Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-directs when clicking on links


  • This topic is locked This topic is locked
14 replies to this topic

#1 cgohman

cgohman

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 17 March 2009 - 10:27 PM

I've read many other posts on this, but have yet to find a solution that works. I am having less issues (not every click leads to a redirect now)-but they are still there.

The redirects seem to either go to a random search engine, or if I type Cox Cable Phoenix I wind up on a University of Phoenix web site... using a keyword perhaps?

I've run Bit defender, Malwarebytes, CCCleaner, and any number of other clean up, etc.

Also... I tried to attached the DDS log- but I can't find the attach button... that kind of day I guess.
Thank you for your help!

Edited by cgohman, 17 March 2009 - 10:47 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 17 March 2009 - 11:32 PM

Please print out and follow these instructions: "How to use SDFix". This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 18 March 2009 - 06:19 PM

System Report
*************

Run on Wed 03/18/2009 at 03:54 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [148]
\??\C:\WINDOWS\system32\csrss.exe [200]
\??\C:\WINDOWS\system32\winlogon.exe [224]
C:\WINDOWS\system32\services.exe [268]
C:\WINDOWS\system32\lsass.exe [280]
C:\WINDOWS\system32\svchost.exe [436]
C:\WINDOWS\system32\svchost.exe [480]
C:\WINDOWS\system32\svchost.exe [540]
C:\WINDOWS\Explorer.EXE [856]


Drivers - Running:

ACPI
ACPIEC
agp440
atapi
AVG
AvgArCln
Beep
Cdfs
Cdrom
Compbatt
Disk
Fdc
FltMgr
Ftdisk
i8042prt
IBMPMDRV
Imapi
IntelIde
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PCIIde
Pcmcia
PxHelp20
rdpdr
redbook
swenum
SynTP
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
WudfPf


Drivers - Stopped:

Abiosdsk
abp480n5
adpu160m
aeaudio
aec
AFD
AgereSoftModem
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
ati2mtag
Atmarpc
audstub
bdfm
bdfsfltr
bdftdif
BDSelfPr
BVRPMPR5
cbidf2k
cd20xrnt
Cdaudio
CDAVFS
Changer
CmBatt
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
E1000
Fastfat
Fips
Flpydisk
Gpc
HidUsb
hpn
HTTP
i2omgmt
i2omp
ini910u
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
irda
IRENUM
kmixer
lbrtfdc
mnmdd
Modem
mouhid
mraid35x
MRxDAV
MRxSmb
MSIRCOMM
MSKSSRV
MSPCLOCK
MSPQM
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nm
NSCIRDA
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCANDIS5
pccsmcfd
PCIDump
PCX504
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
Profos
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
Secdrv
serenum
Serial
Sfloppy
Simbad
smwdm
Sparrow
splitter
sr
Srv
StillCam
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
TosIde
Trufos
Udfs
ultra
USBAAPL
usbccgp
usbprint
usbscan
USBSTOR
ViaIde
Wanarp
WDICA
wdmaud
WPC11
WudfRd


Services - Running:

CryptSvc
DcomLaunch
Eventlog
helpsvc
PlugPlay
RpcSs
winmgmt


Services - Stopped:

ACDaemon
Alerter
ALG
AppMgmt
Arrakis3
aspnet_state
Ati
AudioSrv
BITS
Browser
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Dhcp
dmadmin
dmserver
Dnscache
Dot3svc
EapHost
ERSvc
EventSystem
FastUserSwitchingCompatibility
FontCache3.0.0.0
HidServ
hkmsvc
hpqcxs08
hpqddsvc
HPSLPSVC
HTTPFilter
IBMPMSVC
idsvc
ImapiService
Irmon
IviRegMgr
JavaQuickStarterService
LanmanServer
lanmanworkstation
LIVESRV
LmHosts
Messenger
Microsoft
mnmsrvc
MSDTC
MSIServer
napagent
Net
NetDDE
NetDDEdsdm
Netlogon
Netman
NetTcpPortSharing
Nla
NtLmSsp
NtmsSvc
odserv
ose
Pml
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
scan
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
upnphost
UPS
VSS
VSSERV
W32Time
WebClient
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

Mar 18 2009 3:51:52p 805,306,368 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Mar 18 2009 3:52:12p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Mar 13 2009 10:08:34a 180,077 A.... "C:\WINDOWS\hpwins14.dat"
Feb 21 2009 7:42:22a 473,600 A.... "C:\WINDOWS\PrimoPDF4\uninstall.exe"
Mar 10 2009 7:12:04p 410,984 A.... "C:\WINDOWS\system32\deploytk.dll"
Mar 10 2009 6:39:12p 286,904 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Mar 10 2009 7:12:04p 144,792 A.... "C:\WINDOWS\system32\java.exe"
Mar 10 2009 7:12:04p 144,792 A.... "C:\WINDOWS\system32\javaw.exe"
Mar 10 2009 7:12:04p 148,888 A.... "C:\WINDOWS\system32\javaws.exe"
Feb 3 2009 4:21:12p 21,244,864 A.... "C:\WINDOWS\system32\MRT.exe"
Feb 19 2009 7:26:02p 68,558 A.... "C:\WINDOWS\system32\perfc009.dat"
Feb 19 2009 7:26:02p 435,828 A.... "C:\WINDOWS\system32\perfh009.dat"
Feb 9 2009 4:13:28a 1,846,784 A.... "C:\WINDOWS\system32\win32k.sys"
Mar 18 2009 3:50:56p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Mar 13 2009 8:29:42a 10 A.... "C:\WINDOWS\Temp\report.dat"
Mar 18 2009 3:51:04p 15 A.... "C:\WINDOWS\Temp\rtsr.dat"
Mar 18 2009 3:53:46p 1,187 A.... "C:\WINDOWS\Temp\scs3A.tmp"
Feb 9 2009 4:13:28a 1,846,784 A.... "C:\WINDOWS\system32\dllcache\win32k.sys"
Feb 11 2009 10:19:34a 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Feb 11 2009 10:19:42a 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
Feb 2 2009 7:15:28p 3,771,296 A.... "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"
Feb 2 2009 7:15:30p 240,544 A.... "C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe"
Mar 5 2009 7:16:10p 84,661 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"


C:\Program Files\

Feb 19 2009 10:27:10a 1,471,728 A.... "C:\Program Files\CCleaner\CCleaner.exe"
Mar 17 2009 9:25:36p 116,116 A.... "C:\Program Files\CCleaner\uninst.exe"
Mar 17 2009 7:59:04p 1,883,672 A.... "C:\Program Files\Isohunt-vuze\tbIso1.dll"
Feb 11 2009 10:19:34a 380,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
Feb 11 2009 10:19:30a 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
Feb 11 2009 10:19:32a 1,273,488 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Feb 11 2009 10:19:36a 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
Feb 11 2009 10:19:38a 399,504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
Feb 11 2009 10:19:38a 179,856 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Feb 11 2009 10:19:40a 44,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
Mar 11 2009 2:19:56p 8,814 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Mar 11 2009 2:19:28p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Feb 11 2009 10:19:42a 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Mar 6 2009 3:59:26p 17,400 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
Mar 6 2009 3:59:28p 185,848 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"
Mar 6 2009 3:59:28p 307,704 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
Mar 6 2009 3:59:28p 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
Mar 6 2009 3:59:28p 696,312 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
Mar 6 2009 3:59:28p 710,136 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
Mar 6 2009 3:59:28p 198,136 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
Mar 6 2009 3:59:28p 718,328 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
Mar 6 2009 3:59:28p 292,344 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
Mar 6 2009 3:59:28p 103,928 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
Mar 6 2009 3:59:28p 87,544 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
Mar 6 2009 3:59:28p 20,472 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
Mar 6 2009 3:59:28p 17,400 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
Mar 6 2009 3:59:28p 103,928 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
Mar 6 2009 3:59:28p 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
Mar 6 2009 3:59:28p 395,768 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
Mar 6 2009 3:59:28p 136,696 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
Mar 6 2009 3:59:28p 242,168 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
Mar 6 2009 3:59:28p 17,912 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
Mar 6 2009 3:59:32p 9,742,840 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
Feb 26 2009 10:49:36a 3,712,000 A.... "C:\Program Files\Opera\opera.dll"
Feb 26 2009 10:49:18a 99,328 A.... "C:\Program Files\Opera\opera.exe"
Feb 26 2009 10:49:36a 20,480 A.... "C:\Program Files\Opera\OUniAnsi.dll"
Feb 26 2009 10:49:36a 36,864 A.... "C:\Program Files\Opera\spellcheck.dll"
Mar 17 2009 7:49:06p 71,026 A.... "C:\Program Files\PCTV4Me\uninstall.exe"
Feb 25 2009 6:57:26p 1,830,128 A.... "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
Feb 3 2009 5:34:22p 9,728 A.... "C:\Program Files\BitDefender\BitDefender 2009\asfn.dll"
Feb 27 2009 3:31:52p 303,104 A.... "C:\Program Files\BitDefender\BitDefender 2009\BTCommon.dll"
Feb 17 2009 12:26:12p 240 A.... "C:\Program Files\BitDefender\BitDefender 2009\build.reg"
Feb 27 2009 3:36:38p 618,496 A.... "C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe"
Jan 21 2009 3:37:02p 593,920 A.... "C:\Program Files\BitDefender\BitDefender 2009\WSLib.dll"
Jan 21 2009 3:36:56p 94,208 A.... "C:\Program Files\BitDefender\BitDefender 2009\WSPack.dll"
Jan 21 2009 3:36:56p 86,016 A.... "C:\Program Files\BitDefender\BitDefender 2009\WSUtils.dll"
Feb 19 2009 1:20:52p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1063.dll"
Feb 19 2009 1:21:26p 21,504 A.... "C:\Program Files\CCleaner\Lang\lang-1071.dll"
Feb 19 2009 1:21:40p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1066.dll"
Feb 19 2009 1:21:36p 22,528 A.... "C:\Program Files\CCleaner\Lang\lang-1050.dll"
Feb 19 2009 1:20:14p 21,504 A.... "C:\Program Files\CCleaner\Lang\lang-1030.dll"
Feb 19 2009 1:20:42p 24,064 A.... "C:\Program Files\CCleaner\Lang\lang-1040.dll"
Feb 19 2009 1:21:14p 25,600 A.... "C:\Program Files\CCleaner\Lang\lang-1034.dll"
Feb 19 2009 1:20:56p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1044.dll"
Feb 19 2009 1:20:38p 23,552 A.... "C:\Program Files\CCleaner\Lang\lang-1038.dll"
Feb 19 2009 1:20:08p 12,288 A.... "C:\Program Files\CCleaner\Lang\lang-1028.dll"
Feb 19 2009 10:25:20a 22,528 A.... "C:\Program Files\CCleaner\Lang\lang-1058.dll"
Feb 19 2009 1:21:10p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1048.dll"
Feb 19 2009 1:20:28p 21,504 A.... "C:\Program Files\CCleaner\Lang\lang-1110.dll"
Feb 19 2009 1:19:46p 21,504 A.... "C:\Program Files\CCleaner\Lang\lang-1051.dll"
Feb 19 2009 1:21:16p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1055.dll"
Feb 19 2009 1:20:02p 19,968 A.... "C:\Program Files\CCleaner\Lang\lang-1025.dll"
Feb 19 2009 1:20:22p 24,064 A.... "C:\Program Files\CCleaner\Lang\lang-1035.dll"
Feb 19 2009 1:21:00p 24,064 A.... "C:\Program Files\CCleaner\Lang\lang-1045.dll"
Feb 19 2009 1:20:12p 20,992 A.... "C:\Program Files\CCleaner\Lang\lang-1029.dll"
Feb 19 2009 1:19:48p 22,528 A.... "C:\Program Files\CCleaner\Lang\lang-1052.dll"
Feb 19 2009 1:20:32p 26,624 A.... "C:\Program Files\CCleaner\Lang\lang-1032.dll"
Feb 19 2009 1:20:48p 11,776 A.... "C:\Program Files\CCleaner\Lang\lang-1042.dll"
Feb 19 2009 1:21:30p 25,088 A.... "C:\Program Files\CCleaner\Lang\lang-1026.dll"
Feb 19 2009 1:20:24p 24,576 A.... "C:\Program Files\CCleaner\Lang\lang-1036.dll"
Feb 19 2009 1:21:06p 25,088 A.... "C:\Program Files\CCleaner\Lang\lang-1046.dll"
Feb 19 2009 1:20:18p 25,600 A.... "C:\Program Files\CCleaner\Lang\lang-1043.dll"
Feb 19 2009 1:19:58p 23,040 A.... "C:\Program Files\CCleaner\Lang\lang-1027.dll"
Feb 19 2009 1:20:34p 19,456 A.... "C:\Program Files\CCleaner\Lang\lang-1037.dll"
Feb 19 2009 1:19:56p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-1031.dll"
Feb 19 2009 1:20:44p 14,848 A.... "C:\Program Files\CCleaner\Lang\lang-1041.dll"
Feb 19 2009 1:21:14p 20,992 A.... "C:\Program Files\CCleaner\Lang\lang-1049.dll"
Feb 19 2009 1:19:52p 22,528 A.... "C:\Program Files\CCleaner\Lang\lang-1053.dll"
Feb 19 2009 1:21:02p 25,600 A.... "C:\Program Files\CCleaner\Lang\lang-2070.dll"
Feb 19 2009 1:20:04p 11,776 A.... "C:\Program Files\CCleaner\Lang\lang-2052.dll"
Feb 19 2009 1:21:24p 20,992 A.... "C:\Program Files\CCleaner\Lang\lang-2074.dll"
Feb 19 2009 1:21:20p 20,992 A.... "C:\Program Files\CCleaner\Lang\lang-3098.dll"
Feb 19 2009 1:21:32p 22,016 A.... "C:\Program Files\CCleaner\Lang\lang-5146.dll"
Mar 13 2009 7:50:36a 74,580 A.... "C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe"
Mar 10 2009 7:12:02p 994 A.... "C:\Program Files\Java\jre6\Welcome.html"
Feb 3 2009 6:32:18p 3,671,344 A.... "C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DAT"
Mar 6 2009 3:59:28p 23,032 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"
Mar 6 2009 3:59:28p 134,648 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
Mar 10 2009 7:12:08p 410,984 A.... "C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll"
Mar 6 2009 3:59:28p 65,528 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
Mar 6 2009 3:59:28p 509,536 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Feb 26 2009 11:08:16a 448,950 A.... "C:\Program Files\Opera\Skin\standard_skin.zip"
Feb 26 2009 11:08:16a 679 A.... "C:\Program Files\Opera\Skin\windows_skin.zip"
Mar 8 2009 9:06:34a 93,691 A.... "C:\Program Files\RegCure\Backup\RegCureBak_March_08_09_09_06_25.reg"
Feb 20 2009 9:13:20p 29,032 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_20_09_21_13_03.reg"
Feb 22 2009 9:35:26a 25,296 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_22_09_09_35_14.reg"
Mar 7 2009 10:52:26p 46,902 A.... "C:\Program Files\RegCure\Backup\RegCureBak_March_07_09_22_52_16.reg"
Feb 20 2009 9:13:18p 38 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_20_09_21_12_57.reg"
Feb 22 2009 9:35:18a 38 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_22_09_09_35_06.reg"
Jan 18 2009 12:23:50p 38 A.... "C:\Program Files\RegCure\Backup\RegCureBak_January_18_09_12_23_29.reg"
Jan 18 2009 12:23:50p 347,209 A.... "C:\Program Files\RegCure\Backup\RegCureBak_January_18_09_12_23_30.reg"
Feb 19 2009 5:54:12p 257,238 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_19_09_17_54_03.reg"
Feb 19 2009 5:43:58p 38 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_19_09_17_43_14.reg"
Feb 23 2009 6:29:42p 38 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_23_09_18_28_31.reg"
Feb 23 2009 6:29:48p 28,120 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_23_09_18_29_31.reg"
Feb 19 2009 5:43:58p 51,352 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_19_09_17_43_27.reg"
Feb 7 2009 1:49:00p 40,303 A.... "C:\Program Files\RegCure\Backup\RegCureBak_February_07_09_13_48_49.reg"
Jan 18 2009 12:23:50p 46,060 A.... "C:\Program Files\RegCure\Logs\Regcure-18-01-09-12-23-47.zip"
Mar 7 2009 10:52:26p 37,877 A.... "C:\Program Files\RegCure\Logs\Regcure-07-03-09-22-52-24.zip"
Feb 23 2009 6:29:48p 37,521 A.... "C:\Program Files\RegCure\Logs\Regcure-23-02-09-18-29-45.zip"
Feb 23 2009 6:29:42p 39,733 A.... "C:\Program Files\RegCure\Logs\Regcure-23-02-09-18-29-39.zip"
Feb 19 2009 5:54:12p 39,889 A.... "C:\Program Files\RegCure\Logs\Regcure-19-02-09-17-54-11.zip"
Feb 22 2009 9:35:18a 39,467 A.... "C:\Program Files\RegCure\Logs\Regcure-22-02-09-09-35-15.zip"
Feb 20 2009 9:13:18p 39,375 A.... "C:\Program Files\RegCure\Logs\Regcure-20-02-09-21-13-15.zip"
Feb 20 2009 9:13:20p 37,484 A.... "C:\Program Files\RegCure\Logs\Regcure-20-02-09-21-13-17.zip"
Feb 19 2009 5:43:58p 45,566 A.... "C:\Program Files\RegCure\Logs\Regcure-19-02-09-17-43-55.zip"
Feb 7 2009 1:49:00p 44,002 A.... "C:\Program Files\RegCure\Logs\Regcure-07-02-09-13-48-58.zip"
Feb 19 2009 5:43:58p 45,647 A.... "C:\Program Files\RegCure\Logs\Regcure-19-02-09-17-43-56.zip"
Mar 8 2009 9:06:34a 34,146 A.... "C:\Program Files\RegCure\Logs\Regcure-08-03-09-09-06-32.zip"
Mar 8 2009 9:05:36a 31,773 A.... "C:\Program Files\RegCure\Logs\SystemInfo.zip"
Mar 16 2009 6:34:10p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Mar 4 2009 8:03:12p 80,610 A.... "C:\Program Files\Unity\WebPlayer\Uninstall.exe"
Mar 15 2009 12:49:24p 186,791 A.... "C:\Program Files\VideoLAN\VLC\uninstall.exe"
Feb 4 2009 4:57:34p 102,400 A.... "C:\Program Files\Yahoo!\Messenger\clientmanager.dll"
Feb 4 2009 4:04:20p 789 A.... "C:\Program Files\Yahoo!\Messenger\default.reg"
Feb 4 2009 4:05:40p 1,818 A.... "C:\Program Files\Yahoo!\Messenger\emote.dat"
Feb 4 2009 4:57:38p 196,608 A.... "C:\Program Files\Yahoo!\Messenger\ft60.dll"
Feb 4 2009 4:57:34p 671,744 A.... "C:\Program Files\Yahoo!\Messenger\GIPSVoiceEngineDLL_MD.dll"
Feb 4 2009 4:57:34p 327,680 A.... "C:\Program Files\Yahoo!\Messenger\id3lib.dll"
Feb 4 2009 4:05:40p 1,070 A.... "C:\Program Files\Yahoo!\Messenger\intl.reg"
Feb 4 2009 4:57:40p 495,616 A.... "C:\Program Files\Yahoo!\Messenger\kdu_v32R.dll"
Feb 4 2009 4:57:34p 118,784 A.... "C:\Program Files\Yahoo!\Messenger\libexpat.dll"
Feb 4 2009 4:05:38p 944 A.... "C:\Program Files\Yahoo!\Messenger\nofriend.html"
Feb 4 2009 4:57:34p 163,840 A.... "C:\Program Files\Yahoo!\Messenger\nspr4.dll"
Feb 4 2009 4:04:10p 48,637 A.... "C:\Program Files\Yahoo!\Messenger\pcre.dll"
Feb 4 2009 4:57:40p 692,224 A.... "C:\Program Files\Yahoo!\Messenger\PhotoShare.dll"
Feb 4 2009 4:57:40p 1,339,392 A.... "C:\Program Files\Yahoo!\Messenger\res_msgr.dll"
Feb 4 2009 4:57:36p 200,704 A.... "C:\Program Files\Yahoo!\Messenger\RGX.dll"
Feb 4 2009 4:57:36p 552,960 A.... "C:\Program Files\Yahoo!\Messenger\rmc_audio.dll"
Feb 4 2009 4:57:36p 192,512 A.... "C:\Program Files\Yahoo!\Messenger\StpWd.dll"
Feb 4 2009 4:57:40p 253,952 A.... "C:\Program Files\Yahoo!\Messenger\yacscom.dll"
Feb 4 2009 4:57:40p 299,008 A.... "C:\Program Files\Yahoo!\Messenger\yacsui.dll"
Feb 4 2009 4:57:42p 4,363,504 A.... "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Feb 4 2009 4:57:36p 184,320 A.... "C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll"
Feb 4 2009 4:57:36p 1,056,768 A.... "C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll"
Feb 4 2009 4:57:36p 761,856 A.... "C:\Program Files\Yahoo!\Messenger\YCPSSL.dll"
Feb 4 2009 4:57:36p 286,720 A.... "C:\Program Files\Yahoo!\Messenger\YHTTP.dll"
Feb 4 2009 4:57:40p 270,336 A.... "C:\Program Files\Yahoo!\Messenger\YImage.dll"
Feb 4 2009 4:57:36p 19,968 A.... "C:\Program Files\Yahoo!\Messenger\YIniDom.dll"
Feb 4 2009 4:57:36p 53,248 A.... "C:\Program Files\Yahoo!\Messenger\ylog.dll"
Feb 4 2009 4:57:36p 176,128 A.... "C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll"
Feb 4 2009 4:57:40p 32,768 A.... "C:\Program Files\Yahoo!\Messenger\Yml.dll"
Feb 4 2009 4:57:38p 3,428,352 A.... "C:\Program Files\Yahoo!\Messenger\ymsdk.dll"
Feb 4 2009 4:57:40p 126,976 A.... "C:\Program Files\Yahoo!\Messenger\ymsgip.dll"
Feb 4 2009 4:57:38p 1,445,888 A.... "C:\Program Files\Yahoo!\Messenger\ymsglite.dll"
Feb 4 2009 4:57:42p 79,088 A.... "C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe"
Feb 4 2009 4:57:42p 103,664 A.... "C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll"
Feb 4 2009 4:57:40p 52,224 A.... "C:\Program Files\Yahoo!\Messenger\ypagerps1.DLL"
Feb 4 2009 4:57:38p 475,136 A.... "C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll"
Feb 16 2009 2:52:48p 538 A.... "C:\Program Files\Yahoo!\Messenger\ystats_A.dat"
Mar 18 2009 3:43:14p 21 A.... "C:\Program Files\Yahoo!\Messenger\ystats_B.dat"
Feb 4 2009 4:57:38p 913,408 A.... "C:\Program Files\Yahoo!\Messenger\yui.dll"
Feb 4 2009 4:57:38p 1,019,904 A.... "C:\Program Files\Yahoo!\Messenger\yvoiceui.dll"
Feb 4 2009 4:57:38p 200,704 A.... "C:\Program Files\Yahoo!\Messenger\yv_res.dll"
Feb 4 2009 4:57:40p 294,912 A.... "C:\Program Files\Yahoo!\Messenger\ywcupl.dll"
Feb 4 2009 4:57:40p 221,184 A.... "C:\Program Files\Yahoo!\Messenger\ywcvwr.dll"
Feb 3 2009 5:34:28p 155,648 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\as2core.dll"
Feb 3 2009 5:34:34p 438,272 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\asregex.dll"
Jan 29 2009 1:37:30p 431,424 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe"
Jan 21 2009 3:37:02p 593,920 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\WSLib.dll"
Jan 21 2009 3:36:56p 94,208 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\WSPack.dll"
Jan 21 2009 3:36:56p 86,016 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\WSUtils.dll"
Mar 10 2009 7:12:02p 1,208,320 A.... "C:\Program Files\Java\jre6\bin\awt.dll"
Mar 10 2009 7:12:02p 114,688 A.... "C:\Program Files\Java\jre6\bin\axbridge.dll"
Mar 10 2009 7:12:02p 192,512 A.... "C:\Program Files\Java\jre6\bin\cmm.dll"
Mar 10 2009 7:12:02p 143,360 A.... "C:\Program Files\Java\jre6\bin\dcpr.dll"
Mar 10 2009 7:12:02p 77,824 A.... "C:\Program Files\Java\jre6\bin\deploy.dll"
Mar 10 2009 7:12:04p 410,984 A.... "C:\Program Files\Java\jre6\bin\deploytk.dll"
Mar 10 2009 7:12:04p 16,896 A.... "C:\Program Files\Java\jre6\bin\dt_shmem.dll"
Mar 10 2009 7:12:04p 13,312 A.... "C:\Program Files\Java\jre6\bin\dt_socket.dll"
Mar 10 2009 7:12:04p 339,968 A.... "C:\Program Files\Java\jre6\bin\fontmanager.dll"
Mar 10 2009 7:12:04p 15,872 A.... "C:\Program Files\Java\jre6\bin\hpi.dll"
Mar 10 2009 7:12:04p 139,264 A.... "C:\Program Files\Java\jre6\bin\hprof.dll"
Mar 10 2009 7:12:04p 98,304 A.... "C:\Program Files\Java\jre6\bin\instrument.dll"
Mar 10 2009 7:12:04p 12,800 A.... "C:\Program Files\Java\jre6\bin\ioser12.dll"
Mar 10 2009 7:12:04p 7,680 A.... "C:\Program Files\Java\jre6\bin\j2pcsc.dll"
Mar 10 2009 7:12:04p 41,472 A.... "C:\Program Files\Java\jre6\bin\j2pkcs11.dll"
Mar 10 2009 7:12:04p 10,240 A.... "C:\Program Files\Java\jre6\bin\jaas_nt.dll"
Mar 10 2009 7:12:04p 32,664 A.... "C:\Program Files\Java\jre6\bin\java-rmi.exe"
Mar 10 2009 7:12:04p 126,976 A.... "C:\Program Files\Java\jre6\bin\java.dll"
Mar 10 2009 7:12:04p 144,792 A.... "C:\Program Files\Java\jre6\bin\java.exe"
Mar 10 2009 7:12:04p 58,776 A.... "C:\Program Files\Java\jre6\bin\javacpl.exe"
Mar 10 2009 7:12:04p 144,792 A.... "C:\Program Files\Java\jre6\bin\javaw.exe"
Mar 10 2009 7:12:04p 148,888 A.... "C:\Program Files\Java\jre6\bin\javaws.exe"
Mar 10 2009 7:12:04p 14,336 A.... "C:\Program Files\Java\jre6\bin\java_crw_demo.dll"
Mar 10 2009 7:12:04p 5,120 A.... "C:\Program Files\Java\jre6\bin\jawt.dll"
Mar 10 2009 7:12:04p 79,256 A.... "C:\Program Files\Java\jre6\bin\jbroker.exe"
Mar 10 2009 7:12:04p 36,352 A.... "C:\Program Files\Java\jre6\bin\JdbcOdbc.dll"
Mar 10 2009 7:12:04p 167,936 A.... "C:\Program Files\Java\jre6\bin\jdwp.dll"
Mar 10 2009 7:12:04p 208,896 A.... "C:\Program Files\Java\jre6\bin\jkernel.dll"
Mar 10 2009 7:12:04p 77,824 A.... "C:\Program Files\Java\jre6\bin\jli.dll"
Mar 10 2009 7:12:04p 94,208 A.... "C:\Program Files\Java\jre6\bin\jp2iexp.dll"
Mar 10 2009 7:12:04p 22,424 A.... "C:\Program Files\Java\jre6\bin\jp2launcher.exe"
Mar 10 2009 7:12:06p 8,192 A.... "C:\Program Files\Java\jre6\bin\jp2native.dll"
Mar 10 2009 7:12:06p 35,840 A.... "C:\Program Files\Java\jre6\bin\jp2ssv.dll"
Mar 10 2009 7:12:06p 147,456 A.... "C:\Program Files\Java\jre6\bin\jpeg.dll"
Mar 10 2009 7:12:06p 98,304 A.... "C:\Program Files\Java\jre6\bin\jpicom.dll"
Mar 10 2009 7:12:06p 110,592 A.... "C:\Program Files\Java\jre6\bin\jpiexp.dll"
Mar 10 2009 7:12:06p 98,304 A.... "C:\Program Files\Java\jre6\bin\jpinscp.dll"
Mar 10 2009 7:12:06p 65,536 A.... "C:\Program Files\Java\jre6\bin\jpioji.dll"
Mar 10 2009 7:12:06p 126,976 A.... "C:\Program Files\Java\jre6\bin\jpishare.dll"
Mar 10 2009 7:12:06p 152,984 A.... "C:\Program Files\Java\jre6\bin\jqs.exe"
Mar 10 2009 7:12:06p 54,680 A.... "C:\Program Files\Java\jre6\bin\jqsnotify.exe"
Mar 10 2009 7:12:06p 147,456 A.... "C:\Program Files\Java\jre6\bin\jsound.dll"
Mar 10 2009 7:12:06p 18,432 A.... "C:\Program Files\Java\jre6\bin\jsoundds.dll"
Mar 10 2009 7:12:06p 386,480 A.... "C:\Program Files\Java\jre6\bin\jucheck.exe"
Mar 10 2009 7:12:06p 54,680 A.... "C:\Program Files\Java\jre6\bin\jureg.exe"
Mar 10 2009 7:12:06p 148,888 A.... "C:\Program Files\Java\jre6\bin\jusched.exe"
Mar 10 2009 7:12:06p 33,176 A.... "C:\Program Files\Java\jre6\bin\keytool.exe"
Mar 10 2009 7:12:06p 33,176 A.... "C:\Program Files\Java\jre6\bin\kinit.exe"
Mar 10 2009 7:12:06p 33,176 A.... "C:\Program Files\Java\jre6\bin\klist.exe"
Mar 10 2009 7:12:06p 33,176 A.... "C:\Program Files\Java\jre6\bin\ktab.exe"
Mar 10 2009 7:12:06p 18,432 A.... "C:\Program Files\Java\jre6\bin\management.dll"
Mar 10 2009 7:12:06p 602,112 A.... "C:\Program Files\Java\jre6\bin\mlib_image.dll"
Mar 10 2009 7:12:08p 348,160 A.... "C:\Program Files\Java\jre6\bin\msvcr71.dll"
Mar 10 2009 7:12:08p 266,293 A.... "C:\Program Files\Java\jre6\bin\msvcrt.dll"
Mar 10 2009 7:12:08p 77,824 A.... "C:\Program Files\Java\jre6\bin\net.dll"
Mar 10 2009 7:12:08p 20,480 A.... "C:\Program Files\Java\jre6\bin\nio.dll"
Mar 10 2009 7:12:08p 410,984 A.... "C:\Program Files\Java\jre6\bin\npdeploytk.dll"
Mar 10 2009 7:12:08p 136,600 A.... "C:\Program Files\Java\jre6\bin\npjpi160_12.dll"
Mar 10 2009 7:12:08p 131,072 A.... "C:\Program Files\Java\jre6\bin\npoji610.dll"
Mar 10 2009 7:12:08p 8,192 A.... "C:\Program Files\Java\jre6\bin\npt.dll"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\orbd.exe"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\pack200.exe"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\policytool.exe"
Mar 10 2009 7:12:08p 5,120 A.... "C:\Program Files\Java\jre6\bin\rmi.dll"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\rmid.exe"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\rmiregistry.exe"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\servertool.exe"
Mar 10 2009 7:12:08p 131,072 A.... "C:\Program Files\Java\jre6\bin\splashscreen.dll"
Mar 10 2009 7:12:08p 320,920 A.... "C:\Program Files\Java\jre6\bin\ssv.dll"
Mar 10 2009 7:12:08p 17,816 A.... "C:\Program Files\Java\jre6\bin\ssvagent.exe"
Mar 10 2009 7:12:08p 16,384 A.... "C:\Program Files\Java\jre6\bin\sunmscapi.dll"
Mar 10 2009 7:12:08p 33,176 A.... "C:\Program Files\Java\jre6\bin\tnameserv.exe"
Mar 10 2009 7:12:08p 245,400 A.... "C:\Program Files\Java\jre6\bin\unicows.dll"
Mar 10 2009 7:12:08p 61,440 A.... "C:\Program Files\Java\jre6\bin\unpack.dll"
Mar 10 2009 7:12:08p 128,408 A.... "C:\Program Files\Java\jre6\bin\unpack200.exe"
Mar 10 2009 7:12:08p 31,744 A.... "C:\Program Files\Java\jre6\bin\verify.dll"
Mar 10 2009 7:12:08p 24,701 A.... "C:\Program Files\Java\jre6\bin\w2k_lsa_auth.dll"
Mar 10 2009 7:12:08p 110,592 A.... "C:\Program Files\Java\jre6\bin\wsdetect.dll"
Mar 10 2009 7:12:08p 47,104 A.... "C:\Program Files\Java\jre6\bin\zip.dll"
Mar 15 2009 11:22:54p 2,619,999 A.... "C:\Program Files\Vuze\plugins\azemp\azemp_2.0.34.zip"
Mar 15 2009 11:24:18p 126,061 A.... "C:\Program Files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip"
Feb 13 2009 7:48:40p 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\dOBhGLgMUrOtGVYM3rCLgQ--.ProfileMap.dat.tmp"
Feb 16 2009 2:36:30p 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\_UdwTqOmoXUPUyiM2gO6Qw--.ProfileMap.dat.tmp"
Mar 18 2009 3:45:40p 63,266 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2clusters.dat"
Mar 6 2009 8:44:28p 769 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2features.dat"
Mar 4 2009 12:42:16p 70,183 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2himgdb.dat"
Mar 13 2009 8:04:56a 971,669 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2neunet.dat"
Mar 4 2009 12:42:16p 615,761 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2nndata.dat"
Mar 13 2009 8:04:56a 35,528 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2nnmap.dat"
Mar 4 2009 12:42:16p 193 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2urldbc.dat"
Mar 4 2009 12:42:16p 128 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\as2urldbi.dat"
Mar 4 2009 12:42:16p 11,520 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\asnnmap.dat"
Mar 4 2009 12:42:18p 4,660,464 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\aspdict.dat"
Mar 12 2009 4:29:56p 420,004 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\aspdict-en.dat"
Mar 6 2009 8:41:26p 8 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\bayescsf.dat"
Mar 6 2009 8:44:38p 299,220 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21649\pcdic.dat"
Mar 18 2009 2:46:54a 59,912 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2clusters.dat"
Mar 6 2009 8:44:28p 769 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2features.dat"
Mar 4 2009 12:42:16p 70,183 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2himgdb.dat"
Mar 13 2009 8:04:56a 971,669 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2neunet.dat"
Mar 4 2009 12:42:16p 615,761 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2nndata.dat"
Mar 13 2009 8:04:56a 35,528 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2nnmap.dat"
Mar 4 2009 12:42:16p 193 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2urldbc.dat"
Mar 4 2009 12:42:16p 128 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\as2urldbi.dat"
Mar 4 2009 12:42:16p 11,520 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\asnnmap.dat"
Mar 4 2009 12:42:18p 4,660,464 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\aspdict.dat"
Mar 12 2009 4:29:56p 420,004 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\aspdict-en.dat"
Mar 6 2009 8:41:26p 8 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\bayescsf.dat"
Mar 6 2009 8:44:38p 299,220 A.... "C:\Program Files\BitDefender\BitDefender 2009\as2core\antispam_sig_21589\pcdic.dat"
Jan 21 2009 3:37:02p 593,920 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\wslib.dll"
Jan 21 2009 3:36:56p 94,208 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\wspack.dll"
Jan 21 2009 3:36:56p 86,016 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\WSUtils.dll"
Mar 18 2009 3:46:50p 3,773 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_11102\plugins.htm"
Mar 18 2009 3:40:16p 3,773 A.... "C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_11093\plugins.htm"
Mar 10 2009 7:12:02p 2,359,296 A.... "C:\Program Files\Java\jre6\bin\client\jvm.dll"
Mar 10 2009 7:12:08p 348,160 A.... "C:\Program Files\Java\jre6\bin\new_plugin\msvcr71.dll"
Mar 10 2009 7:12:08p 410,984 A.... "C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll"
Mar 10 2009 7:12:08p 65,536 A.... "C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll"
Mar 10 2009 7:12:08p 16,801 A.... "C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip"
Mar 10 2009 7:12:08p 152,576 A.... "C:\Program Files\Java\jre6\lib\deploy\lzma.dll"
Feb 4 2009 4:04:02p 61,127 A.... "C:\Program Files\Yahoo!\Messenger\Media\Etc\OfflineMessageViewer.html"
Mar 10 2009 7:12:08p 73,728 A.... "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"


