C:\Documents and Settings\Bob\Desktop\DRTCP021.exe
[2010/05/07 12:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\dvdcss
[2010/04/16 21:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\OnlineArmor
[2010/04/16 21:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/04/16 21:22:20 | 000,226,680 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/04/16 21:22:20 | 000,029,560 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/04/16 21:22:20 | 000,024,440 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/04/16 21:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2010/04/15 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/04/13 22:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Spirited Away-Sen to Chihiro no kamikakushi[2001]DvDrip Tri Audio[English Japanese French]AC3 5.1[DXO] Various Subtitles
[2010/04/07 16:20:02 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/07 16:20:00 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/07 16:19:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/07 16:19:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/07 16:19:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/07 16:19:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/07 16:19:55 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/07 16:19:42 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/07 16:19:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/07 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/07 12:54:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 20:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/06 12:44:54 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2010/04/04 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/02 22:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\GEEKS NEW
[2010/04/02 14:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/02 10:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickSFV
[2010/03/30 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 19:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/25 18:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Politist Adjectiv
[2010/03/25 14:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Transcribe!
[2010/03/24 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/21 18:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\vlc
[2010/03/20 19:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\The Secret in their Eyes DVDrip rucucu

========== Files - Modified Within 90 Days ==========

[2010/06/02 21:15:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFFA5563-7400-4691-AC84-FAF4191B4D6D}.job
[2010/06/02 21:13:39 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2010/06/02 20:28:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/02 20:26:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 20:25:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 20:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/02 20:24:38 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 19:55:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\NTREGOPT.lnk
[2010/06/02 19:55:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ERUNT.lnk
[2010/06/02 19:52:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\gmer.zip
[2010/06/02 18:17:55 | 016,777,216 | ---- | M] () -- C:\Documents and Settings\Bob\NTUSER.DAT
[2010/06/02 18:17:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob\ntuser.ini
[2010/06/02 10:43:41 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 21:16:04 | 005,178,688 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\WebUpdaterforWindows_242.exe
[2010/06/01 15:52:58 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-06-01-1552.spg
[2010/05/25 23:54:14 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\JDownloader.lnk
[2010/05/22 15:15:46 | 000,013,464 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\BasicMeetingFormat.pdf
[2010/05/18 16:05:51 | 013,494,928 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TheTurningPoint051310.mp3
[2010/05/17 13:59:52 | 000,384,966 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\Ttapering_Pharmacologic_Interventions.pdf
[2010/05/13 15:09:05 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Syd_Ireland number.lnk
[2010/05/12 19:57:01 | 209,715,200 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\SOE-390.avi
[2010/05/12 00:03:29 | 000,053,760 | ---- | M] (Tolunay Orkun) -- C:\Documents and Settings\Bob\Desktop\DRTCP021.exe
[2010/05/11 19:15:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 18:22:30 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-10-1822.spg
[2010/05/10 15:00:23 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-10-1500.spg
[2010/05/09 23:42:45 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2342.spg
[2010/05/09 23:30:13 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2330.spg
[2010/05/09 23:19:08 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2319.spg
[2010/05/09 23:08:32 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2308.spg
[2010/05/07 11:39:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 19:48:41 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-06-1948.spg
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 13:27:09 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-06-1327.spg
[2010/05/02 20:36:15 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Windows Explorer.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 23:28:38 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Spirited Away-Sen to Chihiro no kamikakushi[2001]DvDrip Tri Audio[English Japanese French]AC3 5.1[DXO] Various Subtitles.lnk
[2010/04/21 00:09:55 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to GIRL.lnk
[2010/04/20 23:08:59 | 010,538,628 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Elvis-Costello-Brilliant-Mistake-Milwaukee-7-5-09[www.savevid.com].flv
[2010/04/17 10:51:35 | 000,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/17 10:51:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 10:51:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/16 21:22:30 | 000,105,724 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2010/04/16 19:08:09 | 000,375,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/16 19:08:09 | 000,051,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/11 14:10:58 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-04-11-1410.spg
[2010/04/04 23:13:05 | 000,385,193 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/03 22:12:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 19:41:19 | 000,001,370 | -HS- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 19:41:19 | 000,001,370 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/02 16:20:35 | 000,000,921 | ---- | M] () -- C:\WINDOWS\QSFVExit.bat
[2010/04/02 16:19:08 | 000,382,003 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\NicAnon_Mens Phone List.pdf
[2010/03/27 20:17:38 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SLAA Conf. Ph List.doc
[2010/03/25 22:20:29 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-03-25-2220.spg
[2010/03/24 22:20:07 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 23:58:59 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to The Secret in their Eyes DVDrip rucucu.lnk
[2010/03/19 17:40:50 | 027,110,172 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IATE_035.Vidyamala-Burch.mp3
[2010/03/13 05:39:10 | 000,024,440 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/03/13 05:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/03/13 05:38:54 | 000,226,680 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys

========== Files Created - No Company Name ==========

[2010/06/02 20:13:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\gmer.exe
[2010/06/02 19:55:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\NTREGOPT.lnk
[2010/06/02 19:55:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\ERUNT.lnk
[2010/06/02 19:52:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\gmer.zip
[2010/06/01 15:52:58 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-06-01-1552.spg
[2010/05/25 23:54:14 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\JDownloader.lnk
[2010/05/22 15:15:46 | 000,013,464 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\BasicMeetingFormat.pdf
[2010/05/18 16:05:50 | 013,494,928 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TheTurningPoint051310.mp3
[2010/05/17 13:59:52 | 000,384,966 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\Ttapering_Pharmacologic_Interventions.pdf
[2010/05/13 15:09:05 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Syd_Ireland number.lnk
[2010/05/12 19:41:38 | 209,715,200 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\SOE-390.avi
[2010/05/10 18:22:30 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-10-1822.spg
[2010/05/10 15:00:23 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-10-1500.spg
[2010/05/09 23:42:44 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2342.spg
[2010/05/09 23:30:13 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2330.spg
[2010/05/09 23:19:08 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2319.spg
[2010/05/09 23:08:32 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-09-2308.spg
[2010/05/06 19:48:41 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-06-1948.spg
[2010/05/06 13:27:09 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-05-06-1327.spg
[2010/04/21 23:28:38 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Spirited Away-Sen to Chihiro no kamikakushi[2001]DvDrip Tri Audio[English Japanese French]AC3 5.1[DXO] Various Subtitles.lnk
[2010/04/21 00:09:55 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to GIRL.lnk
[2010/04/20 23:05:20 | 010,538,628 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Elvis-Costello-Brilliant-Mistake-Milwaukee-7-5-09[www.savevid.com].flv
[2010/04/17 11:26:29 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/11 14:10:58 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-04-11-1410.spg
[2010/04/03 22:45:09 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/03 18:16:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 19:37:48 | 000,001,370 | -HS- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 19:37:48 | 000,001,370 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/02 16:20:35 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QSFVExit.bat
[2010/04/02 16:19:08 | 000,382,003 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\NicAnon_Mens Phone List.pdf
[2010/03/27 20:17:36 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SLAA Conf. Ph List.doc
[2010/03/25 22:20:29 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\sg_backup_2010-03-25-2220.spg
[2010/03/21 23:58:59 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to The Secret in their Eyes DVDrip rucucu.lnk
[2010/03/19 17:35:04 | 027,110,172 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IATE_035.Vidyamala-Burch.mp3
[2008/11/06 20:02:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/11/06 20:02:14 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/06/21 13:24:07 | 000,001,473 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2007/07/21 11:38:22 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/21 11:38:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/02/19 23:42:13 | 000,000,191 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/17 01:37:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini
[2006/11/17 01:34:43 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys
[2006/10/09 14:09:42 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2006/10/09 14:09:41 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2006/10/09 14:06:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2006/06/06 22:11:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/06 21:59:34 | 000,000,491 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/16 01:14:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/16 01:12:31 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/16 00:45:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/04/16 00:44:58 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/04/07 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/07/17 13:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/06/29 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/23 20:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/04/16 21:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/05/21 19:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/03/25 22:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/12 13:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/02 15:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/05/20 14:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\.BitTornado
[2009/05/10 19:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Any Video Converter
[2009/04/04 14:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Auslogics
[2007/07/17 21:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Azureus
[2010/05/30 21:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GARMIN
[2009/04/26 11:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro
[2007/07/01 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Leadertech
[2008/01/22 21:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mp3tag
[2008/01/13 23:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\NCH Swift Sound
[2010/04/16 21:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\OnlineArmor
[2009/06/15 18:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Opera
[2009/07/17 13:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit
[2006/09/23 10:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Registry Booster
[2008/01/25 23:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Search Settings
[2007/02/12 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Viewpoint
[2010/06/02 20:28:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/02 21:15:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFFA5563-7400-4691-AC84-FAF4191B4D6D}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/06/06 22:33:49 | 000,000,741 | ---- | M] () -- C:\892.cin
[2006/06/06 22:34:49 | 000,000,665 | ---- | M] () -- C:\900.cin
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/05 11:39:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/17 10:51:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/06 22:56:03 | 000,012,535 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/16 00:48:56 | 000,004,823 | RH-- | M] () -- C:\dell.sdr
[2010/06/02 20:24:38 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2006/06/09 15:10:59 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2006/06/21 10:56:12 | 000,000,240 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/04/16 01:10:24 | 000,000,772 | -H-- | M] () -- C:\IPH.PH
[2010/04/29 16:52:53 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/23 22:36:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/02 20:24:36 | 2144,337,920 | -HS- | M] () -- C:\pagefile.sys
[2006/11/08 16:30:22 | 000,000,097 | ---- | M] () -- C:\RTSPNetSrc.log
[2005/04/16 01:10:35 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2006/12/21 16:09:29 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bob\Desktop\WebUpdaterforWindows_242.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
________________________________________________________________________________
_____

Thanks again.
---- Bob
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
http://www.geekstogo...ts-t267407.html
  • 0

#3
bobgure

bobgure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Thanks for your quick response. :)
I need to clarify that my 'redirect problem' isn't only with Google. It's happening with Bing and my home page and many other places (if that info matters as far as the solution you linked me to).

As for the link to the Redirect solution;
I'm having a problem with the preliminary steps: I cannot run SysRestorePoint.
I get an error message: ".NET Framework Initialization Error. To Run this application you first must install one of the following versions of .NET framework: V2.0.50727"

Should I ignore this and just proceed with the rest of the instructions?

I'll wait for your instructions.
Thanks..
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes go on with the rest of the steps
  • 0

#5
bobgure

bobgure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Hi again,
I ran GooredFix.
I ran TDSSKiller and rebooted.
I tested Google, NY Times, Bing with the searches I had previously used.

The problem seems to be remedied. No redirection of links to bad sites.
Windows Explorer opened up as well!

This is great! :)

Just for safety sake, can we keep this thread open for the next 24 hrs just to make sure there are no further problems?

I'll report back within that time to make it final.

Thanks so much Rorschach112 (Ralphie) for your terrific help.
I'm very relieved.

- Bob in NYC
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sure
  • 0

#7
bobgure

bobgure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Hey...
Everything seems to be working fine.
I've had no mishaps since my last post - it's been smooth riding (or surfing I should say).
Thanks again for your help!
I guess we can close this thread now...case closed. :)

All the best,
Bob in NYC
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP