Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still have Google Redirect (Waited for months, no reply)

Started by Arpanet , Aug 11 2011 01:49 PM

  • This topic is locked This topic is locked

#1
Arpanet
Posted 11 August 2011 - 01:49 PM

Arpanet

    New Member

  • Member
  • Pip
  • 3 posts
A few months ago I posted in this forum because as far as I know this is the only place where I can get the information I need to get the Google Redirect infection off of my PC. However, like many topics, mine was bumped over and forgotten.

This problem, in case you are unaware, causes the internet browser to redirect to another site if any links are clicked after using a google search. I've run Avira and Malware bytes scans normally and in Safe Mode but it just isn't being detected.

PLEASE HELP, IF YOU CAN. I'VE BEEN PATIENTLY WAITING FOR HELP. IT'S NOT GOING AWAY.

More details available upon request.

Here is the OTL log:

OTL logfile created on: 8/11/2011 3:44:40 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Main\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 72.51% Memory free
6.24 Gb Paging File | 5.23 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 56.56 Gb Free Space | 24.79% Space Free | Partition Type: NTFS
Drive D: | 58.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.77 Gb Total Space | 2.93 Gb Free Space | 77.76% Space Free | Partition Type: FAT32

Computer Name: MAIN-PC | User Name: Main | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/30 10:26:45 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/29 03:26:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/02 20:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Main\Downloads\OTL.exe
PRC - [2011/05/25 02:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/25 02:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/28 03:06:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/04 08:07:50 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2006/08/18 17:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 20:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Main\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/28 19:50:33 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/28 01:22:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 03:26:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/28 03:06:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/10 03:00:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/04 08:07:50 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2009/09/14 15:35:00 | 003,597,136 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2011/06/29 03:26:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 03:26:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/25 02:09:08 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/05/25 02:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/20 13:21:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/13 11:17:58 | 001,472,000 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC30x)
DRV - [2007/12/10 19:15:34 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav211.sys -- (vvftav211)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/09 10:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/06/17 11:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TNET1130.sys -- (TNET1130)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 64 A9 BA E3 0F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {F7E39698-7E13-42E3-BE46-E4C50FD7CE6A}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 10:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 10:26:45 | 000,000,000 | ---D | M]

[2010/01/04 07:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Extensions
[2011/08/11 14:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions
[2011/05/16 00:58:39 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/04/16 01:05:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/21 13:38:35 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/04/16 01:05:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/16 01:05:06 | 000,000,000 | ---D | M] ("Exif Viewer") -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\[email protected]
[2011/03/10 19:35:19 | 000,000,000 | ---D | M] ("MailCatch: Temporary Emails") -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\49c9ar72.default\extensions\[email protected]
[2011/07/12 03:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 20:27:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/14 09:30:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/20 00:43:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/17 22:39:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/16 05:46:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 03:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/06 22:43:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MAIN\APPDATA\LOCAL\{F7E39698-7E13-42E3-BE46-E4C50FD7CE6A}
[2009/12/31 05:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/15 22:39:55 | 000,000,988 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda....AX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/03 22:33:24 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{33d95443-cfec-11df-a4f4-001676c80551}\Shell - "" = AutoRun
O33 - MountPoints2\{33d95443-cfec-11df-a4f4-001676c80551}\Shell\AutoRun\command - "" = G:\install.exe
O33 - MountPoints2\{4964d05f-6731-11e0-a1da-001676c80551}\Shell - "" = AutoRun
O33 - MountPoints2\{4964d05f-6731-11e0-a1da-001676c80551}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{84e806cb-f93f-11de-a77b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84e806cb-f93f-11de-a77b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011/03/03 22:08:03 | 041,104,504 | R--- | M] (Cisco Consumer Products LLC)
O33 - MountPoints2\{9152f09d-ac7f-11df-a9de-001676c80551}\Shell - "" = AutoRun
O33 - MountPoints2\{9152f09d-ac7f-11df-a9de-001676c80551}\Shell\AutoRun\command - "" = F:\Razor1911_Installer.exe
O33 - MountPoints2\{979f7f50-5e9e-11df-9378-001676c80551}\Shell - "" = AutoRun
O33 - MountPoints2\{979f7f50-5e9e-11df-9378-001676c80551}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 14:33:39 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pan Interactive Publishing
[2011/08/10 14:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pan Interactive Publishing
[2011/08/10 14:33:37 | 000,000,000 | ---D | C] -- C:\SMRTGAMS
[2011/08/10 14:33:33 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe
[2011/08/10 14:32:42 | 000,000,000 | ---D | C] -- C:\Users\Main\Desktop\sg2
[2011/08/10 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{581B49DF-AD93-4B05-A2C2-88E198ADFBAF}
[2011/08/10 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{DAB5F268-37F7-4695-A196-7B41E6C5EC35}
[2011/08/10 08:23:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/10 08:23:19 | 000,000,000 | ---D | C] -- C:\a070b44a054aa783fc
[2011/08/09 12:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/09 12:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/08/09 12:38:39 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{994E442E-32CD-48DC-9AF8-F0146B69E463}
[2011/08/09 12:38:03 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{DC37789D-13C7-4F9E-AB1B-8507B1EA95A9}
[2011/08/08 13:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/08/08 13:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2011/08/07 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{4BECD0D5-0DA5-43A4-AF39-9AC46CB53412}
[2011/08/01 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{EF00E950-68B1-4EE6-ACB6-2AA160BEB53A}
[2011/07/29 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{63DA633B-C10E-4161-AC8A-2FEE06C3CD26}
[2011/07/28 02:36:08 | 000,000,000 | ---D | C] -- C:\Users\Main\riotsGamesLogs
[2011/07/27 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{FCA818B8-7EC4-470E-A62F-0B81D2981580}
[2011/07/26 23:53:02 | 000,000,000 | ---D | C] -- C:\Users\Main\Documents\DragonNest
[2011/07/26 17:32:54 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{510C5605-32EB-4753-945C-1796DAEBD694}
[2011/07/24 17:55:53 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{9E20FFDC-062E-4819-A9AC-03DAAD69B9FE}
[2011/07/13 05:10:02 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\{147FDEDA-907D-4F74-B72A-C7E4FE978A3E}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 15:29:03 | 000,166,546 | ---- | M] () -- C:\Users\Main\Desktop\fafsa2.png
[2011/08/11 03:32:37 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 03:32:37 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 03:24:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 03:24:27 | 2515,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 03:02:17 | 000,657,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 03:02:17 | 000,114,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/10 21:01:42 | 000,067,866 | ---- | M] () -- C:\Users\Main\Desktop\gaijin4koma2_peersblog_1200684608.jpg
[2011/08/10 14:33:39 | 000,000,180 | ---- | M] () -- C:\Windows\SMRTGAMS.INI
[2011/08/10 14:33:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/10 14:33:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/08 19:38:24 | 000,155,179 | ---- | M] () -- C:\Users\Main\Desktop\fafsa.png
[2011/08/07 20:45:27 | 000,042,763 | ---- | M] () -- C:\Users\Main\Desktop\1312764100823.jpg
[2011/07/29 04:40:30 | 000,010,181 | ---- | M] () -- C:\Users\Main\Desktop\puzzle.PNG
[2011/07/26 23:52:48 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[2011/07/13 03:20:47 | 000,285,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/11 15:29:03 | 000,166,546 | ---- | C] () -- C:\Users\Main\Desktop\fafsa2.png
[2011/08/10 21:01:38 | 000,067,866 | ---- | C] () -- C:\Users\Main\Desktop\gaijin4koma2_peersblog_1200684608.jpg
[2011/08/10 14:33:37 | 000,000,180 | ---- | C] () -- C:\Windows\SMRTGAMS.INI
[2011/08/10 14:33:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/08/10 14:33:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/08/08 19:38:24 | 000,155,179 | ---- | C] () -- C:\Users\Main\Desktop\fafsa.png
[2011/08/08 13:12:19 | 000,002,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2011/08/07 20:45:24 | 000,042,763 | ---- | C] () -- C:\Users\Main\Desktop\1312764100823.jpg
[2011/07/29 04:40:29 | 000,010,181 | ---- | C] () -- C:\Users\Main\Desktop\puzzle.PNG
[2011/07/26 23:52:48 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/09 17:03:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/06 22:43:25 | 000,000,120 | ---- | C] () -- C:\Users\Main\AppData\Local\Syaxuleboduyev.dat
[2011/04/06 22:43:25 | 000,000,000 | ---- | C] () -- C:\Users\Main\AppData\Local\Thomalosac.bin
[2010/12/20 02:00:15 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2010/12/18 22:47:30 | 000,000,008 | ---- | C] () -- C:\Users\Main\AppData\Roaming\DofusAppId0_3
[2010/12/18 22:18:41 | 000,000,008 | ---- | C] () -- C:\Users\Main\AppData\Roaming\DofusAppId0_1
[2010/12/18 22:15:51 | 000,000,169 | ---- | C] () -- C:\Users\Main\AppData\Roaming\D2Info0
[2010/12/18 22:15:51 | 000,000,008 | ---- | C] () -- C:\Users\Main\AppData\Roaming\DofusAppId0_2
[2010/12/13 00:27:15 | 000,000,038 | ---- | C] () -- C:\Windows\cedt.INI
[2010/12/11 21:49:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/06 20:29:41 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/08/08 21:10:21 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/08 21:10:03 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/08 21:10:02 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/08/08 06:28:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/07/23 01:11:48 | 000,000,036 | ---- | C] () -- C:\Users\Main\AppData\Local\housecall.guid.cache
[2010/06/12 00:33:08 | 000,084,912 | ---- | C] () -- C:\Windows\System32\drivers\FwRad17.bin
[2010/06/12 00:33:08 | 000,083,320 | ---- | C] () -- C:\Windows\System32\drivers\FwRad16.bin
[2010/05/31 03:21:39 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/05/17 10:08:14 | 000,007,603 | ---- | C] () -- C:\Users\Main\AppData\Local\Resmon.ResmonCfg
[2010/04/24 18:50:03 | 000,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2010/01/04 08:07:30 | 000,022,629 | ---- | C] () -- C:\Windows\System32\CiFilter.ini
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,285,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,657,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,114,582 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/18 16:51:16 | 005,304,320 | ---- | C] () -- C:\Windows\System32\digiSealApi.dll