Files with hidden attributes:

Sat 4 Oct 2008 13,240 ...H. --- "C:\Documents and Settings\ChrisLaptop\My Documents\~WRL0005.tmp"
Sun 5 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\ChrisLaptop\Application Data\U3\temp\Launchpad Removal.exe"


Program Folders:

C:\Program Files\

AC3Filter
Adobe
BitDefender
CCleaner
Common Files
Conduit
DIFX
DivX
GRISOFT
Hewlett-Packard
HP
InstallShield Installation Information
Internet Explorer
InterVideo
InterVideo Information Service
Isohunt-vuze
Java
Malwarebytes' Anti-Malware
Messenger
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Movie Maker
Mozilla Firefox
MSBuild
MSECACHE
MSN Gaming Zone
MSXML 4.0
NetMeeting
Nokia
NOS
OpenOffice.org 2.4
Opera
Outlook Express
PCTV4Me
pdf995
Privacy Mantra 2.05
QuickTime
Real
Reference Assemblies
RegCure
SUPERAntiSpyware
Synaptics
Trend Micro
Uninstall Information
Unity
VideoLAN
Vuze
Windows Installer Clean Up
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Adobe AIR
ArcSoft
BitDefender
DESIGNER
Hewlett-Packard
HP
InstallShield
InterVideo
Microsoft Shared
MSSoap
ODBC
Real
Services
SpeechEngines
System
Ulead
xing shared


Add/Remove Programs:

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 18 March 2009 - 06:21 PM

How's your computer running now?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 18 March 2009 - 10:18 PM

Problem still exists. I re-ran the scan- here is the log file:


SDFix: Version 1.240
Run by Administrator on Wed 03/18/2009 at 07:43 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\139885~1 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 20:10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MultiProxy\\MProxy.exe"="C:\\Program Files\\MultiProxy\\MProxy.exe:*:Enabled:MultiProxy personal proxy server"
"C:\\Program Files\\ProxyWay\\proxyway.exe"="C:\\Program Files\\ProxyWay\\proxyway.exe:*:Enabled:ProxyWay"
"E:\\defender\\AntiSpyware\\cdasfe.exe"="E:\\defender\\AntiSpyware\\cdasfe.exe:*:Enabled:CyberDefender Internet Security"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\setup\\HPZNUI01.EXE"="D:\\setup\\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"D:\\setup\\HPONICIFS01.EXE"="D:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 4 Oct 2008 13,240 ...H. --- "C:\Documents and Settings\ChrisLaptop\My Documents\~WRL0005.tmp"
Sun 5 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\ChrisLaptop\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 18 March 2009 - 10:42 PM

Try scanning with SUPERAntiSpyware if you haven't already.

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 19 March 2009 - 04:07 PM

I followed the above, twice. No threats were found by SuperAntispy- so no log was created.

However, the scan took a very long time.

Redirects are still happening in Firefox. I tried using IE and Opera (now uninstalled) and could not duplicate the results within Google searches.

Also- I am concerned that my Vista desktop could be infected- this issue was happening, and now appears to be resolved. My standard virus/spyware software (BitDefender 2009, AntiMalware Free addition, SuperAntispy) have not found anything. Just looking for suggestions on other checks.

I do use flash drives between the two computers- if that is helpful in diagnosis. I have not, however, used a flash drive over the last several days. The computers do share the same home wireless network.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 19 March 2009 - 04:27 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 19 March 2009 - 08:30 PM

Scanned- no items found.

Thanks for your help... what next? :thumbsup:

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 19 March 2009 - 08:33 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.

Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 19 March 2009 - 08:49 PM

After typing the ipconfig into the command line, I receive:

Windows IP configuration

An internal error occured: A device attached to the system is not functioning. Please contact Microsoft.... and so on.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 19 March 2009 - 08:54 PM

Try running this fix:

http://www.spychecker.com/program/winsockxpfix.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 cgohman

cgohman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:07:28 PM

Posted 19 March 2009 - 09:28 PM

I ran the utility and rebooted- no change.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 19 March 2009 - 10:16 PM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. Be sure to include a link to this thread so they can see what has already been tried.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Edited by Budapest, 19 March 2009 - 10:17 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 20 March 2009 - 10:51 PM

Hello

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users