[RESOLVED] Google redirect

**Drs Orders** · August 20th, 2010, 08:17 PM

========== Files - Modified Within 90 Days ==========

[2010/08/20 19:43:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/20 19:43:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/20 18:05:47 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\G-Zapper.lnk
[2010/08/20 18:04:25 | 000,186,500 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/20 18:04:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 18:03:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/20 18:02:52 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 18:01:47 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/08/20 18:01:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/08/20 17:26:56 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/20 17:26:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/20 17:26:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/20 16:56:31 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectSpeed PC Optimizer.lnk
[2010/08/20 16:37:52 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/08/20 10:53:39 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/08/20 10:26:18 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/20 10:21:10 | 046,256,640 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\zaSetup_93_014_000_en.exe
[2010/08/19 22:27:11 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\License.avastlic
[2010/08/19 22:21:42 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/08/19 22:21:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/19 22:17:05 | 053,970,344 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\setup_av_pro(2).exe
[2010/08/19 19:39:52 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/08/18 19:18:22 | 001,346,042 | ---- | M] ( ) -- C:\Documents and Settings\Paul\My Documents\gzappersetup.exe
[2010/08/18 17:00:45 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/08/18 13:27:14 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OTL.exe.lnk
[2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 11:32:12 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/16 22:57:00 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/16 10:38:36 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\msconfig.exe.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 23:19:56 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Notepad.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:10:05 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/14 19:09:45 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\msconfig.exe.lnk
[2010/08/12 06:45:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 14:39:44 | 003,205,656 | ---- | M] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:24:47 | 006,440,112 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 20:21:41 | 000,201,649 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/08/10 20:21:38 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/08/10 20:08:50 | 002,153,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 20:06:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 20:04:43 | 000,584,354 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 20:04:43 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 20:04:43 | 000,087,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 19:58:34 | 000,075,872 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/10 19:55:19 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/08/10 19:49:25 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.bak
[2010/08/10 19:36:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\CCleaner.lnk
[2010/08/10 12:26:36 | 000,237,320 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/08/10 00:24:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/10 00:17:02 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/08/09 22:08:18 | 000,000,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.backup
[2010/08/07 09:33:43 | 002,133,040 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 19:41:50 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:28:39 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/15 10:18:27 | 000,000,600 | ---- | M] () -- C:\WINDOWS\Calendar.INI
[2010/07/08 20:06:13 | 000,000,388 | ---- | M] () -- C:\ACScnLog.ini
[2010/07/01 22:13:25 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 18:38:28 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/20 19:42:27 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/19 23:04:09 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 22:22:19 | 1060,086,801 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/14 05:57:49 | 000,528,384 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosGRP.dll
[2010/06/13 19:13:04 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\I_D.doc
[2010/06/13 19:11:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/11 10:18:46 | 057,634,648 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/06/04 18:32:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/01 11:58:20 | 000,053,248 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosTBsknLib.dll

**Drs Orders** · August 20th, 2010, 08:18 PM

========== Files Created - No Company Name ==========

[2010/08/20 16:56:31 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PerfectSpeed PC Optimizer.lnk
[2010/08/20 10:26:18 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/20 10:19:22 | 046,256,640 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\zaSetup_93_014_000_en.exe
[2010/08/19 22:27:10 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\License.avastlic
[2010/08/19 22:21:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/08/19 22:15:09 | 053,970,344 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\setup_av_pro(2).exe
[2010/08/18 13:27:13 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OTL.exe.lnk
[2010/08/16 22:57:00 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:16:23 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/08/14 19:16:21 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/12 06:45:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 23:10:11 | 000,433,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 19:59:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 19:40:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Paul\NTUSER.tmp.LOG
[2010/08/10 00:24:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/03 19:41:50 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:32:02 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/01 22:13:25 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/27 12:28:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/06/27 12:25:23 | 000,201,649 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/06/27 12:25:23 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/06/24 18:38:28 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/20 20:07:53 | 000,000,388 | ---- | C] () -- C:\ACScnLog.ini
[2010/06/20 19:42:27 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/20 19:39:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0652.old
[2010/06/20 19:38:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/20 19:38:41 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/20 19:38:41 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/20 19:38:32 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/19 23:04:09 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 21:44:07 | 1060,086,801 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/15 16:12:15 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/06/13 19:22:28 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/13 19:11:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/12 22:14:41 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/06/11 10:16:49 | 057,634,648 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/04/29 16:40:03 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/04/16 16:23:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/02/21 15:01:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2010/02/18 19:34:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/15 09:02:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DSSD.ini
[2010/02/10 20:38:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2010/02/10 12:53:39 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2010/02/10 12:53:12 | 000,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/10 12:51:54 | 000,000,768 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/02/09 09:17:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/02/09 08:59:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2010/02/09 08:43:56 | 000,029,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/08 21:07:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010/02/08 21:07:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2010/02/08 17:09:32 | 000,005,627 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/02/08 17:09:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/14 22:47:56 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2008/05/16 18:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 18:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 18:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 18:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 18:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/19 06:46:22 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2002/06/27 19:47:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2002/06/27 19:47:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll
[2002/03/21 12:51:52 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/08/01 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1995/08/18 02:00:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\crlasp95.dll

========== LOP Check ==========

[2010/06/11 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/19 21:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/29 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/02/08 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/09 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2010/04/11 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/16 22:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/09 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ACD Systems
[2010/06/06 14:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/04/29 17:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ascentive
[2010/06/10 19:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/08/20 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CheckPoint
[2010/02/21 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\desksware
[2010/08/11 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/03/12 18:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Image Zone Express
[2010/06/12 22:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\IObit
[2010/02/08 18:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Isota
[2010/03/05 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jasc
[2010/02/08 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/05/10 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MxBoost
[2010/04/18 12:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Opera
[2010/08/20 16:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Uniblue

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C6951A3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

**Broni** · August 20th, 2010, 08:25 PM

OK. Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

**Drs Orders** · August 22nd, 2010, 02:15 PM

QUote > Ran everything and here is the one log .. Ran Kapersky and it was fine too .

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

**Broni** · August 22nd, 2010, 02:16 PM

Perfect!

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

**Drs Orders** · August 22nd, 2010, 02:20 PM

Thanks Broni, Wil do .
I thought he said he removed AVG . I see it in his log i just posted .

**Broni** · August 22nd, 2010, 02:44 PM

Oh, I see, what you're saying.
His current AV program is Avast, correct?
If so, make sure, he runs AVG Remover: http://www.avg.com/us-en/download-tools
Also, make sure his Avast is current and running correctly.

**Drs Orders** · August 22nd, 2010, 02:48 PM

Will do thanks .

**Broni** · August 22nd, 2010, 02:50 PM

Sure thing

**Drs Orders** · August 22nd, 2010, 03:12 PM

Quote >

I still have the redirect virus or what ever it is , I can open anything that I have bookmarked but when I do a google search for something it will bring me to a totally off topic page , I close that tab and hit the link again and it works ?
Other than that the confuser is running great ?

**Broni** · August 22nd, 2010, 03:15 PM

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Now, we need to reset router...

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections

**Drs Orders** · August 22nd, 2010, 03:18 PM

Thanks Broni . you are going way beyond the call of duty on this one .
Appreciate it .

**Broni** · August 22nd, 2010, 03:22 PM

Well, I need to make sure, the computer is 100% cured

**Drs Orders** · August 22nd, 2010, 07:24 PM

Quote >
So far it is good , been checking up on all kinds of stuff and it is taking me to what I should be at .

With your permission i will mark it resolved.

and thanks for all the time and effort you put into fixing it Broni.

**Broni** · August 22nd, 2010, 07:29 PM

Good news

Go ahead

Thread: [RESOLVED] Google redirect

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions