Google Virus?

[thefamous1]

So here's what I got:

Google Chrome does not work at all any more, no pages load. In IE or

FF, everything works fine except that I cannot access any google

related sites (I get a quick Error 404). When I click any links from a

google or yahoo search in IE or FF, I get redirected to junk sites. I checked to see if

I could roll back the system, but all save dates are gone except for

one that is after infection. i did an ipconfig/flushdns to see if it was a DNS spoof, but its still there.

Malwarebytes and Avast tell me that everything is a-ok.

Any tips would be appreciated! Here's the log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by John at 14:22:48.75 on Sun 04/25/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1164 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100425-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINXPPRO\system32\nvsvc32.exe

C:\WINXPPRO\system32\svchost -k DcomLaunch

svchost.exe

C:\WINXPPRO\System32\svchost.exe -k netsvcs

C:\WINXPPRO\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINXPPRO\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe

C:\Program Files\Blaze Media Pro\NMSAccess32.exe

C:\WINXPPRO\System32\svchost.exe -k HPZ12

C:\WINXPPRO\system32\PnkBstrA.exe

C:\WINXPPRO\system32\PnkBstrB.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINXPPRO\system32\svchost.exe -k imgsvc

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINXPPRO\Explorer.EXE

C:\WINXPPRO\Logi_MwX.Exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINXPPRO\System32\svchost.exe -k HTTPFilter

C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

F:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINXPPRO\system32\RUNDLL32.EXE

C:\WINXPPRO\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\WINXPPRO\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [Google Update] "c:\documents and settings\john\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\winxppro\system32\ctfmon.exe

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\winxppro\system32\NeroCheck.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe

mRun: [Maxtor Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [HPDJ Taskbar Utility] c:\winxppro\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Acrobat Assistant 8.0] "f:\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxppro\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxppro\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\adobea~1.lnk - c:\winxppro\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\adobea~2.lnk - f:\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

IE: Append to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - f:\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download Flash with Flash &Grabber - c:\progra~1\flashg~1\swfgrab.dll/iesave

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D1F81895-5BB4-49C4-A886-58A5708F4250} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNetmarbleDownloader.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxppro\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {3DB87D6E-2EE3-4DA8-0DD8-8DCE6ADA2EEE} - c:\winxppro\msmgsd.exe 2

mASetup: {F37A630C-5CDE-C696-F35E-1B66275C3E48} - c:\winxppro\system32\winlogon.exe

Hosts: 91.121.82.175 google.co.uk

Hosts: 91.121.82.175 www.google.co.uk

Hosts: 91.121.82.175 google.com

Hosts: 91.121.82.175 www.google.com

Hosts: 91.121.82.175 google.fr

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\hoz3hnmn.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&q=

FF - plugin: c:\documents and settings\all users.winxppro\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\john\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\hoz3hnmn.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\hoz3hnmn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMFFUpdater.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMStarter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMSystemInformer.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npietab.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\skyhook wireless\loki browser plugin\versions\3.1.0.05\nploki.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winxppro\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PrecSim;PrecSim;c:\winxppro\system32\drivers\precsim.sys [2002-3-12 62688]

R1 aswSP;avast! Self Protection;c:\winxppro\system32\drivers\aswSP.sys [2008-11-12 114768]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

R2 aswFsBlk;aswFsBlk;c:\winxppro\system32\drivers\aswFsBlk.sys [2008-11-12 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-12 138680]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]

R2 fssfltr;FssFltr;c:\winxppro\system32\drivers\fssfltr_tdi.sys [2009-9-20 54752]

R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\common files\maxtor\schedule2\schedul2.exe [2008-6-27 431384]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-12 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-12 352920]

R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]

R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]

R3 Sftredir;Sftredir;c:\winxppro\system32\drivers\Sftredirxp.sys [2009-9-23 21864]

R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]

S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\john\desktop\dogs\vcdrom.sys --> c:\documents and settings\john\desktop\dogs\VCdRom.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]

S3 Ambfilt;Ambfilt;c:\winxppro\system32\drivers\Ambfilt.sys [2009-10-7 1691480]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\program files\new folder\kerneld.wnt [2005-8-18 7168]

S3 fbportio;fbportio;c:\winxppro\system32\drivers\fbportio.sys [2010-2-9 5632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\winxppro\system32\drivers\mbamswissarmy.sys [2010-2-17 38224]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;c:\winxppro\system32\gamemon.des -service --> c:\winxppro\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Revoflt;Revoflt;c:\winxppro\system32\drivers\revoflt.sys [2010-1-26 27064]

=============== Created Last 30 ================

2010-04-24 23:29:14 0 d-----w- C:\ComboFix

2010-04-24 22:48:35 0 d-sha-r- C:\cmdcons

2010-04-24 22:46:16 77312 ----a-w- c:\winxppro\MBR.exe

2010-04-24 22:46:16 261632 ----a-w- c:\winxppro\PEV.exe

2010-04-24 22:46:16 161792 ----a-w- c:\winxppro\SWREG.exe

2010-04-24 22:46:15 98816 ----a-w- c:\winxppro\sed.exe

2010-04-24 22:09:55 119 ----a-w- c:\winxppro\wininit.ini

2010-04-24 01:42:37 0 d-----w- c:\program files\iPod

2010-04-24 01:42:29 0 d-----w- c:\program files\iTunes

2010-04-24 01:42:29 0 d-----w- c:\docume~1\alluse~2.win\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-24 01:41:04 41472 ----a-w- c:\winxppro\system32\drivers\usbaapl.sys

2010-04-24 01:41:04 3003680 ----a-w- c:\winxppro\system32\usbaaplrc.dll

2010-04-23 21:48:55 2588 ----a-w- c:\winxppro\diagwrn.xml

2010-04-23 21:48:55 1908 ----a-w- c:\winxppro\diagerr.xml

2010-04-23 19:11:24 0 d-----w- c:\winxppro\system32\wbem\Repository

2010-04-23 18:32:09 0 d-----w- c:\winxppro\Performance

2010-04-23 18:30:49 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-04-23 11:27:53 112 ----a-w- c:\docume~1\alluse~2.win\applic~1\78mi61.dat

2010-04-22 19:25:30 0 d-----w- c:\program files\WindowsServices

2010-04-22 17:28:49 0 d-----w- c:\program files\Xilisoft

2010-04-22 05:53:12 0 d-----w- c:\docume~1\alluse~2.win\applic~1\licensecb

2010-04-22 05:53:12 0 d-----w- c:\docume~1\alluse~2.win\applic~1\CrazyBump

2010-04-22 05:52:55 74072 ----a-w- c:\winxppro\system32\XAPOFX1_4.dll

2010-04-22 05:52:55 528216 ----a-w- c:\winxppro\system32\XAudio2_6.dll

2010-04-22 05:52:53 238936 ----a-w- c:\winxppro\system32\xactengine3_6.dll

2010-04-22 05:52:51 22360 ----a-w- c:\winxppro\system32\X3DAudio1_7.dll

2010-04-22 05:51:36 0 d-----w- c:\program files\Crazybump

2010-04-22 05:20:56 151552 ----a-w- c:\winxppro\system32\nvRegDev.dll

2010-04-20 21:38:10 0 d-----w- c:\docume~1\alluse~2.win\applic~1\TmForever

2010-04-12 20:16:12 0 d-----w- c:\program files\Microsoft Chart Controls

2010-04-12 19:24:29 0 d-----w- c:\program files\Ask.com

2010-04-12 19:24:20 0 d-----w- c:\docume~1\john\applic~1\Foxit

2010-04-12 19:24:13 0 d-----w- c:\program files\Foxit Software

2010-04-11 22:41:08 3305708 ----a-w- c:\winxppro\system32\GameMon.des

2010-04-11 22:25:36 0 d-----w- c:\docume~1\alluse~2.win\applic~1\PMB Files

2010-04-11 22:07:38 0 d-----w- C:\Ntreev USA

2010-04-11 21:18:41 0 dc-h--w- c:\winxppro\ie8

2010-04-08 17:00:17 0 d-----w- c:\program files\IrfanView

2010-04-07 20:30:47 0 d-----w- c:\docume~1\john\applic~1\Mount&Blade Warband

2010-04-07 19:09:27 0 d-----w- c:\docume~1\alluse~2.win\applic~1\VirtualizedApplications

2010-04-07 16:58:44 0 d-----w- c:\docume~1\john\applic~1\NVD

2010-04-07 16:58:21 0 d-----w- c:\docume~1\john\applic~1\SoftGrid Client

2010-04-07 16:56:45 0 d-----w- c:\program files\Microsoft Application Virtualization Client

2010-04-07 16:56:08 0 d-----w- c:\docume~1\john\applic~1\TP

2010-04-05 19:31:34 0 d-----w- c:\program files\Pixologic

2010-03-31 22:49:48 0 d-----w- c:\docume~1\john\applic~1\DriverCure

2010-03-31 22:49:42 0 d-----w- c:\docume~1\alluse~2.win\applic~1\ParetoLogic

2010-03-31 22:49:42 0 d-----w- c:\docume~1\alluse~2.win\applic~1\DriverCure

2010-03-31 22:17:48 9046 ----a-w- c:\winxppro\system32\nvinfo.pb

2010-03-31 22:17:48 61440 ----a-w- c:\winxppro\system32\OpenCL.dll

2010-03-31 22:17:46 11640832 ----a-w- c:\winxppro\system32\nvcompiler.dll

2010-03-31 02:35:05 556456 ----a-w- C:\AnalysisLog.sr0

2010-03-31 01:06:14 0 d-----w- c:\program files\Microsoft Synchronization Services

2010-03-31 01:05:12 0 d-----w- c:\documents and settings\all users.winxppro\Microsoft

2010-03-31 00:59:46 0 d-----w- c:\program files\Microsoft Visual Studio 8

2010-03-31 00:58:58 0 d-----w- c:\program files\Microsoft Analysis Services

==================== Find3M ====================

2028-11-04 04:25:54 35104 ----a-w- c:\winxppro\fonts\ataques.ttf

2010-04-16 00:52:09 139456 ----a-w- c:\winxppro\system32\drivers\PnkBstrK.sys

2010-04-16 00:51:51 190160 ----a-w- c:\winxppro\system32\PnkBstrB.exe

2010-03-27 01:21:26 5883936 ----a-w- c:\winxppro\system32\drivers\RtkHDAud.sys

2010-03-27 01:01:44 84512 ----a-w- c:\winxppro\SOUNDMAN.EXE

2010-03-27 01:01:44 358944 ----a-w- c:\winxppro\vncutil.exe

2010-03-27 01:01:44 1833504 ----a-w- c:\winxppro\SkyTel.exe

2010-03-27 01:01:38 9721888 ----a-w- c:\winxppro\RTLCPL.EXE

2010-03-27 01:01:38 1489440 ----a-w- c:\winxppro\RtlUpd.exe

2010-03-27 01:01:32 51232 ----a-w- c:\winxppro\system32\RtkCoInstXP.dll

2010-03-27 01:01:32 19522592 ----a-w- c:\winxppro\RTHDCPL.EXE

2010-03-27 01:01:32 129568 ----a-w- c:\winxppro\RtkAudioService.exe

2010-03-27 01:01:26 2177568 ----a-w- c:\winxppro\MicCal.exe

2010-03-27 01:01:20 64032 ----a-w- c:\winxppro\ALCMTR.EXE

2010-03-27 01:01:20 2815520 ----a-w- c:\winxppro\ALCWZRD.EXE

2010-03-22 21:22:42 1247776 ----a-w- c:\winxppro\RtlExUpd.dll

2010-03-16 10:37:50 278120 ----a-w- c:\winxppro\system32\nvmccs.dll

2010-03-16 10:37:50 154216 ----a-w- c:\winxppro\system32\nvsvc32.exe

2010-03-16 10:37:50 145000 ----a-w- c:\winxppro\system32\nvcolor.exe

2010-03-16 10:37:50 13670504 ----a-w- c:\winxppro\system32\nvcpl.dll

2010-03-16 10:37:50 110696 ----a-w- c:\winxppro\system32\nvmctray.dll

2010-03-16 10:37:44 81920 ----a-w- c:\winxppro\system32\nvwddi.dll

2010-03-16 06:51:59 6432128 ----a-w- c:\winxppro\system32\nv4_disp.dll

2010-03-16 06:51:59 600680 -c--a-w- c:\winxppro\system32\nvudisp.exe

2010-03-16 06:51:59 4075520 ----a-w- c:\winxppro\system32\nvcuda.dll

2010-03-16 06:51:59 2646632 ----a-w- c:\winxppro\system32\nvcuvenc.dll

2010-03-16 06:51:59 2183470 ----a-w- c:\winxppro\system32\nvdata.bin

2010-03-16 06:51:59 215656 ----a-w- c:\winxppro\system32\nvcodins.dll

2010-03-16 06:51:59 215656 ----a-w- c:\winxppro\system32\nvcod.dll

2010-03-16 06:51:59 2030184 ----a-w- c:\winxppro\system32\nvcuvid.dll

2010-03-16 06:51:59 14757888 ----a-w- c:\winxppro\system32\nvoglnt.dll

2010-03-16 06:51:59 1097728 ----a-w- c:\winxppro\system32\nvapi.dll

2010-03-16 06:51:59 10232352 ----a-w- c:\winxppro\system32\drivers\nv4_mini.sys

2010-03-15 19:33:36 25280 ----a-w- c:\winxppro\system32\drivers\hamachi.sys

2010-03-12 18:26:36 600680 ----a-w- c:\winxppro\system32\NVUNINST.EXE

2010-03-10 22:22:53 138056 -c--a-w- c:\docume~1\john\applic~1\PnkBstrK.sys

2010-03-10 22:22:34 75064 ----a-w- c:\winxppro\system32\PnkBstrA.exe

2010-03-10 22:22:33 2407792 ----a-w- c:\winxppro\system32\pbsvc_heroes.exe

2010-03-10 06:15:52 420352 ----a-w- c:\winxppro\system32\vbscript.dll

2010-03-09 18:49:52 259128 ----a-w- c:\winxppro\fonts\MASTERPLAN___.otf

2010-02-25 06:24:37 916480 ----a-w- c:\winxppro\system32\wininet.dll

2010-02-22 04:53:38 160054 ----a-w- c:\winxppro\FontDoctor for Windows Uninstaller.exe

2010-02-16 14:08:49 2146304 ----a-w- c:\winxppro\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\winxppro\system32\ntkrnlpa.exe

2010-02-12 18:46:14 91424 ----a-w- c:\winxppro\system32\dnssd.dll

2010-02-12 18:46:14 107808 ----a-w- c:\winxppro\system32\dns-sd.exe

2010-02-12 04:33:11 100864 ----a-w- c:\winxppro\system32\6to4svc.dll

2010-02-09 00:17:00 94208 ----a-w- c:\docume~1\john\applic~1\ezplay.sys

2010-02-04 21:27:08 334008 ----a-w- c:\winxppro\fonts\OUTLAW .otf

2010-02-01 05:09:20 44544 -c--a-r- c:\winxppro\system32\MSXML4a.dll

2010-01-26 22:33:16 75732 ----a-w- c:\winxppro\fonts\Futura LT Book.ttf

2010-01-26 22:32:22 38040 ----a-w- c:\winxppro\fonts\Futura Hv BT Heavy.ttf

2010-01-26 22:32:02 37272 ----a-w- c:\winxppro\fonts\Futura Bk BT Book.ttf

2009-05-25 18:48:06 449 ----a-w- c:\program files\Shortcut to Zmud.lnk

2009-05-15 05:02:10 3392872 -c--a-w- c:\program files\common files\adlmint_libFNP.dll

2009-05-15 05:02:10 3298152 -c--a-w- c:\program files\common files\adlmint.dll

2007-04-11 20:12:16 2279464 ----a-w- c:\program files\PcSetup.exe

2009-10-13 03:03:58 16384 --sha-w- c:\winxppro\system32\config\systemprofile\ietldcache\index.dat

2009-04-01 07:01:51 32768 -csha-w- c:\winxppro\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 14:23:34.51 ===============

attach.zip

[thefamous1]

Update: After running Ad-Aware, Spybot, Avast and Malware bytes again, it cleaned out a few things. Chrome works again, however google sites do not. Google gives me what I presume is a fake front page (its different than from other computers in my house and has something about "I love football" logos). I still cannot search from the "google" page as it gives me a broken link error page.

Yahoo/Bing searches work fine.

All google links such as google mail, google images, etc. do not work and I get a "webpage not available" error.

[Blade81]

Hi,

If you still need help with this post fresh dds logs, please.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!