Google Redirect Virus!?!

3 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Google Redirect Virus!?!18th March 2010, 4:18 am

I got the google redirect virus on my laptop, and malware bytes wont pick it up. How do you fix this problem?

Re: Google Redirect Virus!?!18th March 2010, 12:17 pm

Hi MrPewp,

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)

Please download DDS and save it to your desktop from any of these links:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.com

Your antivirus software might question the file. If it does, allow it.

Double click DDS.scr to run it and wait for the scan to finish
[When finished DDS.txt will open
A small while later, a prompt will open. Answer Yes
DDS will continue scanning
When done, Attach.txt will open

Copy and paste the DDS.txt in your reply.

=========

Last edited by chiaz on 20th March 2010, 9:19 am; edited 1 time in total

Re: Google Redirect Virus!?!18th March 2010, 10:01 pm

Thanks for the help! I really appreciate your spending time on helping me! Smile...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jay Juon at 16:58:26.03 on 03/18/2010 Thu
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2045.1343 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\EmEditor3\EMEDTRAY.EXE
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\lg_swupdate\Gilautouc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jay Juon\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo!Mini] "c:\program files\yahoo!\mini\YMiniUpdat2.exe" -c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LG Intelligent Update] "c:\program files\lg_swupdate\autoupdate.exe" Gilautouc
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LG Magnifier] "c:\program files\lg software\lg magnifier\MagnifyingGlass.exe"
mRun: [KeybdUtility] "c:\program files\lg software\on screen display\HotKey.exe"
mRun: [zOSD] "c:\program files\lg software\on screen display\HotKey.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jayjuo~1\startm~1\programs\startup\starof~1.lnk - c:\program files\sun\staroffice 8\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\emedit~1.lnk - c:\program files\emeditor3\EMEDTRAY.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Bluetooth 장치로 보내기(& One Cool Dude

... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Bluetooth로 보내기 - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: lginnotek.com
Trusted Zone: sun.com
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://gw0.lginnotek.com/kcols/kcolsresource.nsf/ScriptX.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://sso.lginnotek.com/initech/plugin/down/INIS60.cab
DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/BWordAxU.cab
DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} - hxxp://www.my-lg070.net/gnr_misc/lg_voicetest/LGVoipQualityX.cab
DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDnMass.cab
DPF: {80572992-B565-4644-A14F-A6BFDEA55599} - hxxp://pro.i-doctor.co.kr/idoctor/IDLiveU.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://neis.mest.go.kr/cab/msxml4.cab
DPF: {A540427E-B803-4842-BC53-9DB140968449} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/KCOLSAddressBook.cab
DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} - hxxp://sso.lginnotek.com/netclient/n5uaEx.CAB
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} - hxxp://neis.mest.go.kr/cab/ewsinstaller_full.cab
DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDn.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/neisold/npkcx_tech1.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://update.nprotect.net/nprotect2007/neisold/npz.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslvpn.lginnotek.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: {E8077C1D-21D7-453B-9325-1EA7E4B52FD5} = 10.0.1.1
TCP: {F9BB1889-2F73-4C0A-A2D8-13CF12E5F052} = 10.0.1.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jayjuo~1\applic~1\mozilla\firefox\profiles\wob39s4u.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\srs labs\wowhd and tsxt driver\SRS_PostInstaller.exe [2007-8-10 69632]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100312.003\naveng.sys [2010-3-12 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100312.003\navex15.sys [2010-3-12 1324720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-7-16 41376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-16 158720]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2007-8-10 22528]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-26 12672]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\jay juon\desktop\sysprot\sysprotdrv.sys --> c:\documents and settings\jay juon\desktop\sysprot\SysProtDrv.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

============== File Associations ===============

.txt=emeditor.txt

=============== Created Last 30 ================

2010-03-17 23:46:33 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cac62c12ed2eb8.mof
2010-03-13 00:04:51 0 d-----w- c:\program files\VALVe
2010-03-05 07:29:45 4154 ----a-w- c:\windows\Windic40.wav
2010-03-04 04:12:54 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-24 19:26:14 0 d-----w- c:\program files\Kantaris
2010-02-24 08:07:20 0 d-----w- c:\docume~1\jayjuo~1\applic~1\kantaris
2010-02-22 00:25:10 88986 ----a-w- c:\windows\War3Unin.dat
2010-02-22 00:25:09 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-22 00:25:09 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-20 21:25:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 21:25:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 21:25:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 05:56:40 0 d-----w- c:\program files\VideoLAN
2010-02-18 04:40:42 0 d-----w- c:\program files\uTorrent
2010-02-18 04:36:34 0 d-----w- c:\docume~1\jayjuo~1\applic~1\uTorrent

==================== Find3M ====================

2010-03-04 04:13:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-22 01:04:14 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-05 00:49:33 53352 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-22 05:42:49 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42:45 81920 ------w- c:\windows\system32\ieencode.dll

============= FINISH: 16:59:05.67 ===============

Re: Google Redirect Virus!?!18th March 2010, 10:02 pm

Also, I recently got rid of Total PC Protector from my laptop, but now my internet connection has slowed down greatly. Is there anyway to make it faster?
The laptops been getting worse and worse. Everythings slow as heck now.

Re: Google Redirect Virus!?!19th March 2010, 4:02 am

The Internet Connection has stopped altogether. Is there anyway to get it back up? It switches from on and off.

Re: Google Redirect Virus!?!19th March 2010, 10:51 am

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Re: Google Redirect Virus!?!19th March 2010, 10:57 pm

Here you go! Thanks again for helping me! Big Grin

Re: Google Redirect Virus!?!20th March 2010, 3:05 am

I don't see any log posted MrPewp?

Re: Google Redirect Virus!?!20th March 2010, 4:20 am

Woah what the heck? I posted it there though... 0_o Here I'll give it another go.
GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:56 on 19/03/2010 (Jay Juon)
Firefox version 3.6 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:39 18/07/2009]

C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [00:35 07/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:35 01/11/2009]

-=E.O.F=-

Re: Google Redirect Virus!?!20th March 2010, 4:36 am

OK looks like that's not it... let's have you download TDSSKiller and save it to your Desktop.

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

Use your mouse to highlight the following purple text then press Ctrl+C (copy)

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

Go to Start > Run (Or you can hold down your Windows key and press R)
Click in the Run box and press Ctrl+V to paste the text then click OK.

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt". Please copy and paste the contents of that file in your reply.

Re: Google Redirect Virus!?!20th March 2010, 5:06 am

Thanks alot! Big Grin

Here ya go!

00:05:48:203 3528 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
00:05:48:203 3528 ================================================================================
00:05:48:203 3528 SystemInfo:

00:05:48:203 3528 OS Version: 5.1.2600 ServicePack: 2.0
00:05:48:203 3528 Product type: Workstation
00:05:48:203 3528 ComputerName: JAYJUON
00:05:48:203 3528 UserName: Jay Juon
00:05:48:203 3528 Windows directory: C:\WINDOWS
00:05:48:203 3528 Processor architecture: Intel x86
00:05:48:203 3528 Number of processors: 2
00:05:48:203 3528 Page size: 0x1000
00:05:48:203 3528 Boot type: Normal boot
00:05:48:203 3528 ================================================================================
00:05:48:203 3528 UnloadDriverW: NtUnloadDriver error 1
00:05:48:203 3528 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
00:05:48:218 3528 LoadDriverW: Driver already loaded
00:05:48:218 3528 KLMD_DropNLoadW: LoadDriverW(klmd21) error 1056
00:05:48:218 3528 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
00:05:48:218 3528 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:05:48:218 3528 wfopen_ex: Trying to KLMD file open
00:05:48:218 3528 wfopen_ex: File opened ok (Flags 2)
00:05:48:218 3528 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
00:05:48:218 3528 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:05:48:218 3528 wfopen_ex: Trying to KLMD file open
00:05:48:218 3528 wfopen_ex: File opened ok (Flags 2)
00:05:48:218 3528 Initialize success
00:05:48:218 3528
00:05:48:218 3528 Scanning Services ...
00:05:48:656 3528 GetAdvancedServicesInfo: Raw services enum returned 355 services
00:05:48:656 3528
00:05:48:656 3528 Scanning Kernel memory ...
00:05:48:656 3528 Devices to scan: 4
00:05:48:656 3528
00:05:48:656 3528 Driver Name: Disk
00:05:48:656 3528 IRP_MJ_CREATE : F763DC30
00:05:48:656 3528 IRP_MJ_CREATE_NAMED_PIPE : 804F9769
00:05:48:656 3528 IRP_MJ_CLOSE : F763DC30
00:05:48:656 3528 IRP_MJ_READ : F7637D9B
00:05:48:656 3528 IRP_MJ_WRITE : F7637D9B
00:05:48:656 3528 IRP_MJ_QUERY_INFORMATION : 804F9769
00:05:48:656 3528 IRP_MJ_SET_INFORMATION : 804F9769
00:05:48:656 3528 IRP_MJ_QUERY_EA : 804F9769
00:05:48:656 3528 IRP_MJ_SET_EA : 804F9769
00:05:48:656 3528 IRP_MJ_FLUSH_BUFFERS : F7638366
00:05:48:656 3528 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9769
00:05:48:656 3528 IRP_MJ_SET_VOLUME_INFORMATION : 804F9769
00:05:48:656 3528 IRP_MJ_DIRECTORY_CONTROL : 804F9769
00:05:48:656 3528 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9769
00:05:48:656 3528 IRP_MJ_DEVICE_CONTROL : F763844D
00:05:48:656 3528 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
00:05:48:656 3528 IRP_MJ_SHUTDOWN : F7638366
00:05:48:656 3528 IRP_MJ_LOCK_CONTROL : 804F9769
00:05:48:656 3528 IRP_MJ_CLEANUP : 804F9769
00:05:48:656 3528 IRP_MJ_CREATE_MAILSLOT : 804F9769
00:05:48:656 3528 IRP_MJ_QUERY_SECURITY : 804F9769
00:05:48:656 3528 IRP_MJ_SET_SECURITY : 804F9769
00:05:48:656 3528 IRP_MJ_POWER : F7639EF3
00:05:48:656 3528 IRP_MJ_SYSTEM_CONTROL : F763EA24
00:05:48:656 3528 IRP_MJ_DEVICE_CHANGE : 804F9769
00:05:48:656 3528 IRP_MJ_QUERY_QUOTA : 804F9769
00:05:48:656 3528 IRP_MJ_SET_QUOTA : 804F9769
00:05:48:671 3528 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:05:48:671 3528
00:05:48:671 3528 Driver Name: Disk
00:05:48:671 3528 IRP_MJ_CREATE : F763DC30
00:05:48:671 3528 IRP_MJ_CREATE_NAMED_PIPE : 804F9769
00:05:48:671 3528 IRP_MJ_CLOSE : F763DC30
00:05:48:671 3528 IRP_MJ_READ : F7637D9B
00:05:48:671 3528 IRP_MJ_WRITE : F7637D9B
00:05:48:671 3528 IRP_MJ_QUERY_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_SET_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_EA : 804F9769
00:05:48:671 3528 IRP_MJ_SET_EA : 804F9769
00:05:48:671 3528 IRP_MJ_FLUSH_BUFFERS : F7638366
00:05:48:671 3528 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_SET_VOLUME_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_DIRECTORY_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_DEVICE_CONTROL : F763844D
00:05:48:671 3528 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
00:05:48:671 3528 IRP_MJ_SHUTDOWN : F7638366
00:05:48:671 3528 IRP_MJ_LOCK_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_CLEANUP : 804F9769
00:05:48:671 3528 IRP_MJ_CREATE_MAILSLOT : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_SECURITY : 804F9769
00:05:48:671 3528 IRP_MJ_SET_SECURITY : 804F9769
00:05:48:671 3528 IRP_MJ_POWER : F7639EF3
00:05:48:671 3528 IRP_MJ_SYSTEM_CONTROL : F763EA24
00:05:48:671 3528 IRP_MJ_DEVICE_CHANGE : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_QUOTA : 804F9769
00:05:48:671 3528 IRP_MJ_SET_QUOTA : 804F9769
00:05:48:671 3528 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:05:48:671 3528
00:05:48:671 3528 Driver Name: Disk
00:05:48:671 3528 IRP_MJ_CREATE : F763DC30
00:05:48:671 3528 IRP_MJ_CREATE_NAMED_PIPE : 804F9769
00:05:48:671 3528 IRP_MJ_CLOSE : F763DC30
00:05:48:671 3528 IRP_MJ_READ : F7637D9B
00:05:48:671 3528 IRP_MJ_WRITE : F7637D9B
00:05:48:671 3528 IRP_MJ_QUERY_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_SET_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_EA : 804F9769
00:05:48:671 3528 IRP_MJ_SET_EA : 804F9769
00:05:48:671 3528 IRP_MJ_FLUSH_BUFFERS : F7638366
00:05:48:671 3528 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_SET_VOLUME_INFORMATION : 804F9769
00:05:48:671 3528 IRP_MJ_DIRECTORY_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_DEVICE_CONTROL : F763844D
00:05:48:671 3528 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
00:05:48:671 3528 IRP_MJ_SHUTDOWN : F7638366
00:05:48:671 3528 IRP_MJ_LOCK_CONTROL : 804F9769
00:05:48:671 3528 IRP_MJ_CLEANUP : 804F9769
00:05:48:671 3528 IRP_MJ_CREATE_MAILSLOT : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_SECURITY : 804F9769
00:05:48:671 3528 IRP_MJ_SET_SECURITY : 804F9769
00:05:48:671 3528 IRP_MJ_POWER : F7639EF3
00:05:48:671 3528 IRP_MJ_SYSTEM_CONTROL : F763EA24
00:05:48:671 3528 IRP_MJ_DEVICE_CHANGE : 804F9769
00:05:48:671 3528 IRP_MJ_QUERY_QUOTA : 804F9769
00:05:48:671 3528 IRP_MJ_SET_QUOTA : 804F9769
00:05:48:671 3528 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:05:48:671 3528
00:05:48:671 3528 Driver Name: atapi
00:05:48:671 3528 IRP_MJ_CREATE : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_CREATE_NAMED_PIPE : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_CLOSE : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_READ : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_WRITE : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_QUERY_INFORMATION : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SET_INFORMATION : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_QUERY_EA : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SET_EA : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_FLUSH_BUFFERS : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SET_VOLUME_INFORMATION : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_DIRECTORY_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_FILE_SYSTEM_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_DEVICE_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SHUTDOWN : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_LOCK_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_CLEANUP : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_CREATE_MAILSLOT : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_QUERY_SECURITY : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SET_SECURITY : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_POWER : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SYSTEM_CONTROL : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_DEVICE_CHANGE : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_QUERY_QUOTA : 8A4D7CA1
00:05:48:671 3528 IRP_MJ_SET_QUOTA : 8A4D7CA1
00:05:48:671 3528 Driver "atapi" infected by TDSS rootkit!
00:05:48:671 3528 C:\WINDOWS\system32\drivers\tsk47A.tmp - Verdict: 3
00:05:48:671 3528
00:05:48:671 3528 Completed
00:05:48:671 3528
00:05:48:671 3528 Results:
00:05:48:671 3528 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
00:05:48:671 3528 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:05:48:671 3528 File objects infected / cured / cured on reboot: 0 / 0 / 0
00:05:48:671 3528
00:05:48:671 3528 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
00:05:48:671 3528 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
00:05:48:671 3528 UnloadDriverW: NtUnloadDriver error 1
00:05:48:671 3528 KLMD_Unload: UnloadDriverW(klmd21) error 1
00:05:48:687 3528 KLMD(ARK) unloaded successfully

Re: Google Redirect Virus!?!20th March 2010, 6:09 am

As you may have noticed in the log you posted above:

00:05:48:671 3528 Driver "atapi" infected by TDSS rootkit!

Rootkit Warning

Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:
What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:
Identity Theft Victims Guide - What to do
What Should I Do If I've Become A Victim Of Identity Theft?
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Internet Crime Complaint Center (IC3): Filing a Complaint

Although the rootkit was identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?

===============================

Should you decide not to follow that advice, I will do my best to help clean the computer of any infections but I cannot guarantee it to be trustworthy or that the removal will be 100% successful.

If you wish to continue, please run ComboFix:

Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include C:\ComboFix.txt for further review.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Re: Google Redirect Virus!?!20th March 2010, 6:42 am

I'm really scared right now. This is a special laptop, and I don't have the ability to wipe it. So I'll just go with you. Please help me ensure my laptop is safe.

ComboFix 10-03-19.06 - Jay Juon 0/2010 Sat 1:26.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2045.1561 [GMT -5:00]
Running from: c:\documents and settings\Jay Juon\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\inetko.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 03:14 . 2010-03-19 03:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-03-19 02:38 . 2010-03-19 02:38 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-03-18 03:55 . 2010-03-18 03:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-18 02:36 . 2010-03-18 02:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-03-16 01:37 . 2010-03-16 01:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-13 00:04 . 2010-03-13 00:04 -------- d-----w- c:\program files\VALVe
2010-03-06 06:31 . 2010-03-06 06:31 -------- d-----w- c:\documents and settings\Content\System
2010-03-06 06:31 . 2010-03-06 06:31 -------- d-----w- c:\documents and settings\Content
2010-03-04 04:12 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-28 20:43 . 2010-02-28 20:43 15919168 ----a-w- c:\documents and settings\Jay Juon\Application Data\Adobe\Acrobat\6.0\Updater\Ac60PrP1.exe
2010-02-24 19:26 . 2010-02-24 19:26 -------- d-----w- c:\documents and settings\Jay Juon\Local Settings\Application Data\Christofer_Persson
2010-02-24 19:26 . 2010-02-24 19:26 -------- d-----w- c:\program files\Kantaris
2010-02-24 08:07 . 2010-02-24 19:14 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\kantaris
2010-02-23 03:31 . 2010-02-23 03:31 -------- d-----w- c:\program files\Common Files\Apple
2010-02-23 03:26 . 2010-02-23 03:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-02-22 00:25 . 2010-02-23 22:11 88986 ----a-w- c:\windows\War3Unin.dat
2010-02-22 00:25 . 2010-02-23 22:09 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-22 00:25 . 2010-02-23 22:09 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-22 00:23 . 2010-03-03 22:50 -------- d-----w- c:\program files\Warcraft III
2010-02-20 21:52 . 2010-03-14 23:30 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\vlc
2010-02-20 21:25 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 21:25 . 2010-02-20 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-20 21:25 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 05:56 . 2010-02-19 05:56 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 06:35 . 2009-07-17 03:59 -------- d-----w- c:\program files\lg_swupdate
2010-03-20 06:34 . 2009-07-29 00:33 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\StarOffice8
2010-03-20 06:33 . 2009-07-17 11:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-20 06:25 . 2004-08-04 03:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-20 05:02 . 2010-03-20 05:02 95360 ----a-w- c:\windows\system32\drivers\tsk47A.tmp
2010-03-19 04:04 . 2009-07-18 09:21 -------- d-----w- c:\program files\AirPort
2010-03-16 12:21 . 2009-07-17 18:07 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\AdobeUM
2010-03-16 01:41 . 2009-08-20 13:17 -------- d-----w- c:\program files\Safari
2010-03-14 03:14 . 2010-03-04 04:13 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Bioshock
2010-03-14 02:47 . 2010-02-18 04:40 -------- d-----w- c:\program files\uTorrent
2010-03-14 02:46 . 2010-02-18 04:36 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\uTorrent
2010-03-04 04:13 . 2010-03-04 04:13 -------- d--h--r- c:\documents and settings\Jay Juon\Application Data\SecuROM
2010-03-04 04:13 . 2010-03-04 04:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-16 00:05 . 2009-11-08 02:45 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-09 23:07 . 2009-11-08 02:45 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Office Genuine Advantage
2010-02-04 22:31 . 2009-07-17 04:40 58952 ----a-w- c:\documents and settings\Jay Juon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 18:12 . 2010-01-30 18:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 05:14 . 2010-01-05 19:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-25 04:55 . 2010-01-25 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-01-24 06:51 . 2010-03-17 23:00 170862 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Malwarebytes
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 01:58 . 2010-01-24 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-22 01:04 . 2010-01-22 01:04 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-05 00:49 . 2009-08-20 13:18 53352 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-02 19:47 . 2009-11-08 02:45 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-02 19:47 . 2009-11-08 02:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-02 19:47 . 2009-11-08 02:45 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-01 20:01 . 2009-11-08 02:45 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-12-31 16:14 . 2004-08-04 04:14 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-04 05:56 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 05:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 04:12 . 2009-12-22 04:12 1790688 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
2009-12-22 04:12 . 2009-12-22 04:12 1700584 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Yahoo!Mini"="c:\program files\Yahoo!\Mini\YMiniUpdat2.exe" [2009-09-01 777728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LG Intelligent Update"="c:\program files\lg_swupdate\autoupdate.exe" [2008-07-17 126976]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-11 13594624]
"nwiz"="nwiz.exe" [2009-02-11 1657376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-02-28 851968]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"zOSD"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Jay Juon\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]
EmEditor v3.lnk - c:\program files\EmEditor3\EMEDTRAY.EXE [2001-12-13 49152]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-8-5 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\IDOCTOR\\PLUSUP_2.9\\AGENT\\ServiceiDoctorPro.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Documents and Settings\\Jay Juon\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"56682:TCP"= 56682:TCP:Pando Media Booster
"56682:UDP"= 56682:UDP:Pando Media Booster
"59026:TCP"= 59026:TCP:Pando Media Booster
"59026:UDP"= 59026:UDP:Pando Media Booster
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 1:00 AM 316992]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [8/10/2007 9:37 AM 69632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/16/2009 11:04 PM 41376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/16/2009 11:09 PM 158720]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [8/10/2007 9:35 AM 22528]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 5:56 PM 173392]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-19 c:\windows\Tasks\SyncBackSE Design Works 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]

2010-03-19 c:\windows\Tasks\SyncBackSE OutLook 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]
.
.
------- Supplementary Scan -------
.
IE: Bluetooth 장치로 보내기(& One Cool Dude

... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth로 보내기 - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lginnotek.com
Trusted Zone: sun.com
TCP: {E8077C1D-21D7-453B-9325-1EA7E4B52FD5} = 10.0.1.1
TCP: {F9BB1889-2F73-4C0A-A2D8-13CF12E5F052} = 10.0.1.1
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://sso.lginnotek.com/initech/plugin/down/INIS60.cab
DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/BWordAxU.cab
DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} - hxxp://www.my-lg070.net/gnr_misc/lg_voicetest/LGVoipQualityX.cab
DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDnMass.cab
DPF: {80572992-B565-4644-A14F-A6BFDEA55599} - hxxp://pro.i-doctor.co.kr/idoctor/IDLiveU.cab
DPF: {A540427E-B803-4842-BC53-9DB140968449} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/KCOLSAddressBook.cab
DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} - hxxp://sso.lginnotek.com/netclient/n5uaEx.CAB
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} - hxxp://neis.mest.go.kr/cab/ewsinstaller_full.cab
DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} - hxxp://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDn.cab
FF - ProfilePath - c:\documents and settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=emeditor.txt
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
SafeBoot-????淀??????

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 01:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file temp00 matches

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\tsk47A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1592454029-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"慤?"=hex:6c,eb,b6,a0,de,d4,c6,38,2c,71,89,06,7e,ff,df,a3,b5,3d,7a,bc,a3,02,73,
f6,0b,c5,33,c9,51,ca,8d,16,60,8a,42,f7,59,e9,69,c6,cd,ec,bd,bb,cd,2e,f0,31,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Minimal\MmIn*?듍m ?*NtfIH?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Network\MmIn*?듍m ?*NtfIH?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MmIn*?듍m ?*NtfIH?
"ImagePath"=expand:"\\??\\c:\\WINDOWS\\system32\\drivers\\????淀?\02?????.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
c:\program files\lg_swupdate\Gilautouc.exe
.
**************************************************************************
.
Completion time: 2010-03-20 01:39:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 06:39
ComboFix2.txt 2010-02-20 00:55

Pre-Run: 10,701,840,384 bytes free
Post-Run: 10,844,508,160 bytes free

- - End Of File - - 1CC361F5A907E412C7E55F9581A1F8E3

Re: Google Redirect Virus!?!20th March 2010, 7:49 am

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\tsk47A.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Google Redirect Virus!?! CFScript

Refering to the picture above, drag CFScript.txt into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your new reply later.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

===================

Now do this.

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.

Please download gmer.zip by GMER and save it to your desktop.
Right click the file you just downloaded and choose Extract all
Click Next
Click Browse
Click the + next to My Computer
Click Local Disk (C:)
Click Make new folder
Enter GMER
Click OK, then Next
Check Show extracted files and click Finish
Double click on GMER.exe to run it.
Select the Rootkit tab.
On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
Select all drives that are connected to your system to be scanned.
Click on the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into the text editor.
Save the GMER scan log and post it in your next reply.
Close GMER.

Please include the following in your reply:
1) ComboFix.txt
2) GMER log

Re: Google Redirect Virus!?!21st March 2010, 1:58 pm

Worst case scenario just happened. The laptop crashed, blue screen of death whenever I try to turn it on, and my whole emailing system just crashed. Is there any way to try and fix this?

Re: Google Redirect Virus!?!21st March 2010, 2:18 pm

At which stage does the BSOD occur?

We can try restoring your system, but given the problems involved (including the rootkit), I would advise that you get a clean start instead.

But again, it's your choice. Let me know.

Re: Google Redirect Virus!?!22nd March 2010, 9:53 pm

Hmmmm... if I do a clean start, will I lose my antivirus? Also how much money will it cost? If I have to use the Windows XP CD, I think I may have lost it, sine I haven't seen it in a while. Will I lose all my files that I have? I have some files in there that I prefer I would not want to lose.

Re: Google Redirect Virus!?!22nd March 2010, 11:32 pm

We have diagnosis that we can do to remove the rootkit.

Chiaz, contact me.

Re: Google Redirect Virus!?!22nd March 2010, 11:55 pm

Umm, I managed to back up both of my files for the laptop using Ubuntu, and i can go on the internet and stuff. I can still fix the laptop on Ubuntu, right? If so, shoot the next scan at me! I'm ready! Thanks a lot by the way! Thank You!

Re: Google Redirect Virus!?!23rd March 2010, 12:08 am

Wait no scratch that. Seems all my files have been damaged or corrupted somehow, and I can't open anything on Ubuntu. Now I'm stumped on how this happened. Also, seems like the laptop's a bit haywire, and unstable. Not to mention Ubuntu isn't that great of a thing to use. The laptop is so messed up, I want to cry out of frustration.

Here's the exact situation. I can't log into Windows XP, since I get the Blue Screen of Death everytime. Also, I'm using a program called Ubuntu as a temporary replacement to Windows XP. Problem is, it doesn't really have the capability to open many files. First problem that needs solving is the matter of getting Windows XP back up, I guess. I can't use Windows Recovery Console, since that just leads to the BSoD. Can't go on Safe Mode either. Any suggestions?

Re: Google Redirect Virus!?!23rd March 2010, 5:16 am

Let's try some recovery action...

First
ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Re: Google Redirect Virus!?!23rd March 2010, 10:08 pm

Here you go! I appreciate the help. I'm also learning about the computer bit by bit through this. Not enough to fix it, and I'm never going to try without help, but at least I got some interesting tidbits to learn. Big Grin

OTL logfile created on: 3/23/2010 11:01:31 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 12.13 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
Drive D: | 193.82 Gb Total Space | 48.62 Gb Free Space | 25.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2007/12/26 03:05:48 | 000,415,072 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/08/10 10:37:00 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/21 08:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006/08/22 02:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2004/10/06 18:56:48 | 000,173,392 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/10/06 18:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/10/06 18:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/11 19:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 21:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 21:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 21:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2001/11/23 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (浍湉ﬀ訐淀訉ȅ瑎䥦ై訇)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (SysProtDrv.sys)
DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/03/12 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100312.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/12 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100312.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/17 14:55:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/23 21:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/10 21:08:00 | 006,253,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/25 03:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/16 18:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/10/07 01:06:34 | 000,158,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/25 06:39:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/07/21 11:48:52 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/21 11:48:52 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/07/21 11:48:52 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/21 11:48:52 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/07/21 11:48:52 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/26 00:38:08 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/12/06 04:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/10 10:35:56 | 000,022,528 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 08:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/11 19:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 19:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2001/08/23 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1998/07/10 05:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jay_Juon_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/sfbay.pac"
FF - prefs.js..network.proxy.ftp: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/11 22:15:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 01:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/01 09:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/07/18 00:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Extensions
[2010/03/20 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions
[2009/11/06 20:35:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/28 23:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/11/18 09:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/01/01 15:35:43 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/03/20 02:33:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Jay_Juon_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\autoupdate.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKU\HelpAssistant_ON_C..\Run: [cdloader] C:\Documents and Settings\Jay Juon\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\HelpAssistant_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\HelpAssistant_ON_C..\Run: [test] D:\Combat.Arms.NX_own\Bettler.exe File not found
O4 - HKU\HelpAssistant_ON_C..\Run: [Yahoo!Mini] C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe ()
O4 - HKU\Jay_Juon_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Jay_Juon_ON_C..\Run: [Yahoo!Mini] C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EmEditor v3.lnk = C:\Program Files\EmEditor3\EMEDTRAY.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Jay Juon\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bluetooth 장치로 보내기(& One Cool Dude

... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Bluetooth로 보내기 - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://gw0.lginnotek.com/kcols/kcolsresource.nsf/scriptX.cab (MeadCo scriptX)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://sso.lginnotek.com/initech/plugin/down/INIS60.cab (INISAFEWeb6 V6 Class)
O16 - DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/BWordAxU.cab (BWordAxU Control)
O16 - DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} http://www.my-lg070.net/gnr_misc/lg_voicetest/LGVoipQualityX.cab (LGVoIPQualityX Control)
O16 - DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDnMass.cab (FileUpDownMass Control)
O16 - DPF: {80572992-B565-4644-A14F-A6BFDEA55599} http://pro.i-doctor.co.kr/idoctor/IDLiveU.cab (CIDoctorLiveUpdateLuncherCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://neis.mest.go.kr/cab/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {A540427E-B803-4842-BC53-9DB140968449} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/KCOLSAddressBook.cab (27)
O16 - DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} http://sso.lginnotek.com/netclient/n5uaEx.CAB (n5uaEx Control)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://neis.mest.go.kr/cab/ewsinstaller_full.cab (EwsLoader Class)
O16 - DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDn.cab (FileUpDown Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/neisold/npkcx_tech1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://sslvpn.lginnotek.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 23:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell - "" = AutoRun
O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{e6a26af8-ac9f-11de-9984-00238bbc4f8a}\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 16:46:23 | 000,000,000 | ---D | C] -- C:\GMER
[2010/03/20 16:45:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/20 02:42:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/03/20 02:19:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/20 02:19:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/20 02:19:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/20 02:19:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/20 02:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/18 22:38:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData
[2010/03/17 23:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/17 23:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents\My eBooks
[2010/03/17 23:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/03/17 22:36:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/03/17 02:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/17 02:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/17 00:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/17 00:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/15 00:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Desktop\bulbul
[2010/03/12 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\VALVe
[2010/03/06 02:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\My Documents\Bioshock
[2010/03/04 00:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\Bioshock
[2010/03/04 00:13:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jay Juon\Application Data\SecuROM
[2010/03/04 00:13:27 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/03 20:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\WinRAR
[2010/03/03 20:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/24 15:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\Christofer_Persson
[2010/02/24 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kantaris
[2010/02/24 04:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\kantaris
[2010/02/22 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 16:59:39 | 000,000,957 | ---- | M] () -- C:\WINDOWS\lgcenter.ini
[2010/03/20 16:59:30 | 000,009,273 | ---- | M] () -- C:\WINDOWS\lg_up.ini
[2010/03/20 16:44:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 16:43:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 16:39:01 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\NTUSER.DAT
[2010/03/20 16:31:42 | 003,895,816 | R--- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\ComboFix.exe
[2010/03/20 16:31:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\gmer.zip
[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE Design Works 1.job
[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE OutLook 1.job
[2010/03/20 02:33:46 | 000,196,023 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/20 02:33:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/20 02:33:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 02:33:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/19 01:45:46 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Test Cheat Sheet.doc
[2010/03/19 00:13:23 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/18 23:33:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay Juon\ntuser.ini
[2010/03/17 19:46:33 | 000,510,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 19:46:33 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 19:46:33 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:09:20 | 000,014,385 | ---- | M] () -- C:\WINDOWS\Windic40.cfg
[2010/03/17 18:08:59 | 000,004,154 | ---- | M] () -- C:\WINDOWS\Windic40.wav
[2010/03/15 21:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/12 21:09:27 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Counter-Strike Source.lnk
[2010/03/12 19:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 14:03:59 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 02:37:17 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The End of the Affair.doc
[2010/03/09 02:53:06 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Building Your Case.doc
[2010/03/07 18:56:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Section Review 9B-9C.doc
[2010/03/06 17:36:48 | 000,824,096 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\IconCache.db
[2010/03/05 21:55:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 00:13:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/02/26 02:35:12 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Section Review 9A 1-2.doc
[2010/02/25 19:36:45 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter Review 9.doc
[2010/02/25 02:23:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Upside down man in party hat..doc
[2010/02/24 15:26:34 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Kantaris.lnk
[2010/02/23 18:11:36 | 000,088,986 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/02/23 18:10:32 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Frozen Throne.lnk
[2010/02/23 18:09:35 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010/02/23 18:09:35 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vevayadi
[2010/03/20 16:31:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\gmer.zip
[2010/03/20 16:31:06 | 003,895,816 | R--- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\ComboFix.exe
[2010/03/20 02:19:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/20 02:19:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/20 02:19:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/20 02:19:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/20 02:19:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/17 21:04:59 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Test Cheat Sheet.doc
[2010/03/12 20:27:37 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Counter-Strike Source.lnk
[2010/03/10 02:37:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\The End of the Affair.doc
[2010/03/09 02:53:06 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Building Your Case.doc
[2010/03/05 03:29:45 | 000,004,154 | ---- | C] () -- C:\WINDOWS\Windic40.wav
[2010/03/04 00:20:43 | 016,302,080 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Bioshock.exe
[2010/02/26 18:35:34 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Section Review 9B-9C.doc
[2010/02/26 02:35:12 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Section Review 9A 1-2.doc
[2010/02/25 02:11:19 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Upside down man in party hat..doc
[2010/02/25 01:24:34 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter Review 9.doc
[2010/02/24 15:26:34 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Kantaris.lnk
[2010/02/23 18:10:32 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Frozen Throne.lnk
[2010/01/21 21:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\.sys
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/25 11:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/07/20 19:04:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/07/20 19:04:36 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/07/20 19:04:18 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5250DN.INI
[2009/07/20 19:03:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll
[2009/07/18 05:36:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/07/18 05:36:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2009/07/18 05:26:21 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/07/18 05:26:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/07/18 05:26:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/17 15:05:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2009/07/17 14:56:42 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PACsFile001.dll
[2009/07/17 14:55:06 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/07/17 14:17:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2009/07/17 14:17:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\amcis.dll
[2009/07/17 07:44:24 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2009/07/17 07:44:23 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2009/07/17 07:39:23 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 00:58:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/17 00:07:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/07/17 00:00:06 | 000,009,273 | ---- | C] () -- C:\WINDOWS\lg_up.ini
[2009/07/16 23:55:45 | 000,000,957 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2008/11/21 23:51:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/21 23:51:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/21 23:51:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/21 23:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/20 17:56:26 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/08/10 10:35:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2007/08/10 10:35:24 | 000,044,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/07/24 11:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/07/17 14:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ACD Systems
[2010/03/13 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Bioshock
[2009/07/17 18:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\DownStream Technologies
[2009/07/31 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\FileZilla
[2009/09/18 09:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ICAClient
[2009/08/20 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Juniper Networks
[2010/02/24 15:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\kantaris
[2009/08/29 10:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\mjusbsp
[2009/11/07 22:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\NeopleLauncherDFO
[2009/12/08 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Nexon
[2009/07/22 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Smith Micro
[2009/07/17 00:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\SRSCPL
[2010/03/20 02:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\StarOffice8
[2009/07/21 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Thunderbird
[2010/03/13 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\uTorrent
[2009/07/20 23:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE Design Works 1.job
[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE OutLook 1.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/03/15 21:20:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\담뽀 쪽지함
[2010/01/26 19:01:23 | 000,036,864 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\HelpAssistant\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2010/01/26 19:01:23 | 000,001,811 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\청주MES_Metaframe.lnk
[2010/01/26 19:01:23 | 000,001,805 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\오산MES_Metaframe.lnk
[2010/01/26 19:01:23 | 000,000,756 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\미니.lnk
[2009/12/19 13:06:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\넥슨 플러그
[2009/12/19 13:06:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\넥슨 플러그
[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\청주MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\청주MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\오산MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\오산MES_Metaframe.lnk
[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\Jay Juon\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\HelpAssistant\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2009/09/04 11:57:52 | 000,001,811 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\청주MES_Metaframe.lnk
[2009/09/04 11:57:52 | 000,001,805 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\오산MES_Metaframe.lnk
[2009/09/02 19:04:32 | 000,036,864 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\Jay Juon\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\미니.lnk
[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\미니.lnk
[2009/08/20 11:08:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\RF PCB ???) -- C:\Documents and Settings\Jay Juon\My Documents\RF PCB 자료들
[2009/08/20 11:08:16 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\RF PCB ???) -- C:\Documents and Settings\Jay Juon\My Documents\RF PCB 자료들
[2009/08/16 21:55:36 | 000,103,180 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.pdf) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.pdf
[2009/08/16 21:55:26 | 000,103,180 | ---- | C] ()(C:\Documents and Settings\Jay Juon\My Documents\???.pdf) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.pdf
[2009/08/16 21:54:42 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.doc) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.doc
[2009/08/16 21:54:42 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Jay Juon\My Documents\???.doc) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.doc
[2009/08/03 15:12:38 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\담뽀 쪽지함
[2009/07/23 16:34:16 | 000,000,756 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\미니.lnk
< End of report >
[2010/03/20 16:59:39 | 000,000,957 | ---- | M] () -- C:\WINDOWS\lgcenter.ini
[2010/03/20 16:59:30 | 000,009,273 | ---- | M] () -- C:\WINDOWS\lg_up.ini
[2010/03/20 16:44:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 16:43:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 16:39:01 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\NTUSER.DAT
[2010/03/20 16:31:42 | 003,895,816 | R--- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\ComboFix.exe
[2010/03/20 16:31:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\gmer.zip
[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE Design Works 1.job
[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE OutLook 1.job
[2010/03/20 02:33:46 | 000,196,023 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/20 02:33:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/20 02:33:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 02:33:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/19 01:45:46 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Test Cheat Sheet.doc
[2010/03/19 00:13:23 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/18 23:33:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay Juon\ntuser.ini
[2010/03/17 19:46:33 | 000,510,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 19:46:33 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 19:46:33 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:09:20 | 000,014,385 | ---- | M] () -- C:\WINDOWS\Windic40.cfg
[2010/03/17 18:08:59 | 000,004,154 | ---- | M] () -- C:\WINDOWS\Windic40.wav
[2010/03/15 21:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/12 21:09:27 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Counter-Strike Source.lnk
[2010/03/12 19:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 14:03:59 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 02:37:17 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The End of the Affair.doc
[2010/03/09 02:53:06 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Building Your Case.doc
[2010/03/07 18:56:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Section Review 9B-9C.doc
[2010/03/06 17:36:48 | 000,824,096 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\IconCache.db
[2010/03/05 21:55:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 00:13:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/02/26 02:35:12 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Section Review 9A 1-2.doc
[2010/02/25 19:36:45 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter Review 9.doc
[2010/02/25 02:23:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Upside down man in party hat..doc
[2010/02/24 15:26:34 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Kantaris.lnk
[2010/02/23 18:11:36 | 000,088,986 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/02/23 18:10:32 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Frozen Throne.lnk
[2010/02/23 18:09:35 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010/02/23 18:09:35 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== LOP Check ==========

