Solved Google/Yahoo +other search engine redirects

[Resolved] Google/Yahoo +other search engine redirects

Google and yahoo possible other search engines as well direct me to spyware sites (www.antispy.com for reference). Havent touched anything from those sites. The internet also seems sluggish.

also if i just type in for example 'war-europe' into firefox i get

''The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.

Please try the following:

* Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
* If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
* Click the Back button to try another link.

HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

Technical Information (for support personnel)

* Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
* Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.''


The virus came with a winrar dl when i wasnt consentrating or possibly a fall out 3 map i downloaded at the same time.

Ive run McAfee and it didnt pick it up, im running Malwarebytes and Panda atm after looking through a few similar threads here.

Ill update when i have the results.

Any help would be very much appriciated.

Im running Vista Home Premium 64bit if that makes any difference.

 

Ok just read the info threads so here are the RSIT logs:

Info.txt first:

info.txt logfile of random's system information tool 1.04 2008-11-05 18:13:14

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
abti uGuru-->C:\Program Files (x86)\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Curse Client-->C:\Program Files (x86)\Curse\uninstall.exe
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2--> "C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware--> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe "
McAfee SecurityCenter-->C:\Program Files (x86)\McAfee\MSC\mcuninst.exe
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007--> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update Service-->C:\Program Files (x86)\Sony Ericsson\Update Service\uninst.exe
Warhammer Online: Age of Reckoning--> "C:\Warhammer Online - Age of Reckoning\unins000.exe "
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

======Hosts File======

204.16.197.121 www.yahoo.com
204.16.197.121 www.google.com
204.16.197.121 www.myspace.com
204.16.197.121 www.youtube.com
204.16.197.121 www.facebook.com
204.16.197.121 www.live.com
204.16.197.121 www.msn.com
204.16.197.121 www.wikipedia.org
204.16.197.121 www.ebay.com
204.16.197.121 www.aol.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=AMD64
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION "=0f0b
"NUMBER_OF_PROCESSORS "=4
"TRACE_FORMAT_SEARCH_PATH "=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON "=FALSE
"CLASSPATH "=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA "=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Now log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Admin at 2008-11-05 18:12:52
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 417 GB (87%) free of 477 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:11, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Admin\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 204.16.197.121 www.yahoo.com
O1 - Hosts: 204.16.197.121 www.google.com
O1 - Hosts: 204.16.197.121 www.myspace.com
O1 - Hosts: 204.16.197.121 www.youtube.com
O1 - Hosts: 204.16.197.121 www.facebook.com
O1 - Hosts: 204.16.197.121 www.live.com
O1 - Hosts: 204.16.197.121 www.msn.com
O1 - Hosts: 204.16.197.121 www.wikipedia.org
O1 - Hosts: 204.16.197.121 www.ebay.com
O1 - Hosts: 204.16.197.121 www.aol.com
O1 - Hosts: 204.16.197.121 www.craigslist.org
O1 - Hosts: 204.16.197.121 www.blogger.com
O1 - Hosts: 204.16.197.121 www.go.com
O1 - Hosts: 204.16.197.121 www.amazon.com
O1 - Hosts: 204.16.197.121 www.cnn.com
O1 - Hosts: 204.16.197.121 espn.go.com
O1 - Hosts: 204.16.197.121 www.espn.com
O1 - Hosts: 204.16.197.121 www.photobucket.com
O1 - Hosts: 204.16.197.121 www.comcast.net
O1 - Hosts: 204.16.197.121 www.imdb.com
O1 - Hosts: 204.16.197.121 www.wordpress.com
O1 - Hosts: 204.16.197.121 www.nytimes.com
O1 - Hosts: 204.16.197.121 www.weather.com
O1 - Hosts: 204.16.197.121 www.ask.com
O1 - Hosts: 204.16.197.121 www.aim.com
O1 - Hosts: 204.16.197.121 www.apple.com
O1 - Hosts: 204.16.197.121 www.mapquest.com
O1 - Hosts: 204.16.197.121 www.youporn.com
O1 - Hosts: 204.16.197.121 www.fastclick.com
O1 - Hosts: 204.16.197.121 www.pornhub.com
O1 - Hosts: 204.16.197.121 www.rapidshare.com
O1 - Hosts: 204.16.197.121 www.pogo.com
O1 - Hosts: 204.16.197.121 www.redtube.com
O1 - Hosts: 204.16.197.121 www.doubleclick.com
O1 - Hosts: 204.16.197.121 www.att.com
O1 - Hosts: 204.16.197.121 www.adobe.com
O1 - Hosts: 204.16.197.121 www.vnn.com
O1 - Hosts: 204.16.197.121 www.sportsline.com
O1 - Hosts: 204.16.197.121 www.netflix.com
O1 - Hosts: 204.16.197.121 www.dell.com
O1 - Hosts: 204.16.197.121 www.google.co.uk
O1 - Hosts: 204.16.197.121 www.bbc.co.uk
O1 - Hosts: 204.16.197.121 www.ebay.co.uk
O1 - Hosts: 204.16.197.121 www.bebo.com
O1 - Hosts: 204.16.197.121 www.amazon.co.uk
O1 - Hosts: 204.16.197.121 www.sky.com
O1 - Hosts: 204.16.197.121 www.virginmedia.com
O1 - Hosts: 204.16.197.121 www.aol.co.uk
O1 - Hosts: 204.16.197.121 www.hsbc.co.uk
O1 - Hosts: 204.16.197.121 www.antispyware.com
O1 - Hosts: 204.16.197.121 www.antispy.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0147491225902358) (0147491225902358mcinstcleanup) - McAfee, Inc. - C:\Users\Admin\AppData\Local\Temp\014749~1.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10661 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~2\mcafee\msk\mskapbho.dll [2008-07-09 246088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"GrooveMonitor "=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher "=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task "=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-10-01 289576]
"mcagent_exe "=C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "=C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop "=
"NoActiveDesktopChanges "=
"ForceActiveDesktopOn "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2008-11-05 18:12:54 ----D---- C:\Program Files (x86)\trend micro
2008-11-05 18:12:52 ----D---- C:\rsit
2008-11-05 18:07:01 ----A---- C:\Windows\system32\MFC71.dll
2008-11-05 18:07:01 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-05 17:47:50 ----D---- C:\Program Files (x86)\Panda Security
2008-11-05 17:36:34 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2008-11-05 17:36:29 ----D---- C:\ProgramData\Malwarebytes
2008-11-05 17:36:29 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-11-05 16:27:45 ----D---- C:\ProgramData\SiteAdvisor
2008-11-05 16:25:38 ----D---- C:\Program Files (x86)\Common Files\McAfee
2008-11-05 16:25:33 ----D---- C:\Program Files (x86)\McAfee.com
2008-11-05 16:25:30 ----D---- C:\Program Files (x86)\McAfee
2008-11-05 16:17:09 ----D---- C:\ProgramData\McAfee
2008-11-05 16:04:16 ----D---- C:\Users\Admin\AppData\Roaming\WinRAR
2008-11-05 16:03:26 ----D---- C:\Program Files (x86)\WinRAR
2008-11-05 15:22:54 ----D---- C:\Users\Admin\AppData\Roaming\Apple Computer
2008-11-05 15:22:18 ----A---- C:\Windows\system32\GEARAspi.dll
2008-11-05 15:22:00 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-05 15:22:00 ----D---- C:\Program Files (x86)\iTunes
2008-11-05 15:22:00 ----D---- C:\Program Files (x86)\iPod
2008-11-05 14:40:46 ----D---- C:\Program Files (x86)\Bonjour
2008-11-04 13:53:29 ----D---- C:\ProgramData\Sony Ericsson
2008-11-04 13:24:15 ----D---- C:\Users\Admin\AppData\Roaming\Sony
2008-11-04 13:24:15 ----D---- C:\ProgramData\Sony
2008-11-04 13:22:03 ----D---- C:\Program Files (x86)\Common Files\Sony Shared
2008-11-04 13:22:02 ----D---- C:\Program Files (x86)\Sony Ericsson
2008-11-04 13:22:02 ----D---- C:\Program Files (x86)\Sony
2008-11-04 13:20:09 ----D---- C:\Program Files (x86)\Common Files\Apple
2008-11-04 13:20:06 ----D---- C:\ProgramData\Apple Computer
2008-11-04 13:20:06 ----D---- C:\Program Files (x86)\QuickTime
2008-11-04 13:19:51 ----D---- C:\ProgramData\Apple
2008-11-04 13:19:51 ----D---- C:\Program Files (x86)\Apple Software Update
2008-11-04 13:17:35 ----D---- C:\Users\Admin\AppData\Roaming\Sony Setup
2008-11-04 13:17:27 ----D---- C:\Program Files (x86)\Sony Setup
2008-11-04 02:40:43 ----D---- C:\Windows\Minidump
2008-11-02 16:02:23 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2008-11-02 16:01:06 ----D---- C:\ProgramData\Adobe
2008-11-02 16:01:03 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-11-02 16:01:03 ----D---- C:\Program Files (x86)\Adobe
2008-11-02 15:58:43 ----D---- C:\ProgramData\NOS
2008-11-02 15:58:43 ----D---- C:\Program Files (x86)\NOS
2008-11-02 01:30:06 ----A---- C:\Windows\system32\msshooks.dll
2008-11-02 01:30:05 ----A---- C:\Windows\system32\msscb.dll
2008-11-02 01:30:05 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-02 01:29:57 ----A---- C:\Windows\system32\propsys.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\propdefs.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\offfilt.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\msstrc.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\msshsq.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-02 01:29:57 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\tquery.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-02 01:29:56 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-02 01:29:56 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\mssvp.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\mssrch.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\mssph.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-02 01:29:56 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-02 00:10:06 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-02 00:10:03 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-02 00:09:29 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-02 00:07:39 ----A---- C:\Windows\system32\EncDec.dll
2008-11-02 00:07:37 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-01 11:48:03 ----D---- C:\Program Files (x86)\Bethesda Softworks
2008-11-01 11:48:02 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-01 11:48:02 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-01 11:48:01 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-01 11:48:01 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-01 11:48:01 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-01 11:48:01 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-01 11:48:01 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-01 11:45:14 ----D---- C:\Windows\system32\xlive
2008-10-31 17:21:40 ----D---- C:\Program Files (x86)\U-ABIT
2008-10-31 17:21:40 ----A---- C:\Windows\system32\AC2005DLL.dll
2008-10-31 17:17:10 ----D---- C:\Program Files (x86)\Microsoft Works
2008-10-31 17:16:58 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2008-10-31 17:16:58 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2008-10-31 17:16:46 ----D---- C:\Program Files (x86)\Microsoft.NET
2008-10-31 17:15:25 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2008-10-31 17:14:46 ----D---- C:\ProgramData\Microsoft Help
2008-10-31 17:14:46 ----D---- C:\Program Files (x86)\Microsoft Office
2008-10-31 17:14:18 ----RHD---- C:\MSOCache
2008-10-31 17:07:07 ----D---- C:\Windows\PCHEALTH
2008-10-31 17:07:07 ----D---- C:\Program Files (x86)\MSN Messenger
2008-10-31 15:51:53 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-31 15:51:51 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-31 15:51:49 ----A---- C:\Windows\game.ini
2008-10-31 15:37:46 ----D---- C:\Program Files (x86)\Activision
2008-10-31 15:22:05 ----D---- C:\Users\Admin\AppData\Roaming\Macromedia
2008-10-31 15:22:05 ----D---- C:\Users\Admin\AppData\Roaming\Adobe
2008-10-31 15:21:37 ----D---- C:\Windows\system32\Macromed
2008-10-31 15:16:01 ----D---- C:\ProgramData\Kodak
2008-10-31 14:57:28 ----D---- C:\Program Files (x86)\Curse
2008-10-31 14:50:18 ----D---- C:\Warhammer Online - Age of Reckoning
2008-10-31 14:49:51 ----SHD---- C:\Users\Admin\AppData\Roaming\.#
2008-10-31 14:17:15 ----A---- C:\Windows\system32\CmdLineExt_x64.dll
2008-10-31 14:07:43 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-10-31 14:07:41 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-10-31 14:07:39 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-10-31 14:07:37 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-10-31 14:07:37 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-10-31 14:07:33 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-10-31 14:07:30 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-10-31 14:07:26 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-10-31 14:07:26 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-10-31 14:07:24 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-10-31 14:07:21 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-10-31 14:07:20 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-10-31 14:07:19 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-10-31 14:07:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-10-31 14:07:15 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-10-31 14:07:15 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-10-31 14:07:13 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-10-31 14:07:13 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-10-31 14:07:11 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-10-31 14:07:10 ----A---- C:\Windows\system32\xinput1_3.dll
2008-10-31 14:07:07 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-10-31 14:07:05 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-10-31 14:07:05 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-10-31 14:07:04 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-10-31 14:06:59 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-10-31 14:06:57 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-10-31 14:06:55 ----A---- C:\Windows\system32\d3dx10.dll
2008-10-31 14:06:54 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-10-31 14:06:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-10-31 14:06:48 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-31 14:06:43 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-31 14:06:40 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-10-31 14:06:39 ----A---- C:\Windows\system32\xinput1_2.dll
2008-10-31 14:06:37 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-10-31 14:06:35 ----A---- C:\Windows\system32\xinput1_1.dll
2008-10-31 14:06:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-10-31 14:06:25 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-31 14:06:22 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-10-31 14:06:22 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-10-31 14:06:20 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-10-31 14:06:18 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-31 14:06:16 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-31 14:06:15 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-10-31 14:06:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-10-31 14:06:11 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-10-31 14:01:14 ----D---- C:\Program Files (x86)\CAPCOM
2008-10-31 13:57:14 ----D---- C:\Users\Admin\AppData\Roaming\Mozilla
2008-10-31 13:50:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-10-31 13:49:23 ----D---- C:\Users\Admin\AppData\Roaming\Ventrilo
2008-10-31 13:49:02 ----A---- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2008-10-31 13:48:36 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-10-30 11:03:16 ----A---- C:\Windows\system32\tzres.dll
2008-10-30 10:11:37 ----D---- C:\Program Files (x86)\oZone3D
