Hijacked browser! Google redirect virus.

Hello,
Here are the symptoms of my virus:
-explorer.exe does not start on system startup in normal mode or safe mode. I must manually start it.
-Google redirects search results to other sites, targeting mainly anti-malware links. Firefox is set to stop redirects, and does so about 20% of the time.
-was infected with Internet Security 2010, but managed to get rid of it through Spybot, Ad-Aware and AVG

Spybot, AVG and AdAware found and removed/fixed several problems, and the redirecting seems to be the only one left. However, I realize that the redirecting may lead to other malware issues.

I also tried to run RootRepeal and GMER, but both failed.

And here's my log file:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Grant at 18:10:51.78 on Mon 01/25/2010
Internet Explorer: 7.0.6000.16945 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.107 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Grant\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6456
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6456
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6456
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6456
mWinlogon: Userinit=c:\windows\system32\winlogon32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [P2kAutostart]
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\users\grant\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: ccc-core-static - msiexec /fums {9EB1C655-331C-5034-CCF8-436FA4B4A3DA} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\users\grant\appdata\roaming\mozilla\firefox\profiles\eyj6wk20.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\plugins\npqtplugin.dll
FF - plugin: c:\program files\plugins\npqtplugin2.dll
FF - plugin: c:\program files\plugins\npqtplugin3.dll
FF - plugin: c:\program files\plugins\npqtplugin4.dll
FF - plugin: c:\program files\plugins\npqtplugin5.dll
FF - plugin: c:\program files\plugins\npqtplugin6.dll
FF - plugin: c:\program files\plugins\npqtplugin7.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-23 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-29 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-29 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-29 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-29 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-29 285392]
R3 MRVW147;Marvell TOPDOG ™ 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\drivers\MRVW147.sys [2007-3-2 423936]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2006-12-13 40832]

=============== Created Last 30 ================

2010-01-25 22:34:40 0 d-----w- c:\program files\TrendMicro
2010-01-25 16:41:29 0 ----a-w- c:\windows\system32\32757.exe
2010-01-25 16:21:29 0 ----a-w- c:\windows\system32\32662.exe
2010-01-25 16:01:29 0 ----a-w- c:\windows\system32\27644.exe
2010-01-25 15:41:29 0 ----a-w- c:\windows\system32\25547.exe
2010-01-25 15:21:29 0 ----a-w- c:\windows\system32\6868.exe
2010-01-25 15:01:29 0 ----a-w- c:\windows\system32\28253.exe
2010-01-25 14:41:29 0 ----a-w- c:\windows\system32\7711.exe
2010-01-25 14:21:29 0 ----a-w- c:\windows\system32\15141.exe
2010-01-25 14:01:29 0 ----a-w- c:\windows\system32\4664.exe
2010-01-25 13:41:29 0 ----a-w- c:\windows\system32\17673.exe
2010-01-25 13:21:29 0 ----a-w- c:\windows\system32\30333.exe
2010-01-25 13:01:29 0 ----a-w- c:\windows\system32\31322.exe
2010-01-25 12:41:29 0 ----a-w- c:\windows\system32\23811.exe
2010-01-25 12:21:29 0 ----a-w- c:\windows\system32\28703.exe
2010-01-25 12:01:29 0 ----a-w- c:\windows\system32\9894.exe
2010-01-25 11:41:29 0 ----a-w- c:\windows\system32\17035.exe
2010-01-25 11:21:29 0 ----a-w- c:\windows\system32\26299.exe
2010-01-25 11:01:28 0 ----a-w- c:\windows\system32\25667.exe
2010-01-25 10:41:28 0 ----a-w- c:\windows\system32\19912.exe
2010-01-25 10:21:28 0 ----a-w- c:\windows\system32\1869.exe
2010-01-25 10:01:28 0 ----a-w- c:\windows\system32\11538.exe
2010-01-25 09:41:28 0 ----a-w- c:\windows\system32\14771.exe
2010-01-25 09:21:28 0 ----a-w- c:\windows\system32\21726.exe
2010-01-25 09:01:28 0 ----a-w- c:\windows\system32\5447.exe
2010-01-25 08:41:28 0 ----a-w- c:\windows\system32\19895.exe
2010-01-25 08:21:28 0 ----a-w- c:\windows\system32\19718.exe
2010-01-25 08:01:28 0 ----a-w- c:\windows\system32\18716.exe
2010-01-25 07:41:28 0 ----a-w- c:\windows\system32\17421.exe
2010-01-25 07:21:28 0 ----a-w- c:\windows\system32\12382.exe
2010-01-25 07:01:28 0 ----a-w- c:\windows\system32\292.exe
2010-01-25 06:41:28 0 ----a-w- c:\windows\system32\153.exe
2010-01-25 06:21:28 0 ----a-w- c:\windows\system32\3902.exe
2010-01-25 06:01:28 0 ----a-w- c:\windows\system32\14604.exe
2010-01-25 05:41:28 0 ----a-w- c:\windows\system32\32391.exe
2010-01-25 05:21:28 0 ----a-w- c:\windows\system32\5436.exe
2010-01-25 05:01:28 0 ----a-w- c:\windows\system32\4827.exe
2010-01-25 04:41:04 0 ----a-w- c:\windows\system32\11942.exe
2010-01-25 04:21:03 0 ----a-w- c:\windows\system32\2995.exe
2010-01-25 04:01:03 0 ----a-w- c:\windows\system32\491.exe
2010-01-25 03:41:02 0 ----a-w- c:\windows\system32\9961.exe
2010-01-25 03:20:54 0 ----a-w- c:\windows\system32\16827.exe
2010-01-25 03:00:54 0 ----a-w- c:\windows\system32\23281.exe
2010-01-25 02:40:50 0 ----a-w- c:\windows\system32\28145.exe
2010-01-25 02:20:38 0 ----a-w- c:\windows\system32\5705.exe
2010-01-25 02:00:35 0 ----a-w- c:\windows\system32\24464.exe
2010-01-25 01:40:22 0 ----a-w- c:\windows\system32\26962.exe
2010-01-25 01:20:14 0 ----a-w- c:\windows\system32\29358.exe
2010-01-25 01:00:04 0 ----a-w- c:\windows\system32\11478.exe
2010-01-25 00:40:03 0 ----a-w- c:\windows\system32\15724.exe
2010-01-24 23:59:59 0 ----a-w- c:\windows\system32\26500.exe
2010-01-24 23:39:58 0 ----a-w- c:\windows\system32\6334.exe
2010-01-24 23:19:56 0 ----a-w- c:\windows\system32\18467.exe
2010-01-24 22:59:49 0 ----a-w- c:\windows\system32\41.exe
2010-01-24 22:56:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-24 22:46:59 0 ----a-w- c:\windows\system32\19169.exe
2010-01-23 21:40:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-23 21:23:32 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-23 21:21:54 0 d-----w- c:\programdata\Lavasoft
2010-01-23 21:21:54 0 d-----w- c:\program files\Lavasoft
2010-01-20 00:16:54 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-20 00:16:54 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 20:45:39 69 ----a-w- c:\users\grant\jagex_runescape_preferences2.dat
2010-01-15 18:21:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-15 18:21:43 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-15 18:21:42 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-15 18:02:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-15 18:02:22 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-15 18:02:22 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-15 18:02:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-15 18:02:21 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-15 18:02:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-15 17:57:40 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-15 17:57:33 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-15 17:57:29 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-15 17:57:15 274432 ----a-w- c:\windows\system32\raschap.dll
2010-01-15 17:57:15 232960 ----a-w- c:\windows\system32\rastls.dll
2010-01-15 17:56:10 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-15 17:56:04 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-15 14:04:26 0 d-----w- C:\found.000
2010-01-15 13:56:50 0 d-----w- c:\program files\common files\Adobe(0)

==================== Find3M ====================

2010-01-18 21:02:41 39 ----a-w- c:\users\grant\jagex_runescape_preferences.dat
2010-01-16 21:41:39 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-09 03:24:11 255612 ----a-w- c:\windows\fonts\Romantiques.otf
2010-01-09 03:24:02 21368 ----a-w- c:\windows\fonts\VonFont.ttf
2010-01-09 03:23:54 23460 ----a-w- c:\windows\fonts\TATTI__.TTF
2009-12-21 17:47:58 17320 ----a-w- c:\windows\fonts\Gare_de_Chambord .ttf
2009-11-29 18:29:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-29 18:29:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-29 18:29:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 07:59:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-06 17:02:17 86016 ----a-w- c:\windows\inf\infstor.dat
2009-06-06 17:02:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-06-06 17:02:16 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-01-21 14:52:17 174 --sha-w- c:\program files\desktop.ini
2008-06-13 23:02:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-10 20:28:04 7529776 ----a-w- c:\program files\QuickTimePlayer.exe
2008-01-10 20:28:04 750896 ----a-w- c:\program files\QTPlugin.ocx
2008-01-10 20:28:02 364544 ----a-w- c:\program files\QTUIPanelControl.dll
2008-01-10 20:27:52 892928 ----a-w- c:\program files\QTOControl.dll
2008-01-10 20:27:52 819200 ----a-w- c:\program files\QTOLibrary.dll
2008-01-10 20:27:52 737280 ----a-w- c:\program files\QTInfo.exe
2008-01-10 20:27:48 8704 ----a-w- c:\program files\QuickTime Read Me.htm
2008-01-10 20:27:36 55622 ----a-w- c:\program files\Sample.mov
2008-01-10 20:27:36 385024 ----a-w- c:\program files\QTTask.exe
2008-01-10 20:27:36 18663 ----a-w- c:\program files\Sample.qtif
2008-01-10 20:27:30 512000 ----a-w- c:\program files\PictureViewer.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-03-24 20:37:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007032420070325\index.dat
2007-03-23 18:01:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-03-23 18:01:05 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-03-23 18:01:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:14:52.97 ===============


Please help! Thanks a ton!
-G

Hello and welcome to Bleeping Computer

PS>>>>I realize you could not get GMER to run...please see the instructions below as running in Safe Mode may help. If not, the udpated DDS log is fine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.
2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.