[2009/07/24 11:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/07/17 14:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ACD Systems
[2010/03/13 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Bioshock
[2009/07/17 18:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\DownStream Technologies
[2009/07/31 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\FileZilla
[2009/09/18 09:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ICAClient
[2009/08/20 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Juniper Networks
[2010/02/24 15:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\kantaris
[2009/08/29 10:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\mjusbsp
[2009/11/07 22:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\NeopleLauncherDFO
[2009/12/08 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Nexon
[2009/07/22 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Smith Micro
[2009/07/17 00:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\SRSCPL
[2010/03/20 02:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\StarOffice8
[2009/07/21 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Thunderbird
[2010/03/13 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\uTorrent
[2009/07/20 23:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE Design Works 1.job
[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE OutLook 1.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/03/15 21:20:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\담뽀 쪽지함
[2009/12/19 13:06:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\넥슨 플러그
[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\청주MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\청주MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\오산MES_Metaframe.lnk
[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\오산MES_Metaframe.lnk
[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\Jay Juon\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\HelpAssistant\Desktop\NPI 및 업무개선 관련 토의_090828.xls
[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\미니.lnk
[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\미니.lnk
[2009/08/20 11:08:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\RF PCB ???) -- C:\Documents and Settings\Jay Juon\My Documents\RF PCB 자료들
[2009/08/16 21:55:36 | 000,103,180 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.pdf) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.pdf
[2009/08/16 21:54:42 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.doc) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.doc

< End of report >
[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE Design Works 1.job
[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE OutLook 1.job

========== Purity Check ==========

< End of report >

Re: Google Redirect Virus!?!24th March 2010, 1:55 am

Thanks for that.

Now open OTLPE and enter the following in the Custom Scans box and click Quick Scan:

/md5start
atapi.sys
/md5stop

Post the resulting log from it.

Re: Google Redirect Virus!?!24th March 2010, 2:38 am

Thanks for the help, yet again. Words can't describe the relief that this gives me. Smile...

OTL logfile created on: 3/24/2010 10:26:12 PM - Run

OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 12.13 Gb Free Space | 31.06% Space Free | Partition Type: NTFS

Drive D: | 193.82 Gb Total Space | 48.62 Gb Free Space | 25.09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2007/12/26 03:05:48 | 000,415,072 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2007/08/10 10:37:00 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)

SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006/12/21 08:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2006/08/22 02:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

SRV - [2004/10/06 18:56:48 | 000,173,392 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2004/10/06 18:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2004/10/06 18:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2004/06/11 19:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2004/06/09 21:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2004/06/09 21:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2004/06/09 21:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2001/11/23 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (浍湉ﬀ訐淀訉ȅ瑎䥦ై訇)

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)

DRV - File not found [Kernel | On_Demand] -- -- (SysProtDrv.sys)

DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)

DRV - File not found [Adapter | Unavailable] -- -- (PnSson)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2010/03/12 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100312.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/03/12 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100312.003\NAVENG.SYS -- (NAVENG)

DRV - [2009/07/17 14:55:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)

DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/03/23 21:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/02/10 21:08:00 | 006,253,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/11/25 03:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/11/16 18:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)

DRV - [2008/10/07 01:06:34 | 000,158,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)

DRV - [2008/09/25 06:39:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008/07/21 11:48:52 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2008/07/21 11:48:52 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2008/07/21 11:48:52 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2008/07/21 11:48:52 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2008/07/21 11:48:52 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2007/12/26 00:38:08 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2007/12/06 04:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/08/10 10:35:56 | 000,022,528 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)

DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/12/21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

DRV - [2006/12/21 08:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)

DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)

DRV - [2006/11/22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2006/11/22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/06/11 19:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2004/06/11 19:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)

DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2001/08/23 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [1998/07/10 05:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jay_Juon_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/sfbay.pac"

FF - prefs.js..network.proxy.ftp: "webcache.sfbay.sun.com "

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "webcache.sfbay.sun.com "

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "webcache.sfbay.sun.com "

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.ssl: "webcache.sfbay.sun.com "

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/11 22:15:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 01:11:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/01 09:28:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/07/18 00:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Extensions

[2010/03/20 13:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions

[2009/11/06 20:35:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/07/28 23:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll

[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll

[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll

[2008/11/18 09:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll

[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2010/01/01 15:35:43 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/03/20 02:33:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\Jay_Juon_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)

O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\autoupdate.exe (BIT LEADER)

O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)

O4 - HKU\HelpAssistant_ON_C..\Run: [cdloader] C:\Documents and Settings\Jay Juon\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\HelpAssistant_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\HelpAssistant_ON_C..\Run: [test] D:\Combat.Arms.NX_own\Bettler.exe File not found

O4 - HKU\HelpAssistant_ON_C..\Run: [Yahoo!Mini] C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe ()

O4 - HKU\Jay_Juon_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\Jay_Juon_ON_C..\Run: [Yahoo!Mini] C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EmEditor v3.lnk = C:\Program Files\EmEditor3\EMEDTRAY.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Documents and Settings\Jay Juon\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Jay_Juon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Bluetooth 장치로 보내기(& One Cool Dude

... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Bluetooth로 보내기 - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://gw0.lginnotek.com/kcols/kcolsresource.nsf/scriptX.cab (MeadCo scriptX)

O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://sso.lginnotek.com/initech/plugin/down/INIS60.cab (INISAFEWeb6 V6 Class)

O16 - DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/BWordAxU.cab (BWordAxU Control)

O16 - DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} http://www.my-lg070.net/gnr_misc/lg_voicetest/LGVoipQualityX.cab (LGVoIPQualityX Control)

O16 - DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDnMass.cab (FileUpDownMass Control)

O16 - DPF: {80572992-B565-4644-A14F-A6BFDEA55599} http://pro.i-doctor.co.kr/idoctor/IDLiveU.cab (CIDoctorLiveUpdateLuncherCtrl Object)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://neis.mest.go.kr/cab/msxml4.cab (XML DOM Document 4.0)

O16 - DPF: {A540427E-B803-4842-BC53-9DB140968449} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/KCOLSAddressBook.cab (27)

O16 - DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} http://sso.lginnotek.com/netclient/n5uaEx.CAB (n5uaEx Control)

O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://neis.mest.go.kr/cab/ewsinstaller_full.cab (EwsLoader Class)

O16 - DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} http://mail0.lginnotek.com/kcols/kcolsresource.nsf/FX-FileUpDn.cab (FileUpDown Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/neisold/npkcx_tech1.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://sslvpn.lginnotek.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/16 23:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell - "" = AutoRun

O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{504521d6-7709-11de-98d3-00238bbc4f8a}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- File not found

O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{d1f64690-83de-11de-9908-00238bbc4f8a}\Shell\phone\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{e6a26af8-ac9f-11de-9984-00238bbc4f8a}\Shell\AutoRun\command - "" = WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 16:46:23 | 000,000,000 | ---D | C] -- C:\GMER

[2010/03/20 16:45:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/20 02:42:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies

[2010/03/20 02:19:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/20 02:19:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/20 02:19:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/20 02:19:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/20 02:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/18 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer

[2010/03/18 22:38:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\UserData

[2010/03/17 23:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/03/17 23:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents\My eBooks

[2010/03/17 23:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents

[2010/03/17 22:36:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData

[2010/03/17 02:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/03/17 02:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/03/17 00:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/03/17 00:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/03/15 00:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Desktop\bulbul

[2010/03/12 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\VALVe

[2010/03/06 02:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\My Documents\Bioshock

[2010/03/04 00:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\Bioshock

[2010/03/04 00:13:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jay Juon\Application Data\SecuROM

[2010/03/04 00:13:27 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010/03/03 20:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\WinRAR

[2010/03/03 20:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/02/24 15:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\Christofer_Persson

[2010/02/24 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kantaris

[2010/02/24 04:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\kantaris

[2010/02/22 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 16:59:39 | 000,000,957 | ---- | M] () -- C:\WINDOWS\lgcenter.ini

[2010/03/20 16:59:30 | 000,009,273 | ---- | M] () -- C:\WINDOWS\lg_up.ini

[2010/03/20 16:44:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/20 16:43:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/20 16:39:01 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\NTUSER.DAT

[2010/03/20 16:31:42 | 003,895,816 | R--- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\ComboFix.exe

[2010/03/20 16:31:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\gmer.zip

[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE Design Works 1.job

[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE OutLook 1.job

[2010/03/20 02:33:46 | 000,196,023 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/03/20 02:33:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/03/20 02:33:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/20 02:33:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/03/20 02:32:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/03/19 01:45:46 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Test Cheat Sheet.doc

[2010/03/19 00:13:23 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/03/18 23:33:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay Juon\ntuser.ini

[2010/03/17 19:46:33 | 000,510,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/17 19:46:33 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/17 19:46:33 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/17 18:09:20 | 000,014,385 | ---- | M] () -- C:\WINDOWS\Windic40.cfg

[2010/03/17 18:08:59 | 000,004,154 | ---- | M] () -- C:\WINDOWS\Windic40.wav

[2010/03/15 21:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/12 21:09:27 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Counter-Strike Source.lnk

[2010/03/12 19:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010/03/10 14:03:59 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/03/10 02:37:17 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The End of the Affair.doc

[2010/03/09 02:53:06 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Building Your Case.doc

[2010/03/07 18:56:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Section Review 9B-9C.doc

[2010/03/06 17:36:48 | 000,824,096 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\IconCache.db

[2010/03/05 21:55:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/04 00:13:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010/02/26 02:35:12 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Section Review 9A 1-2.doc

[2010/02/25 19:36:45 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter Review 9.doc

[2010/02/25 02:23:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Upside down man in party hat..doc

[2010/02/24 15:26:34 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Kantaris.lnk

[2010/02/23 18:11:36 | 000,088,986 | ---- | M] () -- C:\WINDOWS\War3Unin.dat

[2010/02/23 18:10:32 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Desktop\Frozen Throne.lnk

[2010/02/23 18:09:35 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe

[2010/02/23 18:09:35 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif

[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vevayadi

[2010/03/20 16:31:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\gmer.zip

[2010/03/20 16:31:06 | 003,895,816 | R--- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\ComboFix.exe

[2010/03/20 02:19:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/20 02:19:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/20 02:19:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/20 02:19:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/20 02:19:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/17 21:04:59 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Test Cheat Sheet.doc

[2010/03/12 20:27:37 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Counter-Strike Source.lnk

[2010/03/10 02:37:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\The End of the Affair.doc

[2010/03/09 02:53:06 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Building Your Case.doc

[2010/03/05 03:29:45 | 000,004,154 | ---- | C] () -- C:\WINDOWS\Windic40.wav

[2010/03/04 00:20:43 | 016,302,080 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Bioshock.exe

[2010/02/26 18:35:34 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Section Review 9B-9C.doc

[2010/02/26 02:35:12 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Section Review 9A 1-2.doc

[2010/02/25 02:11:19 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Upside down man in party hat..doc

[2010/02/25 01:24:34 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter Review 9.doc

[2010/02/24 15:26:34 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Kantaris.lnk

[2010/02/23 18:10:32 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Desktop\Frozen Throne.lnk

[2010/01/21 21:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\.sys

[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/25 11:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/07/20 19:04:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2009/07/20 19:04:36 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2009/07/20 19:04:18 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5250DN.INI

[2009/07/20 19:03:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll

[2009/07/18 05:36:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009/07/18 05:36:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini

[2009/07/18 05:26:21 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2009/07/18 05:26:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2009/07/18 05:26:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/07/17 15:05:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys

[2009/07/17 14:56:42 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PACsFile001.dll

[2009/07/17 14:55:06 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys

[2009/07/17 14:17:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll

[2009/07/17 14:17:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\amcis.dll

[2009/07/17 07:44:24 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys

[2009/07/17 07:44:23 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll

[2009/07/17 07:39:23 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/17 00:58:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/17 00:07:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/07/17 00:00:06 | 000,009,273 | ---- | C] () -- C:\WINDOWS\lg_up.ini

[2009/07/16 23:55:45 | 000,000,957 | ---- | C] () -- C:\WINDOWS\lgcenter.ini

[2008/11/21 23:51:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/11/21 23:51:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/11/21 23:51:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/11/21 23:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/20 17:56:26 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/08/10 10:35:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys

[2007/08/10 10:35:24 | 000,044,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/07/24 11:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks

[2009/07/17 14:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ACD Systems

[2010/03/13 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Bioshock

[2009/07/17 18:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\DownStream Technologies

[2009/07/31 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\FileZilla

[2009/09/18 09:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\ICAClient

[2009/08/20 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Juniper Networks

[2010/02/24 15:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\kantaris

[2009/08/29 10:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\mjusbsp

[2009/11/07 22:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\NeopleLauncherDFO

[2009/12/08 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Nexon

[2009/07/22 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Smith Micro

[2009/07/17 00:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\SRSCPL

[2010/03/20 02:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\StarOffice8

[2009/07/21 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Thunderbird

[2010/03/13 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\uTorrent

[2009/07/20 23:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

[2010/03/20 13:30:07 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE Design Works 1.job

[2010/03/20 13:00:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBackSE OutLook 1.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2010/03/20 02:25:29 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2010/03/20 02:25:29 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

========== Files - Unicode (All) ==========

[2010/03/15 21:20:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\담뽀 쪽지함

[2010/01/26 19:01:23 | 000,036,864 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\HelpAssistant\Desktop\NPI 및 업무개선 관련 토의_090828.xls

[2010/01/26 19:01:23 | 000,001,811 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\청주MES_Metaframe.lnk

[2010/01/26 19:01:23 | 000,001,805 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\오산MES_Metaframe.lnk

[2010/01/26 19:01:23 | 000,000,756 | ---- | C] ()(C:\Documents and Settings\HelpAssistant\Desktop\??.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\미니.lnk

[2009/12/19 13:06:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\넥슨 플러그

[2009/12/19 13:06:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\넥슨 플러그

[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\청주MES_Metaframe.lnk

[2009/09/18 09:45:09 | 000,001,811 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\청주MES_Metaframe.lnk

[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\오산MES_Metaframe.lnk

[2009/09/18 09:45:09 | 000,001,805 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\오산MES_Metaframe.lnk

[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\Jay Juon\Desktop\NPI 및 업무개선 관련 토의_090828.xls

[2009/09/05 09:54:55 | 000,036,864 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\HelpAssistant\Desktop\NPI 및 업무개선 관련 토의_090828.xls

[2009/09/04 11:57:52 | 000,001,811 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\청주MES_Metaframe.lnk

[2009/09/04 11:57:52 | 000,001,805 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??MES_Metaframe.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\오산MES_Metaframe.lnk

[2009/09/02 19:04:32 | 000,036,864 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\NPI ? ???? ?? ??_090828.xls) -- C:\Documents and Settings\Jay Juon\Desktop\NPI 및 업무개선 관련 토의_090828.xls

[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\Jay Juon\Desktop\??.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\미니.lnk

[2009/09/02 16:35:14 | 000,000,756 | ---- | M] ()(C:\Documents and Settings\HelpAssistant\Desktop\??.lnk) -- C:\Documents and Settings\HelpAssistant\Desktop\미니.lnk

[2009/08/20 11:08:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Jay Juon\My Documents\RF PCB ???) -- C:\Documents and Settings\Jay Juon\My Documents\RF PCB 자료들

[2009/08/20 11:08:16 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\RF PCB ???) -- C:\Documents and Settings\Jay Juon\My Documents\RF PCB 자료들

[2009/08/16 21:55:36 | 000,103,180 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.pdf) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.pdf

[2009/08/16 21:55:26 | 000,103,180 | ---- | C] ()(C:\Documents and Settings\Jay Juon\My Documents\???.pdf) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.pdf

[2009/08/16 21:54:42 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Jay Juon\My Documents\???.doc) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.doc

[2009/08/16 21:54:42 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Jay Juon\My Documents\???.doc) -- C:\Documents and Settings\Jay Juon\My Documents\시말서.doc

[2009/08/03 15:12:38 | 000,000,000 | ---D | C](C:\Documents and Settings\Jay Juon\My Documents\?? ???) -- C:\Documents and Settings\Jay Juon\My Documents\담뽀 쪽지함

[2009/07/23 16:34:16 | 000,000,756 | ---- | C] ()(C:\Documents and Settings\Jay Juon\Desktop\??.lnk) -- C:\Documents and Settings\Jay Juon\Desktop\미니.lnk

< End of report >

Re: Google Redirect Virus!?!24th March 2010, 3:17 am

Please run OTLPE again.

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:files C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys /replace :commands [reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done. Post the fix log.

Re: Google Redirect Virus!?!24th March 2010, 4:15 am

There's a problem. First of all, the laptop doesn't reboot. it says it will, but it just stays there without rebooting. Second of all, no fix log comes out. Am I doing something wrong?

Re: Google Redirect Virus!?!24th March 2010, 4:29 am

Is there any option for you to reboot the PC manually? Try booting normally to Windows now.

Re: Google Redirect Virus!?!24th March 2010, 4:31 am

Tried it. Still not working. Sad tearing

Re: Google Redirect Virus!?!24th March 2010, 5:00 am

1. Reboot the computer, and when the first screen appears, press F8, and you should see the options menu for Safe Mode. Key down and press "Last Known Good Configuration." And tell me if your computer boots.

2. If that does not work, then do this:

Open OTLPE -- Click None and paste this in the Custom Scans box:

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Then click Run Scan. It shall launch a log. Please post it in your next reply.

Re: Google Redirect Virus!?!24th March 2010, 10:01 pm

Here you go! Thanks! Thank You!

Also, I already tried the last known good configuration thing. The problem is, as soon as Windows even attempts to open, the BSoD strikes. Pretty nasty.

OTL logfile created on: 3/24/2010 10:49:04 PM - Run

OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 12.13 Gb Free Space | 31.05% Space Free | Partition Type: NTFS

Drive D: | 193.82 Gb Total Space | 48.62 Gb Free Space | 25.09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 1.84 Gb Total Space | 0.06 Gb Free Space | 3.26% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/16 18:10:19 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: 浍湉ﬀ訐淀訉ȅ瑎䥦ై訇 - File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rootrepeal.sys - Reg Error: Value error.

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: 浍湉ﬀ訐淀訉ȅ瑎䥦ై訇 - File not found

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009/07/16 18:13:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/07/16 18:13:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/07/16 18:13:33 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >

[2009/07/16 23:44:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/07/16 23:39:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/01/30 01:17:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2004/08/04 01:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr

[2010/03/20 16:44:43 | 000,023,082 | ---- | M] () -- C:\ComboFix.txt

[2009/07/16 23:44:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/07/28 21:44:46 | 000,000,422 | ---- | M] () -- C:\iDoctor_20090728.log

[2009/07/16 23:44:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/07/18 00:24:42 | 000,000,019 | ---- | M] () -- C:\lgcenter.ini

[2009/07/16 23:44:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/03/23 23:25:29 | 000,000,000 | ---- | M] () -- C:\new file~

[2004/08/03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/07/17 00:14:42 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/03/24 22:31:10 | 000,092,146 | ---- | M] () -- C:\OTL.Txt

[2010/03/15 12:11:09 | 000,552,448 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

[2009/09/18 10:21:35 | 000,000,255 | ---- | M] () -- C:\PACsFile002.dll

[2009/07/17 00:03:03 | 000,001,563 | ---- | M] () -- C:\RHDSetup.log

[2010/03/17 18:33:37 | 000,000,321 | ---- | M] () -- C:\rkill.log

[2010/01/29 19:05:15 | 000,001,764 | ---- | M] () -- C:\RootRepeal report 01-29-10 (17-05-15).txt

[2008/09/11 17:49:02 | 000,000,479 | ---- | M] () -- C:\sfbay.pac

[2010/03/20 01:02:23 | 000,021,052 | ---- | M] () -- C:\TDSSKiller.2.2.8_20.03.2010_00.02.22_log.txt

[2010/03/20 01:04:42 | 000,020,108 | ---- | M] () -- C:\TDSSKiller.2.2.8_20.03.2010_00.04.42_log.txt

[2010/03/20 01:05:37 | 000,020,108 | ---- | M] () -- C:\TDSSKiller.2.2.8_20.03.2010_00.05.36_log.txt

[2010/03/20 02:42:56 | 000,015,746 | ---- | M] () -- C:\TDSSKiller.2.2.8_20.03.2010_01.42.55_log.txt

[2010/03/20 01:05:48 | 000,020,108 | ---- | M] () -- C:\TDSSKiller.txt

< %PROGRAMFILES%\*. >

[2009/09/20 20:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\2BrightSparks

[2009/07/18 16:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter

[2009/07/17 07:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems

[2009/07/17 07:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe

[2010/03/19 00:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\AirPort

[2009/07/18 05:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2009/07/18 17:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour

[2009/07/20 19:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Brother

[2009/07/20 19:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie

[2009/07/18 00:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems

[2009/09/04 11:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix

[2010/03/20 16:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2009/07/16 23:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2009/07/26 09:26:45 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID

[2009/11/15 23:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Datel

[2009/07/18 14:28:55 | 000,000,000 | ---D | M] -- C:\Program Files\DownStream Technologies

[2009/07/18 14:29:13 | 000,000,000 | ---D | M] -- C:\Program Files\EmEditor3

[2009/07/17 07:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\ESTsoft

[2009/07/17 00:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\EzManual

[2009/07/21 00:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla Client

[2009/07/17 14:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE

[2009/07/17 15:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\GLOBEtrotter Software Inc

[2009/07/18 15:34:39 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH

[2009/07/17 19:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\i-Messenger

[2009/07/17 12:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\INITECH

[2009/07/17 07:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Innoveda

[2009/08/15 07:24:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009/07/16 23:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Intel

[2010/01/22 14:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009/07/17 14:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc

[2009/07/28 21:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2009/07/17 23:58:02 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks

[2010/02/24 15:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Kantaris

[2009/08/15 07:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\LG Software

[2010/03/20 16:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\lg_swupdate

[2010/02/20 17:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/24 09:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger

[2009/07/17 08:34:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft

[2009/07/17 00:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync

[2009/07/18 00:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2009/07/16 23:45:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2009/08/09 19:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/07/17 00:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2010/03/10 14:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2010/02/10 01:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2009/10/04 18:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird

[2009/11/01 12:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2009/08/09 19:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache

[2009/07/16 23:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN

[2009/07/16 23:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2009/09/08 09:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2009/11/01 12:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0

[2009/07/16 23:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2009/07/30 09:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\NOS

[2009/07/22 18:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless

[2009/07/17 12:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\NPKI

[2009/07/16 23:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services

[2009/08/13 09:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2009/11/07 22:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks

[2009/07/17 14:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Polar

[2009/08/01 09:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/07/17 00:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek

[2009/11/01 12:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2010/03/15 21:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\Safari

[2009/07/18 14:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\SafeNet Sentinel

[2009/09/07 00:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\SignGATE

[2009/07/17 00:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\SRS Labs

[2009/07/28 19:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Sun

[2009/07/17 07:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec

[2010/03/20 17:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus

[2009/07/17 00:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics

[2009/10/03 15:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\TechHit.com

[2009/11/01 13:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Triggersoft

[2009/07/16 23:50:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2010/03/13 22:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent

[2010/03/12 20:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\VALVe

[2009/07/22 19:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless

[2010/02/19 01:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN

[2010/03/03 18:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III

[2009/09/13 09:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM

[2009/07/17 08:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live

[2009/07/17 08:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive

[2009/07/24 03:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2009/07/16 23:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2009/07/16 23:44:01 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2010/03/03 20:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

[2009/07/16 23:45:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

[2009/07/23 16:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< MD5 for: AGP440.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2010/03/20 02:25:29 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< CREATERESTOREPOINT >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-10 18:04:40

< End of report >

Re: Google Redirect Virus!?!25th March 2010, 10:25 am

Looks like Shell32.dll is locked. This might be causing the BSOD.

Try this:

Open OTLPE and click None. Copy and paste this in to the Custom Scans box and hit Run Scan:

/md5start
shell32.dll
/md5stop

Post the contents of the log, please.

Re: Google Redirect Virus!?!25th March 2010, 10:22 pm

Here's the log you wanted! Thanks for all the help!

OTL logfile created on: 3/25/2010 10:49:17 PM - Run

OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 12.13 Gb Free Space | 31.05% Space Free | Partition Type: NTFS

Drive D: | 193.82 Gb Total Space | 48.62 Gb Free Space | 25.09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Custom Scans ==========

< MD5 for: SHELL32.DLL >

[2008/07/03 09:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation) MD5=06DA8C5383AAF17127FC4B1658BA3F4F -- C:\WINDOWS\$hf_mig$\KB967715\SP2QFE\shell32.dll

[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\$hf_mig$\KB967715\SP3GDR\shell32.dll

[2008/04/13 20:12:05 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shell32.dll

[2008/06/17 15:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll

[2005/09/22 23:18:20 | 008,452,608 | ---- | M] (Microsoft Corporation) MD5=2B7DD09E1DE64B094409E3D43E248716 -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll

[2006/03/17 00:46:31 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=5371E3BAE6FA21C26730C19FA8819335 -- C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll

[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=56B6333DDA2576803F99F0EA373D0A7B -- C:\WINDOWS\system32\dllcache\shell32.dll

[2006/12/19 17:50:10 | 008,458,752 | ---- | M] (Microsoft Corporation) MD5=C21253CC2EA4001EB3D93CD98E9B35FE -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll

[2004/08/04 01:56:46 | 008,384,000 | ---- | M] (Microsoft Corporation) MD5=D5988A5048E4DC7175BCA9F29FC144AE -- C:\WINDOWS\$NtUninstallKB967715$\shell32.dll

[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< End of report >

From what I see, shell32 can't open. 0_o

Re: Google Redirect Virus!?!26th March 2010, 1:50 am

Please run OTLPE

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following (starting from :files):

Code:
:files C:\WINDOWS\system32\shell32.dll|C:\WINDOWS\system32\dllcache\shell32.dll /replace :commands [reboot]
Then click the Run Fix button at the top.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Re: Google Redirect Virus!?!26th March 2010, 2:41 am

The fix went by really fast... but anyway, heres the log! Kinda short though.

========== FILES ==========

File C:\WINDOWS\system32\shell32.dll successfully replaced with C:\WINDOWS\system32\dllcache\shell32.dll

========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.37.1 log created on 03262010_043135

By the way, I tried Windows again after this. No luck.

Re: Google Redirect Virus!?!26th March 2010, 4:15 am

Let's try this instead.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.
If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.
Dr Web LiveCD. Be sure to print out and follow the instructions provided in the User Manual.
F-Secure Rescue CD - Rescue CD 3.01 released.
Video: How to Remove Malware with F-Secure Rescue CD
If you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum.
BitDefender LiveCD - Index of /rescue_cd
If you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum.
Kaspersky RescueDisk - Index of /devbuilds/RescueDisk/
If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. You can use ISOBurner again.

Let me know how it goes.

Re: Google Redirect Virus!?!27th March 2010, 2:24 pm

I tried BitDefender, and it got rid of a few viruses. Ran a rootkit finder too. Tried Windows, and it wouldn't start. BSoD again. I think the problem might be in the Windows files itself. Just a thought. Thanks anyway! Thank You!

I'll be here waiting for suggestions.

Re: Google Redirect Virus!?!28th March 2010, 10:23 am

Here, try this instead.

Please carefully follow my next set of steps:

:step1: we need to create a batch file and save it into a flash drive to move information from the sick computer to a working computer. ("Note that flash drives are often also called thumb drives, keychain drives, pendrives, etc.") This batch is to list all directories in C:\system volume information. Which is useful for finding the backed up registry!.

Important note: Ensure that you Save it on the flash drive. Do NOT save this file on the working computer. You can accidentally run the file in the computer and damage its registry. This file will be ran in the non working computer after following the next set of instructions.

Using your clean working computer do the following:

Start

Run

notepad

Copy and paste

notepad:

Do not copy the word: CODE

Code:

Ren C:\windows\system32\config\system system.123
Dir "C:\System Volume Information" /s >C:\log.txt
Ren C:\windows\system32\config\system.123 system
Del %0

File

Save as

ren.bat

all files (*.*)

Save

flash drive

insert

infected

before booting the system

OTLPE

Start My Computer

copy

desktop

double click

Note: You may have to copy and paste the log into the flash drive so you can post it back here.

Let me know if you run into any problems.

Re: Google Redirect Virus!?!29th March 2010, 1:08 am

I followed all the instructions, but when I copied it into the desktop and run it, it says insert the diskette that contains the batch file. Did I do something wrong?

Re: Google Redirect Virus!?!29th March 2010, 8:59 am

Did you copy the entire file? Or did you just copy a shortcut?

While the batch file is in the flash drive, left-click on it and press Ctrl+C. Then go to your Desktop and press Ctrl+V.

Re: Google Redirect Virus!?!31st March 2010, 4:31 am

I tried running it again, but the same thing happened. I don't think I should try the steps on making the bat file using the "clean computer" again, because that computer is infected with viruses now because of my beautiful sister. Whenever I try to run Malwarebytes, it says it can't find mbam.exe. So, I think that step is out at this point, or otherwise can you send me the bat file?

Re: Google Redirect Virus!?!31st March 2010, 11:54 am

Delete the bat file first. Now boot your PC with OTLPE and try creating the file there instead and run it.

Re: Google Redirect Virus!?!4th April 2010, 4:52 am

Sorry I haven't been talking lately, but I've been busy with preparation tests. Anyway, bad news. I tried it again, remaking the file and everything, but no dice. And by OTLPE, do you mean Reatogo-X-PE? If not, the I don't know what I've been doing. Sad tearing

Re: Google Redirect Virus!?!7th April 2010, 12:40 am

Bump.

Re: Google Redirect Virus!?!7th April 2010, 3:46 am

I'm kinda desperate for some help, so I'll bump again. =_=''

Hello. Do not bump your posts sooner than two days. Read: http://www.GeekPolice.net/virus-spyware-malware-removal-f11/no-reply-for-2-days-t5764.htm
Thanks! ~DragonMaster Jay

Re: Google Redirect Virus!?!7th April 2010, 11:51 am

Hi MrPewp,

Sorry for the late response. It's strange that I stopped receiving email notifications for this thread...

Let me confer with the 'hidden' guys who have been an invaluable help on your case. Will get back to you ASAP.

Re: Google Redirect Virus!?!7th April 2010, 3:27 pm

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
At the Recovery Console command prompt,

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

After
you press enter you will see a list of folders (like rp1, rp2) If the
list of restore points has more than one page then press the "Enter" key until you reach the end of the list

Type cd rp {number of the second to last folder in the list} and press "Enter".
Note: Example: cd rp9 if the last restore point is rp10

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Type exit and press "Enter".

Your PC will reboot.

=======================

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

Re: Google Redirect Virus!?!7th April 2010, 11:22 pm

Oh yeah! I forgot to mention. Windows completely crashed. I tried that method already. As soon as I get to the menu with the choices, I get the BSoD. D:

Re: Google Redirect Virus!?!8th April 2010, 1:23 am

So, you cannot access the Recovery Console at all?

Re: Google Redirect Virus!?!8th April 2010, 6:01 am

Nope. sad to say.

Re: Google Redirect Virus!?!11th April 2010, 3:38 pm

Bump.

Google Redirect Virus!?!

descriptionGoogle Redirect Virus!?!18th March 2010, 4:18 am

descriptionRe: Google Redirect Virus!?!18th March 2010, 12:17 pm

descriptionRe: Google Redirect Virus!?!18th March 2010, 10:01 pm

descriptionRe: Google Redirect Virus!?!18th March 2010, 10:02 pm

descriptionRe: Google Redirect Virus!?!19th March 2010, 4:02 am

descriptionRe: Google Redirect Virus!?!19th March 2010, 10:51 am

descriptionRe: Google Redirect Virus!?!19th March 2010, 10:57 pm

descriptionRe: Google Redirect Virus!?!20th March 2010, 3:05 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 4:20 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 4:36 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 5:06 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 6:09 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 6:42 am

descriptionRe: Google Redirect Virus!?!20th March 2010, 7:49 am

descriptionRe: Google Redirect Virus!?!21st March 2010, 1:58 pm

descriptionRe: Google Redirect Virus!?!21st March 2010, 2:18 pm

descriptionRe: Google Redirect Virus!?!22nd March 2010, 9:53 pm

descriptionRe: Google Redirect Virus!?!22nd March 2010, 11:32 pm

descriptionRe: Google Redirect Virus!?!22nd March 2010, 11:55 pm

descriptionRe: Google Redirect Virus!?!23rd March 2010, 12:08 am

descriptionRe: Google Redirect Virus!?!23rd March 2010, 5:16 am

descriptionRe: Google Redirect Virus!?!23rd March 2010, 10:08 pm

descriptionRe: Google Redirect Virus!?!24th March 2010, 1:55 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 2:38 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 3:17 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 4:15 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 4:29 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 4:31 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 5:00 am

descriptionRe: Google Redirect Virus!?!24th March 2010, 10:01 pm

descriptionRe: Google Redirect Virus!?!25th March 2010, 10:25 am

descriptionRe: Google Redirect Virus!?!25th March 2010, 10:22 pm

descriptionRe: Google Redirect Virus!?!26th March 2010, 1:50 am

descriptionRe: Google Redirect Virus!?!26th March 2010, 2:41 am

descriptionRe: Google Redirect Virus!?!26th March 2010, 4:15 am

descriptionRe: Google Redirect Virus!?!27th March 2010, 2:24 pm

descriptionRe: Google Redirect Virus!?!28th March 2010, 10:23 am

descriptionRe: Google Redirect Virus!?!29th March 2010, 1:08 am

descriptionRe: Google Redirect Virus!?!29th March 2010, 8:59 am

descriptionRe: Google Redirect Virus!?!31st March 2010, 4:31 am

descriptionRe: Google Redirect Virus!?!31st March 2010, 11:54 am

descriptionRe: Google Redirect Virus!?!4th April 2010, 4:52 am

descriptionRe: Google Redirect Virus!?!7th April 2010, 12:40 am

descriptionRe: Google Redirect Virus!?!7th April 2010, 3:46 am

descriptionRe: Google Redirect Virus!?!7th April 2010, 11:51 am

descriptionRe: Google Redirect Virus!?!7th April 2010, 3:27 pm

descriptionRe: Google Redirect Virus!?!7th April 2010, 11:22 pm

descriptionRe: Google Redirect Virus!?!8th April 2010, 1:23 am

descriptionRe: Google Redirect Virus!?!8th April 2010, 6:01 am

descriptionRe: Google Redirect Virus!?!11th April 2010, 3:38 pm

descriptionRe: Google Redirect Virus!?!