Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google searches getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google searches getting redirected

Unread postby Airscape » July 21st, 2010, 9:07 am

Can you please still post the ComboFix log.

Try this scan instead of Kaspersky:

ESET Online Scanner
Note: Use Internet Explorer for this scan.
  • Go to this link and click on ESET Online scanner.
  • At the EULA screen, accept the terms of use, and click Start.
  • Install the Active X control when prompted.
  • UNcheck Remove found threats. <--- Important. Don't remove anything yet.
  • Click Start and it will download files then run a scan, please be patient.
  • When complete, click the finish button.
  • A log will be created at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Please copy/paste that log into your next reply.


Also, this is the correct Adobe download,
please remove the previous version via add/remove programs and install this one instead:
ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.3.3/enu/AdbeRdr933_en_US.exe


Post back with the following:
ComboFix log
ESET log
a new RSIT log
let me know how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Advertisement
Register to Remove

Re: Google searches getting redirected

Unread postby Butcher » July 22nd, 2010, 6:09 pm

Hi,
Here is Combofix log.I am running the other online scanner.Will post results when finished.

Butcher


ComboFix 10-07-15.05 - Owner 07/20/2010 18:40:00.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.670 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: H:\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\program files\FirefoxSetup-0.9.1.exe"
"c:\program files\psa201se_us.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\lsdelete.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\AdobeUM
c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst
c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe\Color\ACECache4.lst
c:\program files\FirefoxSetup-0.9.1.exe
c:\program files\psa201se_us.exe
c:\program files\UltimateBet
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Avocet Ave - Hold'em Normal $500-$1,000(Play Money) Table 21293125.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Blacksburg - Hold'em Normal $100-$200(Play Money) Table 21286902.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Normal - Hold'em Normal $300-$600(Play Money) Table 21289459.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Whitegate - Hold'em Normal $100-$200(Play Money) Table 21277384.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Alpha Drive - Hold'em No Limit $400(Play Money) Table 21280230.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Ivy Dr - Hold'em No Limit $400(Play Money) Table 21344923.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Greece Hwy - Hold'em No Limit $400(Play Money) Table 21399979.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Lafferty Ln - Hold'em No Limit $100 (7-2)(Play Money) Table 21401842.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Orange - Seven Card H-L Normal $10-$20(Play Money) Table 21374254.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Raleigh - Hold'em No Limit $400(Play Money) Table 21402781.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Beal Dr - Hold'em No Limit $50, $10 ante(Play Money) Table 21573274.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Lotus Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21576946.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Melbourne - Hold'em No Limit $400(Play Money) Table 21554200.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Amarillo - Hold'em No Limit $400(Play Money) Table 21598966.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Antelope Ln - Hold'em No Limit $400(Play Money) Table 21603657.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Broadway St - Hold'em No Limit $400(Play Money) Table 21595457.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Iowa Dr - Hold'em No Limit $400(Play Money) Table 21595233.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5310641 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5311968 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Potter Ave - Hold'em No Limit $100, $25 ante(Play Money) Table 21594408.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Texas St - Hold'em No Limit $100(Play Money) Table 21458742.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Bellevue Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21622319.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5310650 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5311998 No Limit Hold'em 10,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Georgia Hwy - Hold'em No Limit $100, $25 ante(Play Money) Table 21766088.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gilbert Rd - Hold'em No Limit $50, $10 ante(Play Money) Table 21770905.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gram Dr - Hold'em No Limit $400(Play Money) Table 21775214.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Happy Ln - Hold'em No Limit $400(Play Money) Table 21761796.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Norway Hwy - Hold'em No Limit $400(Play Money) Table 21702906.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Play Chip NL Holdem Tourney ID 5383400 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Astoria Pl - Hold'em No Limit $10(Play Money) Table 21848119.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Chesapeake - Hold'em No Limit $100, $25 ante(Play Money) Table 21865913.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5383392 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385010 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385047 No Limit Hold'em 10,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Westway Ave - Hold'em No Limit $50(Play Money) Table 21853061.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Arcadia Dr - Hold'em No Limit $400(Play Money) Table 21998215.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Cook Ave - Hold'em No Limit $400(Play Money) Table 21996329.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Marc Pl - Hold'em No Limit $400(Play Money) Table 21996253.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Orange - Hold'em No Limit $400(Play Money) Table 21998862.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5438472 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5439904 No Limit Hold'em 10,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Targhee Dr - Hold'em No Limit $200 (7-2)(Play Money) Table 22003739.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Tearose Ave - Hold'em No Limit $400(Play Money) Table 21998219.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Dunlap St - Hold'em No Limit $400(Play Money) Table 22027903.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5438473 No Limit Hold'em 3,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100604 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Cornell Ave - Seven Card H-L Normal $100-$200(Play Money) Table 22079373.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Ithica Ave - Omaha H-L Normal $50-$100(Play Money) Table 22085957.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Pinnacle Dr - Hold'em No Limit $400(Play Money) Table 22061605.txt
c:\program files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Shore Blvd - Hold'em No Limit $400(Play Money) Table 22093247.txt
c:\program files\UltimateBet\skins\background\bg4\annie duke\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\Aruba\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\bellator\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\classic (old ub)\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\epic empire\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\football\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\Las Vegas\bg4.dat
c:\program files\UltimateBet\skins\background\bg4\phil hellmuth\bg4.dat
c:\program files\UltimateBet\skins\background\bg6\annie duke\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\Aruba\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\bellator\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\classic (old ub)\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\epic empire\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\football\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\Las Vegas\bg6.dat
c:\program files\UltimateBet\skins\background\bg6\phil hellmuth\bg6.dat
c:\program files\UltimateBet\skins\background\bg8\annie duke\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\Aruba\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\bellator\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\classic (old ub)\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\epic empire\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\football\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\Las Vegas\bg8.dat
c:\program files\UltimateBet\skins\background\bg8\phil hellmuth\bg8.dat
c:\program files\UltimateBet\skins\background\bg9\annie duke\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\Aruba\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\bellator\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\classic (old ub)\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\epic empire\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\football\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\Las Vegas\bg9.dat
c:\program files\UltimateBet\skins\background\bg9\phil hellmuth\bg9.dat
c:\program files\UltimateBet\skins\background\bg9_one\annie duke\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\Aruba\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\bellator\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\classic (old ub)\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\epic empire\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\football\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\Las Vegas\bg9_one.dat
c:\program files\UltimateBet\skins\background\bg9_one\phil hellmuth\bg9_one.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-17 01:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-17 01:04 . 2010-07-17 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-15 00:48 . 2010-07-15 00:48 -------- d-----w- c:\program files\ERUNT
2010-07-11 18:19 . 2010-07-11 18:19 -------- d-----w- C:\rsit
2010-07-05 14:45 . 2010-07-05 14:45 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 12:40 . 2010-07-11 18:46 -------- d-----w- c:\program files\Trend Micro
2010-07-02 16:36 . 2010-07-02 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-02 16:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 16:35 . 2010-07-02 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 16:35 . 2010-07-02 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 16:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 22:27 . 2004-08-22 14:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 22:20 . 2008-01-27 15:27 -------- d-----w- c:\program files\Lavasoft
2010-07-20 22:20 . 2008-01-27 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-17 10:29 . 2008-05-08 15:10 -------- d-----w- c:\program files\Alwil Software
2010-07-17 00:41 . 2010-07-17 00:41 1049843 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-15 00:57 . 2004-08-04 01:07 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-28 20:57 . 2008-05-08 15:21 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-05-08 15:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-05-08 15:22 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-05-08 15:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-05-08 15:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-05-08 15:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-06-01 10:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-05-08 15:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-19 13:06 . 2010-06-19 13:06 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-06-19 13:06 . 2010-06-19 13:06 -------- d-----w- c:\program files\CheckPoint
2010-06-19 13:06 . 2010-06-19 13:06 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-19 12:59 . 2010-06-19 12:59 -------- d-----w- c:\program files\Zone Labs
2010-06-13 13:24 . 2008-01-27 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-26 17:03 . 2010-06-19 13:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2010-06-19 13:06 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2010-06-19 13:06 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-21 18:14 . 2009-10-02 17:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 21:53 . 2004-12-31 00:45 50368 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-02-19 00:26 . 2005-01-31 00:05 50688 --sha-w- c:\program files\Thumbs.db
2005-01-30 23:39 . 2005-01-30 23:39 2417824 ----a-w- c:\program files\winzip90.exe
2004-08-22 15:12 . 2004-08-22 14:23 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2002-11-02 20:29 . 2004-08-22 13:30 1490 ----a-w- c:\program files\Microsoft PowerPoint.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2009-02-16 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-04 282624]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-3-1 1085440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2/27/2005 6:42 PM 12384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/8/2008 11:22 AM 165456]
R1 DSC2PAR;DSC2PAR;c:\windows\system32\drivers\Dsc2par.sys [2/21/2005 4:47 PM 65792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/1/2008 6:38 AM 17744]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [6/15/2004 4:02 PM 5824]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/1/2008 6:14 PM 36224]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 1:12 PM 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.tbf\
FF - prefs.js: browser.startup.homepage - hxxp://www.verizon.net/central/vzc.portal
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1177238915-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(756)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Completion time: 2010-07-20 18:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 22:57
ComboFix2.txt 2010-07-17 12:21