2008-10-30 09:38:33 ----D---- C:\Users\Admin\AppData\Roaming\ATI
2008-10-30 09:38:33 ----D---- C:\ProgramData\ATI
2008-10-30 09:23:36 ----D---- C:\Program Files (x86)\ATI Technologies
2008-10-30 09:23:35 ----SHD---- C:\Windows\Installer
2008-10-30 09:20:25 ----D---- C:\ATI
2008-10-30 09:13:16 ----D---- C:\Users\Admin\AppData\Roaming\InstallShield
2008-10-30 09:12:52 ----D---- C:\Windows\system32\RTCOM
2008-10-30 09:12:37 ----A---- C:\Windows\DIFxAPI.dll
2008-10-30 09:12:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-10-30 09:12:36 ----D---- C:\Program Files (x86)\Realtek
2008-10-30 09:12:36 ----A---- C:\Windows\SkyTel.exe
2008-10-30 09:12:36 ----A---- C:\Windows\RtlUpd64.exe
2008-10-30 09:12:36 ----A---- C:\Windows\RtlExUpd.dll
2008-10-30 09:12:36 ----A---- C:\Windows\RAVCpl64.exe
2008-10-30 09:12:36 ----A---- C:\Windows\HideWin.exe
2008-10-30 09:12:34 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2008-10-30 08:58:23 ----D---- C:\Program Files (x86)\Intel
2008-10-30 08:58:23 ----A---- C:\Windows\system32\CSVer.dll
2008-10-30 08:58:17 ----D---- C:\Intel
2008-10-30 08:42:37 ----A---- C:\Windows\system32\wshrm.dll
2008-10-30 08:42:31 ----A---- C:\Windows\system32\wshqos.dll
2008-10-30 08:42:31 ----A---- C:\Windows\system32\traffic.dll
2008-10-30 08:42:31 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-30 08:42:31 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-30 08:42:28 ----A---- C:\Windows\system32\quartz.dll
2008-10-30 08:42:20 ----A---- C:\Windows\system32\shell32.dll
2008-10-30 08:42:03 ----A---- C:\Windows\system32\srclient.dll
2008-10-30 08:42:03 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-30 08:41:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-30 08:41:38 ----A---- C:\Windows\system32\gameux.dll
2008-10-30 08:41:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-30 08:41:34 ----A---- C:\Windows\system32\win32spl.dll
2008-10-30 08:41:27 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-30 08:41:22 ----A---- C:\Windows\system32\es.dll
2008-10-30 08:41:20 ----A---- C:\Windows\system32\winipsec.dll
2008-10-30 08:41:20 ----A---- C:\Windows\system32\polstore.dll
2008-10-30 08:41:20 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-30 08:41:16 ----A---- C:\Windows\system32\gdi32.dll
2008-10-30 08:41:12 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\wshext.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\wscript.exe
2008-10-30 08:41:05 ----A---- C:\Windows\system32\vbscript.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\scrrun.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\scrobj.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\jscript.dll
2008-10-30 08:41:05 ----A---- C:\Windows\system32\cscript.exe
2008-10-30 08:40:21 ----A---- C:\Windows\system32\mshtml.dll
2008-10-30 08:40:19 ----A---- C:\Windows\system32\wininet.dll
2008-10-30 08:40:19 ----A---- C:\Windows\system32\urlmon.dll
2008-10-30 08:40:19 ----A---- C:\Windows\system32\ieframe.dll
2008-10-30 08:40:18 ----A---- C:\Windows\system32\mstime.dll
2008-10-30 08:40:18 ----A---- C:\Windows\system32\iertutil.dll
2008-10-30 08:40:17 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-30 08:39:50 ----A---- C:\Windows\system32\dataclen.dll
2008-10-30 08:31:56 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-30 01:46:46 ----D---- C:\Windows\Panther
2008-10-30 01:46:33 ----RAS---- C:\BOOTSECT.BAK
2008-10-30 01:46:32 ----SHD---- C:\Boot
2008-10-29 17:56:01 ----A---- C:\Windows\system32\netapi32.dll
2008-10-29 17:55:54 ----D---- C:\Users\Admin\AppData\Roaming\Identities
2008-10-29 17:55:41 ----D---- C:\Users\Admin\AppData\Roaming\Media Center Programs
2008-10-29 17:55:40 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2008-10-29 17:53:09 ----D---- C:\Windows\Debug
2008-10-29 17:49:41 ----D---- C:\Windows\SoftwareDistribution
2008-10-29 17:47:33 ----D---- C:\Windows\Prefetch
2008-10-29 17:47:23 ----SHD---- C:\System Volume Information
2008-09-24 02:18:50 ----A---- C:\Windows\system32\atipdlxx.dll
2008-09-24 02:18:39 ----A---- C:\Windows\system32\Oemdspif.dll
2008-09-24 02:18:25 ----A---- C:\Windows\system32\ati2edxx.dll
2008-09-24 02:08:17 ----A---- C:\Windows\system32\atidxx32.dll
2008-09-24 02:02:22 ----A---- C:\Windows\system32\atiumdag.dll
2008-09-24 01:46:07 ----A---- C:\Windows\system32\atioglxx.dll
2008-09-24 01:41:13 ----A---- C:\Windows\system32\atiumdva.dll
2008-09-24 01:27:37 ----A---- C:\Windows\system32\amdpcom32.dll
2008-09-24 01:27:14 ----A---- C:\Windows\system32\atiadlxy.dll
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll

======List of files/folders modified in the last 3 months======

2008-11-05 18:13:09 ----D---- C:\Windows\Temp
2008-11-05 18:12:54 ----RD---- C:\Program Files (x86)
2008-11-05 18:07:23 ----D---- C:\Windows\system32\drivers
2008-11-05 18:07:21 ----D---- C:\Windows\System32
2008-11-05 18:07:20 ----D---- C:\Windows\SysWOW64
2008-11-05 18:06:59 ----RD---- C:\Program Files
2008-11-05 17:36:29 ----HD---- C:\ProgramData
2008-11-05 17:32:29 ----D---- C:\Windows\inf
2008-11-05 17:16:21 ----D---- C:\Windows
2008-11-05 16:25:50 ----D---- C:\Windows\Tasks
2008-11-05 16:25:38 ----D---- C:\Program Files (x86)\Common Files
2008-11-04 13:22:58 ----RSD---- C:\Windows\assembly
2008-11-04 13:22:14 ----D---- C:\Windows\winsxs
2008-11-04 13:20:27 ----D---- C:\Program Files (x86)\Internet Explorer
2008-11-02 08:54:58 ----D---- C:\Windows\rescache
2008-11-02 08:39:05 ----D---- C:\Windows\system32\en-US
2008-11-02 08:39:03 ----D---- C:\Windows\PolicyDefinitions
2008-11-02 01:31:33 ----D---- C:\Windows\Microsoft.NET
2008-11-02 01:29:47 ----D---- C:\Windows\ehome
2008-11-02 01:25:25 ----A---- C:\Windows\win.ini
2008-11-02 01:22:19 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-11-01 13:41:08 ----D---- C:\Windows\LiveKernelReports
2008-11-01 11:47:00 ----D---- C:\Windows\Logs
2008-10-31 17:17:04 ----D---- C:\Program Files (x86)\MSBuild
2008-10-31 17:16:57 ----D---- C:\Windows\ShellNew
2008-10-31 17:16:50 ----RSD---- C:\Windows\Fonts
2008-10-31 17:16:46 ----SD---- C:\ProgramData\Microsoft
2008-10-31 17:15:10 ----D---- C:\Program Files (x86)\Common Files\System
2008-10-31 13:40:53 ----D---- C:\Windows\AppPatch
2008-10-31 13:40:46 ----D---- C:\Program Files (x86)\Windows Mail
2008-10-31 13:40:16 ----D---- C:\Windows\system32\migration
2008-10-29 17:56:08 ----SHD---- C:\$Recycle.Bin
2008-10-29 17:55:30 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys []
R1 UGURU;UGURU; C:\Windows\system32\drivers\uGuru.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []

S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
S3 ALLOW-IO;ALLOW-IO; \??\D:\ALLOW-IO64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys []
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys []
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys []
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys []
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys []
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]
R2 mcmscsvc;McAfee Services; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 152384]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-04 66872]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S2 0147491225902358mcinstcleanup;McAfee Application Installer Cleanup (0147491225902358); C:\Users\Admin\AppData\Local\Temp\014749~1.EXE [2008-07-09 315264]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 693576]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

 

ok and here is the malwarebytes scan log.

Malwarebytes' Anti-Malware 1.30
Database version: 1364
Windows 6.0.6001 Service Pack 1

05/11/2008 18:03:46
mbam-log-2008-11-05 (18-03-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119789
Time elapsed: 25 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Files were deleted but redirects and pages not found are persisting.

EDIT: i did MBAM scan again, heres the log:

Malwarebytes' Anti-Malware 1.30
Database version: 1364
Windows 6.0.6001 Service Pack 1

05/11/2008 18:24:52
mbam-log-2008-11-05 (18-24-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119586
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Just say if im doing anything wrong.

 

Avast, Malwarebytes, Mcafee found nothing Stopzilla found some maleware removed it asked for a reboot and now my system fails to start windows. So im having a good day.

Windows doesnt start normally and doesnt start with last known configeration.

 

Fixed

for anyone else with this problem the fix was:

Stopzilla found registary files infected and deleted them with a hammer.

I had to repair vista (had to edit my bios first as the boot devices were wrong) it took 2 attempts to get the cd working.

then it was an issue with the Hosts.txt file in the windows/system32/drivers/etc path. basically full of ****, get that file back to normal or create a new one and it was fine.

 

Hi Niir, and welcome to WindowsBBS.

Upon reviewing your log, I was prepared to inform you that your HOSTS file was infected, and by the time I finished reading your posts I see you already figured that out. Glad to hear you were able to resolve the issue. Everything else working properly now too?

 

yup nets back up to speed no redirects search engines all working fine.

i removed all the files which could have been holding the virus so everything that was downloaded has been removed.

virus scans show a clean system=)

 

That's great! I'll mark this one resolved.