========== LOP Check ==========

[2010/03/07 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\.minecraft
[2010/08/30 23:51:52 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\.purple
[2010/01/04 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\acccore
[2010/12/18 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\app
[2011/05/03 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2010/08/20 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\DAEMON Tools Lite
[2010/12/18 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Dofus 2
[2010/12/18 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/12/18 22:47:30 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/12/18 22:18:41 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/01/08 23:20:40 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Downloaded Installations
[2010/03/15 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Facebook
[2010/11/06 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\GameRanger
[2010/11/06 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\GetRightToGo
[2010/05/31 03:41:38 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\gtk-2.0
[2011/04/27 01:38:11 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\ImgBurn
[2011/04/11 03:00:10 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Keavir
[2010/08/22 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Leadertech
[2010/12/29 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\LolClient
[2011/03/06 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\NeopleLauncherDFO
[2011/01/01 21:38:53 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Notepad++
[2010/01/19 15:48:35 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\OpenOffice.org
[2010/12/18 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/06/23 17:13:48 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\RenPy
[2011/05/19 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\RIFT
[2010/01/04 08:49:34 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\runic games
[2011/05/19 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Three Rings Design
[2010/01/04 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Trillian
[2010/05/22 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\TuneUp Software
[2010/07/27 03:36:42 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Unity
[2011/08/11 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\uTorrent
[2011/04/13 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Wela
[2010/11/26 19:46:21 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\Windows Live Writer
[2011/05/22 07:16:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/09/15 20:33:26 | 000,000,000 | ---D | M](C:\Users\Main\Documents\?? ???) -- C:\Users\Main\Documents\넥슨 플러그
[2010/09/15 20:33:26 | 000,000,000 | ---D | C](C:\Users\Main\Documents\?? ???) -- C:\Users\Main\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
  • 0

Advertisements

#2
Arpanet
Posted 11 August 2011 - 01:58 PM

Arpanet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry if I seem impatient. It's getting hard to ignore that my computer has serious problems every time I use google. I just need some help. I'll download whatever you want... I used TDSS killer and all the other Google Redirect 'Fixes' but nothing ever seems to work. I'm at your mercy...
  • 0

#3
Essexboy
Posted 11 August 2011 - 02:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry about that - but if you had posted in the waiting room you would have been picked up

Do the redirects occur in Firefox, IE or both ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8118
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9050
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8118
    [2011/04/06 22:43:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MAIN\APPDATA\LOCAL\{F7E39698-7E13-42E3-BE46-E4C50FD7CE6A}
    [2011/04/06 22:43:25 | 000,000,120 | ---- | C] () -- C:\Users\Main\AppData\Local\Syaxuleboduyev.dat
    [2011/04/06 22:43:25 | 000,000,000 | ---- | C] () -- C:\Users\Main\AppData\Local\Thomalosac.bin
    [2011/05/03 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
Essexboy
Posted 15 August 2011 - 12:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP