Greetings,
Im attempting to fix my girlfriends computer. Internet Explorer seems to be hijacked. When in clicking links, it constantly redirects her to different webpages.
I'm in the process of following this:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
she uses avira, spybot and windows firewall. compaq presario, 2.6GHz, I've upgraded the RAM from 512MB to 1G running windows XP.
step 2: done, everything ran smoothly.
step 3: kept freezing when I tried to run it. eventually booted in safe mode and it ran fine.
step 4: computer locked up. ieexplorere crashed and I lost the desktop. had to reboot. could someone explain what GMER is? should I reboot in safe mode and try again?
step 5: DDS:
Thanks to any and all replies! I will be checking back momentarily after I've run GMER in safe mode and done some research as to what it actually does (just curiosity)
~Tim
Im attempting to fix my girlfriends computer. Internet Explorer seems to be hijacked. When in clicking links, it constantly redirects her to different webpages.
I'm in the process of following this:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
she uses avira, spybot and windows firewall. compaq presario, 2.6GHz, I've upgraded the RAM from 512MB to 1G running windows XP.
step 2: done, everything ran smoothly.
step 3: kept freezing when I tried to run it. eventually booted in safe mode and it ran fine.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5270
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12/8/2010 2:26:53 AM
mbam-log-2010-12-08 (02-26-49).txt
Scan type: Quick scan
Objects scanned: 128571
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
step 4: computer locked up. ieexplorere crashed and I lost the desktop. had to reboot. could someone explain what GMER is? should I reboot in safe mode and try again?
step 5: DDS:
Attach:DDS (Ver_10-12-05.01) - NTFSx86
Run by user at 13:50:18.04 on Wed 12/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.453 [GMT -5:00]
AV: CleanUp Antivirus *On-access scanning enabled* (Updated) {5507A8CF-C0C3-4F25-8A99-B02D19B4EC85}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CleanUp Antivirus *enabled* {CD4D61FA-F9E2-4AE9-BFB7-246E4F804C1D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxbmcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\user\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253834427593
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://www.mikethetiger.com/cam/wg_webeye.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-24 56816]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-22 10448]
R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe -service --> c:\windows\system32\lxbmcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-8 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-8 20952]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-3 14336]
=============== Created Last 30 ================
2010-12-08 06:38:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 06:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 20:30:08 -------- d-----w- c:\windows\pss
==================== Find3M ====================
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
============= FINISH: 13:51:24.84 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/23/2009 11:59:53 PM
System Uptime: 12/8/2010 1:37:02 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | CPU 1 | 2600/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 95.08 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP347: 9/10/2010 1:35:52 AM - System Checkpoint
RP348: 9/11/2010 2:35:52 AM - System Checkpoint
RP349: 9/12/2010 3:35:55 AM - System Checkpoint
RP350: 9/13/2010 4:28:31 AM - System Checkpoint
RP351: 9/14/2010 5:28:31 AM - System Checkpoint
RP352: 9/15/2010 6:28:34 AM - System Checkpoint
RP353: 9/15/2010 3:37:25 PM - Software Distribution Service 3.0
RP354: 9/15/2010 3:57:38 PM - Unsigned driver install
RP355: 9/15/2010 4:06:55 PM - Configured Microsoft Office Professional 2007 Trial
RP356: 9/15/2010 4:07:56 PM - Installed Java(TM) 6 Update 21
RP357: 9/15/2010 4:09:10 PM - Installed Java Runtime Environment
RP358: 9/16/2010 5:05:42 PM - System Checkpoint
RP359: 9/17/2010 6:16:26 PM - System Checkpoint
RP360: 9/18/2010 6:26:51 PM - System Checkpoint
RP361: 9/19/2010 7:10:08 PM - System Checkpoint
RP362: 9/20/2010 8:26:50 PM - System Checkpoint
RP363: 9/21/2010 9:06:47 PM - System Checkpoint
RP364: 9/22/2010 10:05:42 PM - System Checkpoint
RP365: 9/23/2010 7:56:50 PM - Configured Microsoft Office Professional 2007 Trial
RP366: 9/24/2010 8:46:46 PM - System Checkpoint
RP367: 9/25/2010 9:45:33 PM - System Checkpoint
RP368: 9/27/2010 12:04:22 AM - System Checkpoint
RP369: 9/28/2010 12:40:56 AM - System Checkpoint
RP370: 9/29/2010 1:40:56 AM - System Checkpoint
RP371: 9/29/2010 3:00:15 AM - Software Distribution Service 3.0
RP372: 9/30/2010 3:40:56 AM - System Checkpoint
RP373: 10/1/2010 12:29:05 AM - Unsigned driver install
RP374: 10/2/2010 12:40:56 AM - System Checkpoint
RP375: 10/3/2010 1:41:50 AM - System Checkpoint
RP376: 10/4/2010 3:02:21 AM - System Checkpoint
RP377: 10/5/2010 3:40:56 AM - System Checkpoint
RP378: 10/6/2010 3:00:15 AM - Software Distribution Service 3.0
RP379: 10/7/2010 3:21:39 AM - System Checkpoint
RP380: 10/8/2010 3:40:56 AM - System Checkpoint
RP381: 10/9/2010 4:40:56 AM - System Checkpoint
RP382: 10/10/2010 5:40:56 AM - System Checkpoint
RP383: 10/11/2010 5:42:01 AM - System Checkpoint
RP384: 10/12/2010 6:40:56 AM - System Checkpoint
RP385: 10/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP386: 10/14/2010 3:34:33 AM - System Checkpoint
RP387: 10/15/2010 4:25:07 AM - System Checkpoint
RP388: 10/16/2010 5:25:07 AM - System Checkpoint
RP389: 10/17/2010 6:25:06 AM - System Checkpoint
RP390: 10/18/2010 7:25:07 AM - System Checkpoint
RP391: 10/19/2010 8:22:28 AM - System Checkpoint
RP392: 10/20/2010 8:48:44 AM - System Checkpoint
RP393: 10/21/2010 9:48:43 AM - System Checkpoint
RP394: 10/22/2010 10:48:43 AM - System Checkpoint
RP395: 10/23/2010 11:48:43 AM - System Checkpoint
RP396: 10/24/2010 12:48:42 PM - System Checkpoint
RP397: 10/25/2010 12:50:11 PM - System Checkpoint
RP398: 10/26/2010 1:48:42 PM - System Checkpoint
RP399: 10/27/2010 3:05:46 PM - System Checkpoint
RP400: 10/28/2010 3:48:43 PM - System Checkpoint
RP401: 10/29/2010 4:48:43 PM - System Checkpoint
RP402: 10/30/2010 5:15:42 PM - System Checkpoint
RP403: 10/31/2010 6:34:51 PM - System Checkpoint
RP404: 11/1/2010 6:49:47 PM - System Checkpoint
RP405: 11/1/2010 8:22:51 PM - Configured Microsoft Office Professional 2007 Trial
RP406: 10/27/2010 8:29:34 PM - Removed Microsoft Office Professional 2007 Trial
RP407: 10/28/2010 8:59:35 PM - System Checkpoint
RP408: 11/2/2010 10:43:10 PM - System Checkpoint
RP409: 11/3/2010 11:50:17 PM - System Checkpoint
RP410: 11/5/2010 12:24:13 AM - System Checkpoint
RP411: 11/6/2010 12:26:18 AM - System Checkpoint
RP412: 11/7/2010 12:59:22 AM - System Checkpoint
RP413: 11/8/2010 1:24:54 AM - System Checkpoint
RP414: 11/9/2010 2:26:29 AM - System Checkpoint
RP415: 11/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP416: 11/11/2010 3:24:13 AM - System Checkpoint
RP417: 11/12/2010 4:24:13 AM - System Checkpoint
RP418: 11/13/2010 4:25:19 AM - System Checkpoint
RP419: 11/14/2010 5:24:14 AM - System Checkpoint
RP420: 11/15/2010 6:24:13 AM - System Checkpoint
RP421: 11/16/2010 7:24:14 AM - System Checkpoint
RP422: 11/17/2010 7:42:37 AM - System Checkpoint
RP423: 11/18/2010 8:42:38 AM - System Checkpoint
RP424: 11/19/2010 9:42:38 AM - System Checkpoint
RP425: 11/20/2010 10:42:37 AM - System Checkpoint
RP426: 11/21/2010 11:42:37 AM - System Checkpoint
RP427: 11/22/2010 12:42:37 PM - System Checkpoint
RP428: 11/23/2010 1:42:37 PM - System Checkpoint
RP429: 11/24/2010 2:42:37 PM - System Checkpoint
RP430: 11/25/2010 3:43:41 PM - System Checkpoint
RP431: 11/26/2010 4:42:37 PM - System Checkpoint
RP432: 11/27/2010 5:42:37 PM - System Checkpoint
RP433: 11/28/2010 6:39:10 PM - System Checkpoint
RP434: 11/29/2010 7:54:00 PM - System Checkpoint
RP435: 11/30/2010 9:11:37 PM - System Checkpoint
RP436: 12/1/2010 9:17:57 PM - System Checkpoint
RP437: 12/2/2010 9:38:05 PM - System Checkpoint
RP438: 12/3/2010 10:38:05 PM - System Checkpoint
RP439: 12/5/2010 12:31:56 AM - System Checkpoint
RP440: 12/6/2010 1:21:45 AM - System Checkpoint
RP441: 12/7/2010 1:49:18 AM - System Checkpoint
RP442: 12/8/2010 2:51:47 AM - System Checkpoint
==== Hosts File Hijack ======================
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 67.212.177.251 www.google.com
Hosts: 67.212.177.251 google.com
Hosts: 67.212.177.251 google.com.au
Hosts: 67.212.177.251 www.google.com.au
Hosts: 67.212.177.251 google.be
Hosts: 67.212.177.251 www.google.be
Hosts: 67.212.177.251 google.com.br
Hosts: 67.212.177.251 www.google.com.br
Hosts: 67.212.177.251 google.ca
Hosts: 67.212.177.251 www.google.ca
Hosts: 67.212.177.251 google.ch
Hosts: 67.212.177.251 www.google.ch
Hosts: 67.212.177.251 google.de
Hosts: 67.212.177.251 www.google.de
Hosts: 67.212.177.251 google.dk
Hosts: 67.212.177.251 www.google.dk
Hosts: 67.212.177.251 google.fr
Hosts: 67.212.177.251 www.google.fr
Hosts: 67.212.177.251 google.ie
Hosts: 67.212.177.251 www.google.ie
Hosts: 67.212.177.251 google.it
Hosts: 67.212.177.251 www.google.it
Hosts: 67.212.177.251 google.co.jp
Hosts: 67.212.177.251 www.google.co.jp
Hosts: 67.212.177.251 google.nl
Hosts: 67.212.177.251 www.google.nl
Hosts: 67.212.177.251 google.no
Hosts: 67.212.177.251 www.google.no
Hosts: 67.212.177.251 google.co.nz
Hosts: 67.212.177.251 www.google.co.nz
Hosts: 67.212.177.251 google.pl
Hosts: 67.212.177.251 www.google.pl
Hosts: 67.212.177.251 google.se
Hosts: 67.212.177.251 www.google.se
Hosts: 67.212.177.251 google.co.uk
Hosts: 67.212.177.251 www.google.co.uk
Hosts: 67.212.177.251 google.co.za
Hosts: 67.212.177.251 www.google.co.za
Hosts: 67.212.177.251 www.google-analytics.com
Hosts: 67.212.177.251 www.bing.com
Hosts: 67.212.177.251 search.yahoo.com
Hosts: 67.212.177.251 www.search.yahoo.com
Hosts: 67.212.177.251 uk.search.yahoo.com
Hosts: 67.212.177.251 ca.search.yahoo.com
Hosts: 67.212.177.251 de.search.yahoo.com
Hosts: 67.212.177.251 fr.search.yahoo.com
Hosts: 67.212.177.251 au.search.yahoo.com
==== Installed Programs ======================
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Carbonite Online Backup Setup
eReg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Lexmark 4200 Series
LimeWire 5.3.6
Logitech SetPoint 6.15
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
MSN Toolbar
MSN Toolbar Platform
My.Freeze.com NetAssistant
QuickTime
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
12/8/2010 2:32:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
12/8/2010 2:32:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/8/2010 2:12:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:12:24 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 2:11:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2010 2:11:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/8/2010 1:30:28 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:28 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:28 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:28 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/8/2010 1:30:27 AM, error: Service Control Manager [7034] - The lxbm_device service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:27 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:27 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/8/2010 1:30:27 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
Thanks to any and all replies! I will be checking back momentarily after I've run GMER in safe mode and done some research as to what it actually does (just curiosity)
~Tim