Google links redirected to random ad sites.

View previous topic View next topic Go down

Google links redirected to random ad sites.

Post by seafoamgreen on Mon 26 Jul 2010, 7:14 am

Not always, but often when I click on a link in Google or Yahoo, I get redirected to an advertising site of some sort. None of these sites have any domain or name in common. I've tried everything to fix this problem, but nothing seems to work. The malware has even removed my system restore points. Hitman Pro didn't do the trick, and Malwarebytes closes as soon as I open it (I've tried doing the mbam-clean, restart process and I still cant run Malwarebytes, not even in safe mode or off of a memory stick). This seems to be a very powerful virus, as other programs (such as my HP printing console) refuse to open anymore. Please help me! Thanks in advance.

Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:07:15 PM, on 7/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Hojjat Adeli\My Documents\Downloads\OTL.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: connection manager.lnk = ?
O4 - Global Startup: hpzrcv01.LNK = ?
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 7666 bytes

C:\Documents and Settings\Hojjat Adeli\Desktop\CCleaner.lnk
[2010/07/25 15:24:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 14:01:33 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/13 23:44:12 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/13 23:44:12 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/02/14 16:33:48 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/21 21:18:10 | 000,000,398 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/01/21 21:17:49 | 000,001,205 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/01/21 21:16:29 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2009/10/13 18:29:18 | 000,001,044 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/10/13 18:15:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/10/11 12:54:01 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009/07/06 23:51:16 | 000,000,079 | ---- | C] () -- C:\WINDOWS\uascasio.INI
[2009/07/06 23:47:57 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\UascAsio.dll
[2009/06/21 14:51:09 | 000,000,371 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2009/02/17 16:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\acufutls.dll
[2008/05/16 03:10:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/26 18:19:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/01/15 12:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/06/12 20:59:10 | 000,001,827 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/25 14:31:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/01/21 12:54:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2005/01/07 14:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/04 15:14:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2003/10/15 17:43:46 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2003/08/23 13:59:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2003/08/23 13:59:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2003/08/23 13:59:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2003/08/18 20:21:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/18 20:21:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2003/08/17 11:20:33 | 000,001,253 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/08/17 11:20:22 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2003/08/17 11:20:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2003/08/17 11:20:22 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2003/08/17 11:20:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2003/08/16 15:33:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\mdcgina.dll
[2003/02/22 14:07:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/02/22 13:42:06 | 000,000,134 | ---- | C] () -- C:\WINDOWS\KIDSOFT.INI
[2003/02/21 23:17:59 | 000,000,603 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/21 23:17:55 | 000,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2003/02/18 22:06:19 | 000,000,451 | ---- | C] () -- C:\WINDOWS\yukon.ini
[2002/08/21 05:59:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/21 05:52:40 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/08/21 05:48:49 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/21 04:24:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/05 00:29:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/05/08 07:43:25 | 000,000,188 | -H-- | C] () -- C:\WINDOWS\Mmob864g5s3d6p.dll
[2002/03/26 21:18:24 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/11/14 20:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[28 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[28 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/14 19:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/11/14 19:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/11/14 19:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2001/08/17 18:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2002/03/15 02:14:16 | 000,005,376 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ATIICDXX.SYS
[2001/08/17 18:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys
[2001/08/17 18:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2006/12/19 17:00:56 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) -- C:\WINDOWS\SYSTEM32\hpnucmp.sys
[2007/10/31 12:54:06 | 000,039,552 | ---- | M] (Hewlett-Packard Development Company) -- C:\WINDOWS\SYSTEM32\hpnuhub.sys
[2007/11/23 00:50:10 | 000,018,560 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\SYSTEM32\HPWPAUSB.sys
[2001/08/17 18:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2002/08/29 00:23:06 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\keyboard.sys
[2007/09/27 01:00:02 | 000,470,912 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\SYSTEM32\Mrvw243.sys
[2007/09/27 00:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\SYSTEM32\Mrvw245.sys
[2001/08/17 18:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2001/08/17 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2001/08/17 18:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2001/08/17 18:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2001/08/17 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/04 01:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio.sys
[2004/08/04 01:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio404.sys
[2004/08/04 01:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio411.sys
[2004/08/04 01:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio412.sys
[2004/08/04 01:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio804.sys
[2003/10/22 12:54:14 | 000,016,848 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\Pcandis4.sys
[2003/10/22 12:54:18 | 000,017,162 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\Pcandis5.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[28 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2003/09/02 00:00:00 | 000,184,320 | ---- | M] (Digidesign, A Division of Avid Teechnology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Digiasio.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2001/11/14 19:31:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/30 14:38:43 | 000,000,212 | -HS- | M] () -- C:\BOOT.INI
[2001/11/14 04:35:22 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2001/11/14 19:31:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/08/21 04:28:04 | 000,003,775 | RH-- | M] () -- C:\DELL.SDR
[2008/05/11 14:52:18 | 000,015,982 | ---- | M] () -- C:\drwtsn32.log
[2001/11/14 19:31:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2002/08/21 05:56:19 | 000,000,317 | -H-- | M] () -- C:\IPH.PH
[2001/11/14 19:31:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/09/18 16:59:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/08 23:32:47 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/07/25 15:34:28 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2010/03/30 21:59:29 | 000,000,452 | ---- | M] () -- C:\rkill.log
[2010/07/25 15:34:57 | 000,000,746 | ---- | M] () -- C:\test.txt

< %PROGRAMFILES%\*. >
[2010/03/07 14:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Beatcraft
[2010/07/25 13:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Mixcraft 4
[2010/07/25 13:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
[2009/10/11 20:38:07 | 000,000,000 | ---D | M] -- C:\Program Files\Addictive Drums
[2010/04/04 15:09:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/03/18 15:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Allen
[2010/02/28 23:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2005/03/03 16:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\aod
[2010/01/24 18:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2003/10/24 20:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2010/04/17 22:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2010/04/17 22:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-PRT22-WISE
[2008/01/06 13:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/01/24 18:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2003/08/23 13:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2007/12/25 17:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/07/25 15:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/25 13:25:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/08/21 04:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2002/08/21 05:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/29 13:04:04 | 000,000,000 | ---D | M] -- C:\Program Files\delaydots
[2002/08/05 00:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2002/08/21 05:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2009/07/06 23:46:19 | 000,000,000 | ---D | M] -- C:\Program Files\Digidesign
[2005/01/05 21:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2007/05/15 22:39:53 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/04/05 21:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Easy CD & DVD Cover Creator
[2010/01/17 19:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\EDIROL
[2010/02/28 23:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/01/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/19 03:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/02/14 16:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2010/01/19 03:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/01/18 00:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\HP Wireless Printer Adapter
[2010/01/18 00:45:31 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2002/08/21 05:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2007/08/26 18:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2009/07/08 23:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/13 23:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2003/10/15 17:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\ISODisk
[2002/08/21 05:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/03/07 15:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/30 14:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2003/01/15 06:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Media
[2008/11/17 17:45:50 | 000,000,000 | ---D | M] -- C:\Program Files\Line6
[2009/10/13 18:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2010/07/25 15:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2004/02/01 20:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Merriam-Webster
[2009/07/09 00:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/01 12:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\MGI
[2010/01/18 03:23:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/09 20:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2002/08/21 04:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2002/11/18 04:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2002/08/21 04:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2007/06/25 19:26:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2003/08/16 21:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 2002
[2002/08/21 04:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2002/08/21 04:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2002
[2010/02/28 23:32:56 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2002/08/21 05:52:40 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/03/11 00:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/25 15:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/09 01:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/03 18:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2002/08/21 05:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2002/08/21 04:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/01 22:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/29 13:39:53 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/07/25 13:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Native Instruments
[2009/07/08 23:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/01/06 22:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2009/06/30 14:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\Network Associates
[2002/08/21 04:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/16 14:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/12/27 15:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2006/03/17 22:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Finale
[2010/01/24 18:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/09 01:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/11/17 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\SCMD20
[2010/02/28 23:32:59 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/07/24 00:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 15:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2005/01/07 12:28:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/25 14:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/01/17 19:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\VST
[2008/12/24 22:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2007/03/10 16:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/08 23:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/17 18:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/11/28 14:48:30 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/01/21 12:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2002/08/21 04:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX

< %appdata%\*.* >
[2007/06/25 19:50:26 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\$_hpcst$.hpc
[2003/10/17 17:49:08 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\.C18A67926659B183.sys
[2001/11/14 19:23:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\DESKTOP.INI
[2010/03/15 02:23:56 | 000,089,784 | ---- | M] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/24 22:25:46 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Hojjat Adeli\Application Data\usb.dat


< MD5 for: AGP440.SYS >
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/01/30 02:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:disk.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:disk.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys
[2001/08/17 18:00:00 | 000,033,664 | ---- | M] (Microsoft Corporation) MD5=43A10CD19D648E57ED039A6CAA667A56 -- C:\I386\DISK.SYS

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2001/08/17 18:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2001/08/17 18:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2001/08/17 18:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:usbstor.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2003/08/20 15:30:04 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:usbstor.sys
[2006/09/18 16:41:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2009/07/08 23:25:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-17 21:57:30

========== Alternate Data Streams ==========

@Alternate Data Stream - 1172 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:XgNDQ8DoV0FKsmFQ23IN
@Alternate Data Stream - 1083 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JHSq4tg36zwn2MexRUXR
< End of report >




seafoamgreen

Unborn
Unborn

Posts : 2
Joined : 2010-07-26
Operating System : Windows XP 2002 SP3

View user profile

Back to top Go down

Re: Google links redirected to random ad sites.

Post by seafoamgreen on Mon 26 Jul 2010, 7:15 am

Here's the OTL log;


OTL Extras logfile created on: 7/25/2010 4:01:48 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Hojjat Adeli\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 620.00 Mb Available Physical Memory | 61.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 7.34 Gb Free Space | 26.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 949.09 Mb Total Space | 623.50 Mb Free Space | 65.69% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANA
Current User Name: Hojjat Adeli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2225:TCP" = 2225:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1_01
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{54FCF706-A181-489C-9C34-DBCF764DC214}" = Digidesign ASIO Driver
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94882586-CD3C-4C31-9A84-5636615DC3D7}" = hppscan3390
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1976CB8-C1B7-4E5A-B66D-3C355520303C}" = LiquidInstrumentVst 1.1
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter WUSB300N
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1" = Actiontec MD56ORD V92 MDC Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX 5.0.1 Pro Bundle" = DivX 5.0.1 Pro Bundle
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Line 6 Uninstaller" = Line 6 Uninstaller
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 2:23:45 AM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6500.5000, faulting
module unknown, version 0.0.0.0, fault address 0x3136a2e0.

Error - 4/17/2010 4:09:27 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 4/17/2010 10:48:31 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/5/2010 10:29:20 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/9/2010 9:47:37 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 7/11/2010 2:12:06 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 12.0.0.49974, faulting module
setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 7/11/2010 2:12:16 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 12.0.0.49974, faulting module
setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 7/14/2010 8:06:29 AM | Computer Name = ANA | Source = MsiInstaller | ID = 11327
Description = Product: Native Instruments Guitar Rig 4 -- Error 1327. Invalid Drive:
G:\

Error - 7/14/2010 8:57:52 AM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application install.exe, version 9.0.30729.1, faulting module
install.exe, version 9.0.30729.1, fault address 0x0003f014.

Error - 7/18/2010 10:47:54 PM | Computer Name = ANA | Source = Application Error | ID = 1000
Description = Faulting application 0.009222337404000025.exe, version 0.0.0.0, faulting
module 0.009222337404000025.exe, version 0.0.0.0, fault address 0x00002ccf.

[ System Events ]
Error - 7/25/2010 3:06:05 PM | Computer Name = ANA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/25/2010 3:07:25 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates McShield service failed to start due to the
following error: %%3

Error - 7/25/2010 3:07:25 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates Task Manager service failed to start due to
the following error: %%3

Error - 7/25/2010 3:07:25 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp NaiAvTdi1 vsdatant

Error - 7/25/2010 3:15:10 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates McShield service failed to start due to the
following error: %%3

Error - 7/25/2010 3:15:10 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates Task Manager service failed to start due to
the following error: %%3

Error - 7/25/2010 3:15:15 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp NaiAvTdi1 vsdatant

Error - 7/25/2010 3:34:48 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates McShield service failed to start due to the
following error: %%3

Error - 7/25/2010 3:34:48 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7000
Description = The Network Associates Task Manager service failed to start due to
the following error: %%3

Error - 7/25/2010 3:34:50 PM | Computer Name = ANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp NaiAvTdi1 vsdatant


< End of report >

seafoamgreen

Unborn
Unborn

Posts : 2
Joined : 2010-07-26
Operating System : Windows XP 2002 SP3

View user profile

Back to top Go down

Re: Google links redirected to random ad sites.

Post by DragonMaster Jay on Wed 28 Jul 2010, 7:13 am

Sorry for the delay. We are busy here on the boards. If you are still having issues, please do the following, if possible:

Please download MySystem-Search from here: Download mirror
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google links redirected to random ad sites.

Post by Sponsored content Today at 11:04 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum