Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirecting from Malware infection


  • Please log in to reply
1 reply to this topic

#1 foster77

foster77

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 24 February 2009 - 10:05 AM

Yesterday I noticed when ever I do a search in google and then click on a result my browser starts to load the request page and then is auto-redirected to a completely un-related page. This happens in Firefox 3 and IE7. This does not happen however in my Virtual Machine running IE6.


DDS (Ver_09-02-01.01) - NTFSx86
Run by all at 10:56:54.96 on Tue 02/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT -4:00]

AV: Command AntiVirus for Windows *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\all\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\Program Files\Authentium\Command AntiVirus\dvprpt.exe
C:\Program Files\Authentium\Command AntiVirus\avtray.exe
C:\Program Files\Authentium\Command AntiVirus\untray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\all\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: IE DOM Explorer: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Developer Toolbar: {cc962137-2e78-4f94-975e-fc0c07dbd78f} - c:\program files\internet explorer developer toolbar\IEDevToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: IE DOM Explorer: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\all\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [Katmouse] "c:\program files\katmouse\KatMouse.exe"
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [avtray] c:\progra~1\authen~1\comman~1\avtray.exe
mRun: [untray] c:\progra~1\authen~1\comman~1\untray.exe
mRun: [dvprpt] c:\progra~1\authen~1\comman~1\dvprpt.exe
mRun: [CSAV_CheckViruses] c:\progra~1\authen~1\comman~1\vchk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Subscribe in default RSS reader - c:\documents and settings\all\application data\rssbandit\iecontext_subscribefeed.htm
IE: Zend Studio - Debug current page
IE: Zend Studio - Debug next page
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107290053491
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146748169089
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxp://libonlinepub.halifaxpubliclibraries.ca/viewer10/ActiveXControls/ActiveXViewer.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\all\applic~1\mozilla\firefox\profiles\jp5bt4h4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.halifaxpubliclibraries.ca/
FF - plugin: c:\documents and settings\all\application data\mozilla\firefox\profiles\jp5bt4h4.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\all\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPXStandard.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
c:\program files\firefox-1.0.7\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\firefox-1.0.7\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\firefox-1.0.7\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\firefox-1.0.7\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\firefox-1.0.7\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.version",
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\firefox-1.0.7\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-5-22 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-5-22 42048]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [2003-1-19 95449]
S2 gupdate1c9856d51ceeb10;Google Update Service (gupdate1c9856d51ceeb10);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]

=============== Created Last 30 ================

2009-02-24 10:43 <DIR> --d----- c:\program files\Trend Micro
2009-02-24 10:33 250 a------- c:\windows\gmer.ini
2009-02-05 14:58 <DIR> --d----- c:\documents and settings\all\.ZendStudio
2009-02-05 14:58 <DIR> --d----- c:\documents and settings\all\Zend
2009-02-05 14:26 <DIR> --d----- c:\documents and settings\all\.netbeans
2009-02-05 14:25 <DIR> --d----- c:\documents and settings\all\.netbeans-registration
2009-02-05 14:24 <DIR> --d----- c:\program files\NetBeans 6.5
2009-02-05 14:12 <DIR> --d----- c:\documents and settings\all\.nbi
2009-02-03 14:23 <DIR> --d----- c:\documents and settings\all\pdtworkspace
2009-01-28 09:52 <DIR> --d----- c:\docume~1\all\applic~1\Inkscape
2009-01-28 09:42 <DIR> --d----- c:\program files\Inkscape46
2009-01-28 09:36 <DIR> --d----- c:\program files\Gadwin Systems

==================== Find3M ====================

2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-10 09:15 410,984 a------- c:\windows\system32\deploytk.dll
2008-08-21 08:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 10:57:32.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 PM

Posted 08 March 2009 - 10:34 AM

Hello foster77

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users