Pre-Run: 18,056,704,000 bytes free
Post-Run: 17,998,934,016 bytes free

- - End Of File - - 39FE157BAC30B9C3BC72F4A50BD3725B
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Butcher » July 22nd, 2010, 7:33 pm

Hi,
Here are the ESET and RSIT logs.Also,have not installed the latest Reader version yet.There is a problem with Adobe's site.I have the first version you told me to install.What's next.

Thanks,

Butcher


ESET log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=34e212f0fc1bc44f81093df563af9160
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-22 11:03:45
# local_time=2010-07-22 07:03:45 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 41464 41464 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 0 4023349 0 0
# scanned=72872
# found=0
# cleaned=0
# scan_time=2786


RSIT log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-22 19:17:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (44%) free of 38 GB
Total RAM: 991 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:48 PM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8992 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2009-02-16 868352]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-04 282624]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-05-26 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-22 19:15:52 ----SHD---- C:\RECYCLER
2010-07-22 19:15:05 ----SHD---- C:\Config.Msi
2010-07-22 18:14:43 ----D---- C:\Program Files\ESET
2010-07-20 19:14:54 ----D---- C:\WINDOWS\Sun
2010-07-20 19:10:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-20 19:10:08 ----D---- C:\Program Files\Common Files\Java
2010-07-20 19:09:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-20 19:09:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-20 19:09:20 ----A---- C:\WINDOWS\system32\java.exe
2010-07-20 19:09:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-20 19:08:34 ----D---- C:\Program Files\Java
2010-07-20 19:07:15 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2010-07-20 18:57:38 ----A---- C:\ComboFix.txt
2010-07-17 07:57:43 ----A---- C:\Boot.bak
2010-07-17 07:57:37 ----RASHD---- C:\cmdcons
2010-07-17 07:48:05 ----A---- C:\WINDOWS\zip.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\SWSC.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\SWREG.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\sed.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\PEV.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\MBR.exe
2010-07-17 07:48:05 ----A---- C:\WINDOWS\grep.exe
2010-07-16 21:17:45 ----AD---- C:\Qoobox
2010-07-16 21:04:21 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-07-14 20:52:07 ----A---- C:\TDSSKiller.2.3.2.2_14.07.2010_20.52.07_log.txt
2010-07-14 20:50:14 ----D---- C:\WINDOWS\ERDNT
2010-07-14 20:48:39 ----D---- C:\Program Files\ERUNT
2010-07-11 14:19:18 ----D---- C:\rsit
2010-07-03 08:40:19 ----D---- C:\Program Files\Trend Micro
2010-07-02 12:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-07-02 12:35:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-02 12:35:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-02 12:35:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-02 12:35:56 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-29 20:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-07-22 19:17:48 ----D---- C:\WINDOWS\Prefetch
2010-07-22 19:17:46 ----D---- C:\WINDOWS\Internet Logs
2010-07-22 19:15:38 ----SHD---- C:\WINDOWS\Installer
2010-07-22 19:15:22 ----D---- C:\Program Files\Adobe
2010-07-22 19:15:20 ----D---- C:\Program Files\Common Files\Adobe
2010-07-22 19:14:50 ----D---- C:\WINDOWS\system32
2010-07-22 18:17:42 ----D---- C:\WINDOWS\Temp
2010-07-22 18:14:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 18:14:43 ----RD---- C:\Program Files
2010-07-22 18:00:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-20 20:40:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 19:14:54 ----D---- C:\WINDOWS
2010-07-20 19:12:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-20 19:10:08 ----D---- C:\Program Files\Common Files
2010-07-20 18:57:43 ----D---- C:\WINDOWS\system32\drivers
2010-07-20 18:56:43 ----SD---- C:\WINDOWS\Tasks
2010-07-20 18:53:08 ----A---- C:\WINDOWS\system.ini
2010-07-20 18:52:10 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-20 18:44:11 ----D---- C:\WINDOWS\AppPatch
2010-07-20 18:20:40 ----D---- C:\Program Files\Lavasoft
2010-07-20 18:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-20 18:20:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-17 08:12:29 ----D---- C:\WINDOWS\system32\config
2010-07-17 07:57:43 ----RASH---- C:\boot.ini
2010-07-17 06:29:14 ----D---- C:\Program Files\Alwil Software
2010-07-16 21:04:59 ----D---- C:\WINDOWS\WinSxS
2010-07-14 21:49:14 ----HD---- C:\WINDOWS\inf
2010-07-14 21:48:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-11 13:56:41 ----D---- C:\Program Files\Mozilla Firefox
2010-06-29 21:30:44 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-29 21:30:01 ----RSD---- C:\WINDOWS\assembly
2010-06-29 21:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-29 20:59:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-29 20:59:09 ----D---- C:\Program Files\Outlook Express
2010-06-28 16:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MrFilter;EasyWrite Driver; C:\WINDOWS\system32\drivers\MrFilter.sys [2003-12-01 12384]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 Vmodem;XP Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [2001-08-17 604253]
R0 Vpctcom;XP Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [2001-08-17 397502]
R0 Vvoice;XP Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [2001-08-17 64605]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [1998-06-02 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-03-12 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-03-12 9200]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2009-02-16 259200]
R1 DSC2PAR;DSC2PAR; C:\WINDOWS\system32\drivers\DSC2PAR.sys [1998-06-14 65792]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2009-02-16 146560]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2009-02-16 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2009-02-16 213120]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2009-02-16 21993]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2009-02-16 22745]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-20 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-05-26 2437176]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 23rd, 2010, 7:35 pm

Hi Butcher.

Please upload this file. Also, let me know how the pc is running/any remaining problems?

Go to VirusTotal or Jotti
Click the browse button next to the white box.
Copy/paste the following file and path into the file name box:

C:\WINDOWS\system32\drivers\DSC2PAR.sys

Click Open.
Click Send/Submit, and the file will be scanned for malware.
After a while, a window will open, with details of what the scans found.
Note details of any viruses found, and post the results/links in your next reply.

Note: If the file has been scanned before, please reanaylse the file if asked.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 24th, 2010, 12:19 pm

Hello,
I ran Virus Total and here are the results.PC seems to be running fine.No redirects.Should I turn on all the virus protection or is there something else you want me to do,Also,why did you want me to remove those specific programs.I guess they are not legitimate.Please advise.

Thanks again,

Butcher

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File Dsc2par.sys received on 2010.07.24 16:05:29 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/42 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.24 -
Avast5 5.0.332.0 2010.07.24 -
AVG 9.0.0.851 2010.07.24 -
BitDefender 7.2 2010.07.24 -
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.24 -
Comodo 5522 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.24 -
Emsisoft 5.0.0.34 2010.07.24 -
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.24 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 -
Ikarus T3.1.1.84.0 2010.07.24 -
Jiangmin 13.0.900 2010.07.24 -
Kaspersky 7.0.0.125 2010.07.24 -
McAfee 5.400.0.1158 2010.07.24 -
McAfee-GW-Edition 2010.1 2010.07.23 -
Microsoft 1.6004 2010.07.24 -
NOD32 5309 2010.07.24 -
Norman 6.05.11 2010.07.24 -
nProtect 2010-07-24.02 2010.07.24 -
Panda 10.0.2.7 2010.07.24 -
PCTools 7.0.3.5 2010.07.24 -
Prevx 3.0 2010.07.24 -
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.24 -
Sunbelt 6633 2010.07.24 -
SUPERAntiSpyware 4.40.0.1006 2010.07.24 -
Symantec 20101.1.1.7 2010.07.24 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.24 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.24 -
VirusBuster 5.0.27.0 2010.07.24 -
Additional information
File size: 65792 bytes
MD5...: 726a92841aff2bbeab734ebf1adae0ba
SHA1..: c01a586fabd47af45ad6b4f1a9e805075a4695e2
SHA256: dbdac87dafe61107ccb7b686b51fc2b46ef6fc89120d34957f79066d37168351
ssdeep: 768:6NfvJ/UPwfcm02hH7whRiapASUnyf94yWtEuh90yPzqwY5lXk7b4Sw4ngKS:
6NfOPwqjaFm4Q

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6e0
timedatestamp.....: 0x3583ed06 (Sun Jun 14 15:32:22 1998)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x220 0xc47 0xc60 5.64 3264669c924c4ab9b0320838401624ae
.data 0xe80 0x4020 0x4020 0.00 d52326c1cf4ad6ec62428cccb4497f6b
INIT 0x4ea0 0x18a 0x1a0 4.60 89ea2d26d2d4e95164b8dcf2c946dbdc
.reloc 0x5040 0x122 0x140 4.62 63443b99d58ee2bb51ed3a607bb33725

( 2 imports )
> ntoskrnl.exe: IoCreateDevice, IoCreateSymbolicLink, RtlInitUnicodeString, MmMapIoSpace, IoDeleteDevice, IoDeleteSymbolicLink, IofCompleteRequest, READ_REGISTER_UCHAR, WRITE_REGISTER_UCHAR
> HAL.dll: HalTranslateBusAddress, WRITE_PORT_UCHAR, READ_PORT_UCHAR

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 24th, 2010, 8:11 pm

Hi Butcher,

Which program do you mean, is it UltimateBet?

If so please do the following:

I would like to see a list of files quarantined by ComboFix, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Post the contents of that file in your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 25th, 2010, 7:13 am

Hi,
Yes,it is UltimateSet.Here is the quarantined log.I see that UltimateBet is in there.

Thanks,
Butcher


2010-07-20 22:39:40 . 2010-07-20 22:39:40 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-07-17 12:19:48 . 2010-07-17 12:19:48 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-klmdb.sys.reg.dat
2010-07-17 12:19:24 . 2010-07-17 12:19:24 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-ALUAlert.reg.dat
2010-07-17 12:15:18 . 2010-07-17 12:15:18 283 ----a-w- C:\Qoobox\Quarantine\E\av1.zip
2010-07-17 12:15:16 . 2008-05-09 20:00:04 90 ----a-w- C:\Qoobox\Quarantine\E\AUTORUN.INF.vir
2010-07-17 12:03:59 . 2010-07-17 12:03:59 2,340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2010-07-17 12:03:58 . 2010-07-17 12:03:58 1,312 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2010-07-17 12:03:31 . 2010-07-20 22:44:54 7,814 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-17 01:20:08 . 2010-07-20 22:36:46 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-07-11 18:42:34 . 2010-07-11 18:42:34 14,909 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst.vir
2010-06-30 01:38:52 . 2010-06-30 01:38:53 6,856 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe\Color\ACECache4.lst.vir
2010-06-30 01:34:43 . 2010-07-11 18:59:13 664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\d3d9caps.dat.vir
2010-06-06 03:28:01 . 2010-06-06 03:31:07 10,591 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Cornell Ave - Seven Card H-L Normal $100-$200(Play Money) Table 22079373.txt.vir
2010-06-06 03:22:10 . 2010-06-06 03:22:15 2,913 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Ithica Ave - Omaha H-L Normal $50-$100(Play Money) Table 22085957.txt.vir
2010-06-06 02:33:24 . 2010-06-06 02:56:50 44,973 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Shore Blvd - Hold'em No Limit $400(Play Money) Table 22093247.txt.vir
2010-06-06 01:57:59 . 2010-06-06 02:31:17 71,121 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Pinnacle Dr - Hold'em No Limit $400(Play Money) Table 22061605.txt.vir
2010-06-04 04:02:48 . 2010-06-04 05:49:55 231,468 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100604 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
2010-06-04 02:09:41 . 2010-06-04 04:02:48 188,502 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
2010-06-04 01:49:53 . 2010-06-04 02:04:57 28,753 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5438473 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-06-04 01:33:29 . 2010-06-04 01:46:10 30,969 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Dunlap St - Hold'em No Limit $400(Play Money) Table 22027903.txt.vir
2010-06-03 02:57:59 . 2010-06-03 03:08:45 26,303 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Targhee Dr - Hold'em No Limit $200 (7-2)(Play Money) Table 22003739.txt.vir
2010-06-03 02:52:51 . 2010-06-03 02:56:26 10,499 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Cook Ave - Hold'em No Limit $400(Play Money) Table 21996329.txt.vir
2010-06-03 02:45:38 . 2010-06-03 02:51:46 16,428 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Marc Pl - Hold'em No Limit $400(Play Money) Table 21996253.txt.vir
2010-06-03 02:09:58 . 2010-06-03 02:43:28 46,041 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5439904 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
2010-06-03 01:52:45 . 2010-06-03 02:08:20 37,455 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Orange - Hold'em No Limit $400(Play Money) Table 21998862.txt.vir
2010-06-03 01:49:27 . 2010-06-03 01:49:27 1,855 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5438472 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-06-03 01:33:00 . 2010-06-03 01:47:51 31,948 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Tearose Ave - Hold'em No Limit $400(Play Money) Table 21998219.txt.vir
2010-06-03 01:23:39 . 2010-06-03 01:29:08 6,893 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Arcadia Dr - Hold'em No Limit $400(Play Money) Table 21998215.txt.vir
2010-05-29 03:33:00 . 2010-05-29 03:38:58 15,199 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Chesapeake - Hold'em No Limit $100, $25 ante(Play Money) Table 21865913.txt.vir
2010-05-29 02:09:17 . 2010-05-29 03:28:32 136,222 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385047 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
2010-05-29 01:09:13 . 2010-05-29 03:11:10 185,186 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385010 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-29 00:49:15 . 2010-05-29 01:49:34 138,862 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5383392 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-29 00:40:28 . 2010-05-29 00:41:44 2,967 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Westway Ave - Hold'em No Limit $50(Play Money) Table 21853061.txt.vir
2010-05-29 00:32:01 . 2010-05-29 00:35:24 6,121 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Astoria Pl - Hold'em No Limit $10(Play Money) Table 21848119.txt.vir
2010-05-26 02:45:35 . 2010-05-26 02:57:28 24,010 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gilbert Rd - Hold'em No Limit $50, $10 ante(Play Money) Table 21770905.txt.vir
2010-05-26 02:31:17 . 2010-05-26 02:43:27 26,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Georgia Hwy - Hold'em No Limit $100, $25 ante(Play Money) Table 21766088.txt.vir
2010-05-26 02:07:27 . 2010-05-26 02:30:19 45,043 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Norway Hwy - Hold'em No Limit $400(Play Money) Table 21702906.txt.vir
2010-05-26 01:49:08 . 2010-05-26 02:03:01 27,478 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Play Chip NL Holdem Tourney ID 5383400 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-26 01:36:42 . 2010-05-26 01:40:45 14,307 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gram Dr - Hold'em No Limit $400(Play Money) Table 21775214.txt.vir
2010-05-26 01:28:10 . 2010-05-26 01:30:45 7,999 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Happy Ln - Hold'em No Limit $400(Play Money) Table 21761796.txt.vir
2010-05-21 02:10:35 . 2010-05-21 02:43:02 52,413 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5311998 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
2010-05-21 02:03:09 . 2010-05-21 02:07:13 14,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Bellevue Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21622319.txt.vir
2010-05-21 01:48:46 . 2010-05-21 01:57:00 17,340 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5310650 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-20 02:57:08 . 2010-05-20 03:12:42 35,441 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Amarillo - Hold'em No Limit $400(Play Money) Table 21598966.txt.vir
2010-05-20 01:09:36 . 2010-05-20 02:45:23 175,078 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5311968 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-20 00:57:50 . 2010-05-20 01:02:04 10,783 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Antelope Ln - Hold'em No Limit $400(Play Money) Table 21603657.txt.vir
2010-05-20 00:48:53 . 2010-05-20 00:51:34 6,026 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5310641 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
2010-05-19 22:18:58 . 2010-05-20 00:41:12 282,245 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Potter Ave - Hold'em No Limit $100, $25 ante(Play Money) Table 21594408.txt.vir
2010-05-19 22:14:50 . 2010-05-19 22:16:32 3,725 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Texas St - Hold'em No Limit $100(Play Money) Table 21458742.txt.vir
2010-05-19 20:53:42 . 2010-05-19 22:01:18 98,218 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Iowa Dr - Hold'em No Limit $400(Play Money) Table 21595233.txt.vir
2010-05-19 20:38:05 . 2010-05-19 20:51:49 29,463 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Broadway St - Hold'em No Limit $400(Play Money) Table 21595457.txt.vir
2010-05-19 01:47:12 . 2010-05-19 02:09:34 63,673 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Melbourne - Hold'em No Limit $400(Play Money) Table 21554200.txt.vir
2010-05-19 01:37:03 . 2010-05-19 01:45:02 19,244 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Lotus Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21576946.txt.vir
2010-05-19 01:18:59 . 2010-05-19 01:35:03 30,180 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Beal Dr - Hold'em No Limit $50, $10 ante(Play Money) Table 21573274.txt.vir
2010-05-13 01:39:58 . 2010-05-13 01:45:03 18,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Lafferty Ln - Hold'em No Limit $100 (7-2)(Play Money) Table 21401842.txt.vir
2010-05-13 01:31:46 . 2010-05-13 01:38:21 20,225 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Orange - Seven Card H-L Normal $10-$20(Play Money) Table 21374254.txt.vir
2010-05-13 01:16:13 . 2010-05-13 01:27:15 23,737 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Raleigh - Hold'em No Limit $400(Play Money) Table 21402781.txt.vir
2010-05-13 00:40:13 . 2010-05-13 01:14:05 70,164 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Greece Hwy - Hold'em No Limit $400(Play Money) Table 21399979.txt.vir
2010-05-11 01:46:08 . 2010-05-11 01:59:20 23,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Alpha Drive - Hold'em No Limit $400(Play Money) Table 21280230.txt.vir
2010-05-11 01:07:37 . 2010-05-11 01:41:58 58,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Ivy Dr - Hold'em No Limit $400(Play Money) Table 21344923.txt.vir
2010-05-09 03:07:33 . 2010-05-09 03:51:14 84,049 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Whitegate - Hold'em Normal $100-$200(Play Money) Table 21277384.txt.vir
2010-05-09 02:43:57 . 2010-05-09 03:04:16 44,435 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Avocet Ave - Hold'em Normal $500-$1,000(Play Money) Table 21293125.txt.vir
2010-05-09 02:35:04 . 2010-05-09 02:41:14 14,052 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Blacksburg - Hold'em Normal $100-$200(Play Money) Table 21286902.txt.vir
2010-05-09 01:59:03 . 2010-05-09 02:31:50 82,710 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Normal - Hold'em Normal $300-$600(Play Money) Table 21289459.txt.vir
2010-04-10 23:06:26 . 2010-04-10 23:06:26 326,962 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\bellator\bg9_one.dat.vir
2010-04-10 23:06:26 . 2010-04-10 23:06:26 327,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\bellator\bg9.dat.vir
2010-04-10 23:06:26 . 2010-04-10 23:06:26 325,807 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\bellator\bg8.dat.vir
2010-04-10 23:06:26 . 2010-04-10 23:06:26 325,709 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\bellator\bg6.dat.vir
2010-04-10 23:06:26 . 2010-04-10 23:06:26 325,943 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\bellator\bg4.dat.vir
2010-02-20 18:39:55 . 2010-02-20 18:46:35 2,181 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\xpsp1hfm.log.vir
2010-02-09 01:31:34 . 2010-02-09 01:31:34 165,844 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\classic (old ub)\bg9.dat.vir
2010-02-09 01:31:34 . 2010-02-09 01:31:34 113,895 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\classic (old ub)\bg9_one.dat.vir
2010-02-09 01:31:34 . 2010-02-09 01:31:34 142,936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\classic (old ub)\bg6.dat.vir
2010-02-09 01:31:34 . 2010-02-09 01:31:34 162,173 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\classic (old ub)\bg8.dat.vir
2010-02-09 01:31:34 . 2010-02-09 01:31:34 127,559 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\classic (old ub)\bg4.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 251,497 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\annie duke\bg9_one.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 306,642 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\phil hellmuth\bg9_one.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 296,196 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\phil hellmuth\bg9.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 301,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\phil hellmuth\bg8.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 272,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\annie duke\bg9.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 271,629 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\annie duke\bg8.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 263,531 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\annie duke\bg6.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 300,595 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\phil hellmuth\bg6.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 307,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\phil hellmuth\bg4.dat.vir
2009-07-24 01:29:38 . 2010-02-09 01:31:32 253,459 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\annie duke\bg4.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 288,556 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\epic empire\bg9_one.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 244,350 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\football\bg9_one.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 325,926 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\epic empire\bg9.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 261,357 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\football\bg9.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 323,003 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\epic empire\bg8.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 258,518 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\football\bg8.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 307,063 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\epic empire\bg6.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 251,796 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\football\bg6.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 244,893 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\football\bg4.dat.vir
2009-06-14 18:00:49 . 2010-02-09 01:31:32 289,725 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\epic empire\bg4.dat.vir
2009-03-30 16:18:24 . 2010-02-09 01:31:32 455,367 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Aruba\bg4.dat.vir
2009-03-30 16:18:24 . 2010-02-09 01:31:32 527,300 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Las Vegas\bg4.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 527,401 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Las Vegas\bg9_one.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 303,415 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Las Vegas\bg9.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 449,449 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Aruba\bg9_one.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 256,435 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Aruba\bg9.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 247,434 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Aruba\bg8.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 292,539 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Las Vegas\bg8.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 378,717 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Aruba\bg6.dat.vir
2008-11-30 01:46:38 . 2010-02-09 01:31:32 524,207 ----a-w- C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Las Vegas\bg6.dat.vir
2007-06-29 16:03:25 . 2007-06-29 16:03:25 0 ----a-w- C:\Qoobox\Quarantine\C\148.tmp.vir
2007-06-29 16:03:22 . 2007-06-29 16:03:22 0 ----a-w- C:\Qoobox\Quarantine\C\147.tmp.vir
2007-06-29 16:03:19 . 2007-06-29 16:03:19 0 ----a-w- C:\Qoobox\Quarantine\C\146.tmp.vir
2007-06-29 16:03:16 . 2007-06-29 16:03:16 0 ----a-w- C:\Qoobox\Quarantine\C\144.tmp.vir
2007-06-29 16:03:13 . 2007-06-29 16:03:13 0 ----a-w- C:\Qoobox\Quarantine\C\141.tmp.vir
2007-06-29 16:03:04 . 2007-06-29 16:03:04 0 ----a-w- C:\Qoobox\Quarantine\C\13E.tmp.vir
2007-02-21 14:14:54 . 2007-02-21 14:14:54 1,282,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\MailSwitch.ocx.vir
2007-01-14 16:07:53 . 2007-01-14 16:07:55 30,720 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2004-12-10 08:42:08 . 2004-12-10 08:42:08 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2004-12-10 08:42:08 . 2004-12-10 08:42:08 208,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2004-12-10 08:42:08 . 2004-12-10 08:42:08 30,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2004-12-10 08:42:06 . 2004-12-10 08:42:06 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2004-08-22 14:03:47 . 2004-08-22 14:23:28 6,811,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files\psa201se_us.exe.vir
2004-07-04 02:19:20 . 2004-07-04 02:19:15 4,959,023 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FirefoxSetup-0.9.1.exe.vir
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 25th, 2010, 9:38 pm

Hi Butcher,

Run CFScript
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to disable security programs can be found here. Remember to re-enable all security software after this.
Open Notepad (Start > Run > type notepad > ok)
Copy/Paste the following text Inside the code box into notepad:

Code: Select all
DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Cornell Ave - Seven Card H-L Normal $100-$200(Play Money) Table 22079373.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Ithica Ave - Omaha H-L Normal $50-$100(Play Money) Table 22085957.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Shore Blvd - Hold'em No Limit $400(Play Money) Table 22093247.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Pinnacle Dr - Hold'em No Limit $400(Play Money) Table 22061605.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100604 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5438473 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Dunlap St - Hold'em No Limit $400(Play Money) Table 22027903.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Targhee Dr - Hold'em No Limit $200 (7-2)(Play Money) Table 22003739.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Cook Ave - Hold'em No Limit $400(Play Money) Table 21996329.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Marc Pl - Hold'em No Limit $400(Play Money) Table 21996253.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5439904 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Orange - Hold'em No Limit $400(Play Money) Table 21998862.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5438472 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Tearose Ave - Hold'em No Limit $400(Play Money) Table 21998219.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Arcadia Dr - Hold'em No Limit $400(Play Money) Table 21998215.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Chesapeake - Hold'em No Limit $100, $25 ante(Play Money) Table 21865913.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385047 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385010 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5383392 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Westway Ave - Hold'em No Limit $50(Play Money) Table 21853061.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Astoria Pl - Hold'em No Limit $10(Play Money) Table 21848119.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gilbert Rd - Hold'em No Limit $50, $10 ante(Play Money) Table 21770905.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Georgia Hwy - Hold'em No Limit $100, $25 ante(Play Money) Table 21766088.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Norway Hwy - Hold'em No Limit $400(Play Money) Table 21702906.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Play Chip NL Holdem Tourney ID 5383400 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gram Dr - Hold'em No Limit $400(Play Money) Table 21775214.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Happy Ln - Hold'em No Limit $400(Play Money) Table 21761796.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5311998 No Limit Hold'em 10,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Bellevue Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21622319.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5310650 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Amarillo - Hold'em No Limit $400(Play Money) Table 21598966.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5311968 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Antelope Ln - Hold'em No Limit $400(Play Money) Table 21603657.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5310641 No Limit Hold'em 3,000 + 0(Play Money).txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Potter Ave - Hold'em No Limit $100, $25 ante(Play Money) Table 21594408.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Texas St - Hold'em No Limit $100(Play Money) Table 21458742.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Iowa Dr - Hold'em No Limit $400(Play Money) Table 21595233.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Broadway St - Hold'em No Limit $400(Play Money) Table 21595457.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Melbourne - Hold'em No Limit $400(Play Money) Table 21554200.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Lotus Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21576946.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Beal Dr - Hold'em No Limit $50, $10 ante(Play Money) Table 21573274.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Lafferty Ln - Hold'em No Limit $100 (7-2)(Play Money) Table 21401842.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Orange - Seven Card H-L Normal $10-$20(Play Money) Table 21374254.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Raleigh - Hold'em No Limit $400(Play Money) Table 21402781.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Greece Hwy - Hold'em No Limit $400(Play Money) Table 21399979.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Alpha Drive - Hold'em No Limit $400(Play Money) Table 21280230.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Ivy Dr - Hold'em No Limit $400(Play Money) Table 21344923.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Whitegate - Hold'em Normal $100-$200(Play Money) Table 21277384.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Avocet Ave - Hold'em Normal $500-$1,000(Play Money) Table 21293125.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Blacksburg - Hold'em Normal $100-$200(Play Money) Table 21286902.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Normal - Hold'em Normal $300-$600(Play Money) Table 21289459.txt.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\bellator\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\bellator\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\bellator\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\bellator\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\bellator\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\classic (old ub)\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\classic (old ub)\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\classic (old ub)\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\classic (old ub)\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\classic (old ub)\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\annie duke\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\phil hellmuth\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\phil hellmuth\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\phil hellmuth\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\annie duke\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\annie duke\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\annie duke\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\phil hellmuth\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\phil hellmuth\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\annie duke\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\epic empire\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\football\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\epic empire\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\football\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\epic empire\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\football\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\epic empire\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\football\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\football\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\epic empire\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Aruba\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Las Vegas\bg4.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Las Vegas\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Las Vegas\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Aruba\bg9_one.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Aruba\bg9.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Aruba\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Las Vegas\bg8.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Aruba\bg6.dat.vir
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Las Vegas\bg6.dat.vir

Quit::

Save this file as CFScript.txt to your desktop (or the same location as combofix.exe)

Now drag CFScript.txt into ComboFix.exe as shown in the animation below... This will start ComboFix again.

Image

When finished, it shall produce a log for you. Please post the log in your next reply, and see if the program is back.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
ComboFix SHOULD NOT be used unless requested by a forum helper.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 25th, 2010, 10:51 pm

Hi,
Here is the log.I will restart alll my security after this post Ok


Thanks

Butcher


C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Avocet Ave - Hold'em Normal $500-$1,000(Play Money) Table 21293125.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Avocet Ave - Hold'em Normal $500-$1,000(Play Money) Table 21293125.txt ( 44435 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Blacksburg - Hold'em Normal $100-$200(Play Money) Table 21286902.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Blacksburg - Hold'em Normal $100-$200(Play Money) Table 21286902.txt ( 14052 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Normal - Hold'em Normal $300-$600(Play Money) Table 21289459.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Normal - Hold'em Normal $300-$600(Play Money) Table 21289459.txt ( 82710 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Whitegate - Hold'em Normal $100-$200(Play Money) Table 21277384.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100508 Whitegate - Hold'em Normal $100-$200(Play Money) Table 21277384.txt ( 84049 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Alpha Drive - Hold'em No Limit $400(Play Money) Table 21280230.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Alpha Drive - Hold'em No Limit $400(Play Money) Table 21280230.txt ( 23256 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Ivy Dr - Hold'em No Limit $400(Play Money) Table 21344923.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100510 Ivy Dr - Hold'em No Limit $400(Play Money) Table 21344923.txt ( 58744 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Greece Hwy - Hold'em No Limit $400(Play Money) Table 21399979.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Greece Hwy - Hold'em No Limit $400(Play Money) Table 21399979.txt ( 70164 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Lafferty Ln - Hold'em No Limit $100 (7-2)(Play Money) Table 21401842.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Lafferty Ln - Hold'em No Limit $100 (7-2)(Play Money) Table 21401842.txt ( 18784 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Orange - Seven Card H-L Normal $10-$20(Play Money) Table 21374254.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Orange - Seven Card H-L Normal $10-$20(Play Money) Table 21374254.txt ( 20225 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Raleigh - Hold'em No Limit $400(Play Money) Table 21402781.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100512 Raleigh - Hold'em No Limit $400(Play Money) Table 21402781.txt ( 23737 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Beal Dr - Hold'em No Limit $50, $10 ante(Play Money) Table 21573274.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Beal Dr - Hold'em No Limit $50, $10 ante(Play Money) Table 21573274.txt ( 30180 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Lotus Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21576946.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Lotus Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21576946.txt ( 19244 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Melbourne - Hold'em No Limit $400(Play Money) Table 21554200.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100518 Melbourne - Hold'em No Limit $400(Play Money) Table 21554200.txt ( 63673 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Amarillo - Hold'em No Limit $400(Play Money) Table 21598966.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Amarillo - Hold'em No Limit $400(Play Money) Table 21598966.txt ( 35441 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Antelope Ln - Hold'em No Limit $400(Play Money) Table 21603657.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Antelope Ln - Hold'em No Limit $400(Play Money) Table 21603657.txt ( 10783 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Broadway St - Hold'em No Limit $400(Play Money) Table 21595457.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Broadway St - Hold'em No Limit $400(Play Money) Table 21595457.txt ( 29463 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Iowa Dr - Hold'em No Limit $400(Play Money) Table 21595233.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Iowa Dr - Hold'em No Limit $400(Play Money) Table 21595233.txt ( 98218 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5310641 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5310641 No Limit Hold'em 3,000 + 0(Play Money).txt ( 6026 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5311968 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Play Chip NL Holdem Tourney ID 5311968 No Limit Hold'em 3,000 + 0(Play Money).txt ( 175078 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Potter Ave - Hold'em No Limit $100, $25 ante(Play Money) Table 21594408.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Potter Ave - Hold'em No Limit $100, $25 ante(Play Money) Table 21594408.txt ( 282245 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Texas St - Hold'em No Limit $100(Play Money) Table 21458742.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100519 Texas St - Hold'em No Limit $100(Play Money) Table 21458742.txt ( 3725 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Bellevue Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21622319.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Bellevue Dr - Hold'em No Limit $100, $25 ante(Play Money) Table 21622319.txt ( 14102 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5310650 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5310650 No Limit Hold'em 3,000 + 0(Play Money).txt ( 17340 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5311998 No Limit Hold'em 10,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100520 Play Chip NL Holdem Tourney ID 5311998 No Limit Hold'em 10,000 + 0(Play Money).txt ( 52413 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Georgia Hwy - Hold'em No Limit $100, $25 ante(Play Money) Table 21766088.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Georgia Hwy - Hold'em No Limit $100, $25 ante(Play Money) Table 21766088.txt ( 26648 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gilbert Rd - Hold'em No Limit $50, $10 ante(Play Money) Table 21770905.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gilbert Rd - Hold'em No Limit $50, $10 ante(Play Money) Table 21770905.txt ( 24010 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gram Dr - Hold'em No Limit $400(Play Money) Table 21775214.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Gram Dr - Hold'em No Limit $400(Play Money) Table 21775214.txt ( 14307 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Happy Ln - Hold'em No Limit $400(Play Money) Table 21761796.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Happy Ln - Hold'em No Limit $400(Play Money) Table 21761796.txt ( 7999 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Norway Hwy - Hold'em No Limit $400(Play Money) Table 21702906.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Norway Hwy - Hold'em No Limit $400(Play Money) Table 21702906.txt ( 45043 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Play Chip NL Holdem Tourney ID 5383400 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100525 Play Chip NL Holdem Tourney ID 5383400 No Limit Hold'em 3,000 + 0(Play Money).txt ( 27478 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Astoria Pl - Hold'em No Limit $10(Play Money) Table 21848119.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Astoria Pl - Hold'em No Limit $10(Play Money) Table 21848119.txt ( 6121 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Chesapeake - Hold'em No Limit $100, $25 ante(Play Money) Table 21865913.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Chesapeake - Hold'em No Limit $100, $25 ante(Play Money) Table 21865913.txt ( 15199 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5383392 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5383392 No Limit Hold'em 3,000 + 0(Play Money).txt ( 138862 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385010 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385010 No Limit Hold'em 3,000 + 0(Play Money).txt ( 185186 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385047 No Limit Hold'em 10,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Play Chip NL Holdem Tourney ID 5385047 No Limit Hold'em 10,000 + 0(Play Money).txt ( 136222 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Westway Ave - Hold'em No Limit $50(Play Money) Table 21853061.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100528 Westway Ave - Hold'em No Limit $50(Play Money) Table 21853061.txt ( 2967 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Arcadia Dr - Hold'em No Limit $400(Play Money) Table 21998215.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Arcadia Dr - Hold'em No Limit $400(Play Money) Table 21998215.txt ( 6893 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Cook Ave - Hold'em No Limit $400(Play Money) Table 21996329.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Cook Ave - Hold'em No Limit $400(Play Money) Table 21996329.txt ( 10499 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Marc Pl - Hold'em No Limit $400(Play Money) Table 21996253.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Marc Pl - Hold'em No Limit $400(Play Money) Table 21996253.txt ( 16428 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Orange - Hold'em No Limit $400(Play Money) Table 21998862.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Orange - Hold'em No Limit $400(Play Money) Table 21998862.txt ( 37455 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5438472 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5438472 No Limit Hold'em 3,000 + 0(Play Money).txt ( 1855 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5439904 No Limit Hold'em 10,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Play Chip NL Holdem Tourney ID 5439904 No Limit Hold'em 10,000 + 0(Play Money).txt ( 46041 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Targhee Dr - Hold'em No Limit $200 (7-2)(Play Money) Table 22003739.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Targhee Dr - Hold'em No Limit $200 (7-2)(Play Money) Table 22003739.txt ( 26303 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Tearose Ave - Hold'em No Limit $400(Play Money) Table 21998219.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100602 Tearose Ave - Hold'em No Limit $400(Play Money) Table 21998219.txt ( 31948 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Dunlap St - Hold'em No Limit $400(Play Money) Table 22027903.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Dunlap St - Hold'em No Limit $400(Play Money) Table 22027903.txt ( 30969 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5438473 No Limit Hold'em 3,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5438473 No Limit Hold'em 3,000 + 0(Play Money).txt ( 28753 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100603 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt ( 188502 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100604 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100604 Play Chip NL Holdem Tourney ID 5439905 No Limit Hold'em 10,000 + 0(Play Money).txt ( 231468 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Cornell Ave - Seven Card H-L Normal $100-$200(Play Money) Table 22079373.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Cornell Ave - Seven Card H-L Normal $100-$200(Play Money) Table 22079373.txt ( 10591 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Ithica Ave - Omaha H-L Normal $50-$100(Play Money) Table 22085957.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Ithica Ave - Omaha H-L Normal $50-$100(Play Money) Table 22085957.txt ( 2913 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Pinnacle Dr - Hold'em No Limit $400(Play Money) Table 22061605.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Pinnacle Dr - Hold'em No Limit $400(Play Money) Table 22061605.txt ( 71121 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Shore Blvd - Hold'em No Limit $400(Play Money) Table 22093247.txt.vir -> C:\Program Files\UltimateBet\HandHistory\DOUBLEIN221\IHH20100605 Shore Blvd - Hold'em No Limit $400(Play Money) Table 22093247.txt ( 44973 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\annie duke\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\annie duke\bg4.dat ( 253459 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Aruba\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\Aruba\bg4.dat ( 455367 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\bellator\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\bellator\bg4.dat ( 325943 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\classic (old ub)\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\classic (old ub)\bg4.dat ( 127559 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\epic empire\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\epic empire\bg4.dat ( 289725 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\football\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\football\bg4.dat ( 244893 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\Las Vegas\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\Las Vegas\bg4.dat ( 527300 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg4\phil hellmuth\bg4.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg4\phil hellmuth\bg4.dat ( 307416 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\annie duke\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\annie duke\bg6.dat ( 263531 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Aruba\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\Aruba\bg6.dat ( 378717 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\bellator\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\bellator\bg6.dat ( 325709 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\classic (old ub)\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\classic (old ub)\bg6.dat ( 142936 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\epic empire\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\epic empire\bg6.dat ( 307063 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\football\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\football\bg6.dat ( 251796 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\Las Vegas\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\Las Vegas\bg6.dat ( 524207 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg6\phil hellmuth\bg6.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg6\phil hellmuth\bg6.dat ( 300595 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\annie duke\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\annie duke\bg8.dat ( 271629 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Aruba\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\Aruba\bg8.dat ( 247434 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\bellator\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\bellator\bg8.dat ( 325807 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\classic (old ub)\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\classic (old ub)\bg8.dat ( 162173 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\epic empire\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\epic empire\bg8.dat ( 323003 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\football\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\football\bg8.dat ( 258518 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\Las Vegas\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\Las Vegas\bg8.dat ( 292539 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg8\phil hellmuth\bg8.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg8\phil hellmuth\bg8.dat ( 301440 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\annie duke\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\annie duke\bg9.dat ( 272360 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Aruba\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\Aruba\bg9.dat ( 256435 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\bellator\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\bellator\bg9.dat ( 327176 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\classic (old ub)\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\classic (old ub)\bg9.dat ( 165844 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\epic empire\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\epic empire\bg9.dat ( 325926 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\football\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\football\bg9.dat ( 261357 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\Las Vegas\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\Las Vegas\bg9.dat ( 303415 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9\phil hellmuth\bg9.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9\phil hellmuth\bg9.dat ( 296196 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\annie duke\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\annie duke\bg9_one.dat ( 251497 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Aruba\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\Aruba\bg9_one.dat ( 449449 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\bellator\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\bellator\bg9_one.dat ( 326962 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\classic (old ub)\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\classic (old ub)\bg9_one.dat ( 113895 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\epic empire\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\epic empire\bg9_one.dat ( 288556 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\football\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\football\bg9_one.dat ( 244350 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\Las Vegas\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\Las Vegas\bg9_one.dat ( 527401 bytes )
C:\Qoobox\Quarantine\C\Program Files\UltimateBet\skins\background\bg9_one\phil hellmuth\bg9_one.dat.vir -> C:\Program Files\UltimateBet\skins\background\bg9_one\phil hellmuth\bg9_one.dat ( 306642 bytes )
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 27th, 2010, 12:53 pm

Hi Butcher,

Is everything working with the program. If so let me know and if no other problems we can provide info for the future.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 27th, 2010, 5:46 pm

Hi,
Everthing seems to be working ok.What program are you talking about.I removed Ultimate Bet.
One thing I did notice when I go to install Microsoft updates and click on the hyperlink for more info nothing seems to happen.It doesn't take me to the M/S update page.Is this a problem with my machine or M/S site.Please advise.

Thanks,
Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 27th, 2010, 7:18 pm

My apologies I misunderstood your last comments :oops:

If you decided to remove instead then delete this folder if not done so already:
(the reason I had you remove in the first place as poker programs/sites etc sometimes come with adware.)

C\Program Files\UltimateBet

Butcher wrote:One thing I did notice when I go to install Microsoft updates and click on the hyperlink for more info nothing seems to happen.It doesn't take me to the M/S update page.Is this a problem with my machine or M/S site.Please advise.

Does windows update automatically? if so it's fine, make sure you let it download/install all critical updates then reboot the pc.
If it's not set to auto update then follow the instruction here: http://support.microsoft.com/kb/306525
There's also an option "Fix it for me" just run the downloaded file.


After that go here to secunia: http://secunia.com/vulnerability_scanning/online/
Let it scan the pc then download/run any provided updates.... or install the personal version up to you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue. The program will run, please be patient.
Once done, click on Copy then Paste the contents into your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 28th, 2010, 5:51 pm

Hi,
I did remove Ultimate Bet from the pc.I don't have windows update set to automatically install but I have it set to download and then let me decide when to install.I like to read about what the reasons are however when I click on more info on the hyperlink nothing happens.It always brought me to the windows update site.I will scan the pc with secunia and then download the M/S tool.This isn't the M/S malicious software removal tool is it?I will post results when finished.

Thanks,
Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 28th, 2010, 6:08 pm

No it's a different tool, post the log when ready. :)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 28th, 2010, 6:30 pm

Hi,
A window comes up when I run the tool and the first line says validation status validation control not installed.There are 2 boxes at the bottom saying resolve and copy.Is that the copy you want me to click on?I click on copy and nothing happens.Here is what secunia found.


Programs / Result Version Detected Status
Microsoft Windows XP Professional Service Pack 3
This installation of Microsoft Windows XP Professional is insecure and potentially exposes your system to security threats!

Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

Update Instructions:
You do not have the following Microsoft security updates installed:
KB2229593

Visit Windows Update to install the missing patches.
Apple QuickTime 7.x 7.1.0.210
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.1.0.210, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.66.71.0.

Update Instructions:
Download


Installed on Your System in:
C:\Program Files\QuickTime\QuickTimePlayer.exe
WinZip 9.x 9.0 SR-1 (6
This installation of WinZip 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0 SR-1 (6, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 14.x.

Update Instructions:
Download


Installed on Your System in:
C:\Program Files\WinZip\WINZIP32.EXE
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware