Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Windows 7 infected w/ google redirector HELP


  • This topic is locked This topic is locked
3 replies to this topic

#1 garyam

garyam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 31 December 2009 - 01:09 AM

Hello,
Im new to this forum and I need som help. My Dell laptop running Windows 7 is infected with a redirector virus. I have Norton Internet Security running and I have downloaded and run Malwarebytes and both have not been able to remove this google redirector virus. I have been browsing the internet and found this forum and I see that many people have had success by performing 7 or 8 steps. Im hoping that someone can help me with this. I would greatly appreciate it. The logs are posted in two posts below. Thank you.


Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe

--
End of file - 5335 bytes

Edited by garyam, 01 January 2010 - 12:57 AM.


BC AdBot (Login to Remove)

 


#2 garyam

garyam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 31 December 2009 - 01:38 PM

I read the suggestions in the preperation guide and Im posting the DDS.txt log and attatching the Attach.txt log. I tried to run that RootRepeal program on my pc but it will not run it gives me several different erros that look like memory errors. Here is the DDS.txt log.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gary at 0:04:57.55 on Fri 01/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1136 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Gary\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\t6eohlu5.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-12-26 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-12-26 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-12-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-12-25 171056]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\BHDrvx86.sys [2009-12-4 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-12-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20091217.002\IDSvix86.sys [2009-12-24 343088]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-12-26 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-12-25 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1101000.013\symtdiv.sys [2009-12-25 339504]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-30 235344]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-12-25 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-24 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-30 19160]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]

=============== Created Last 30 ================

2010-01-01 03:55:53 0 d-----w- c:\program files\CCleaner
2009-12-31 05:53:41 0 d-----w- c:\program files\Trend Micro
2009-12-31 04:49:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 04:49:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 04:49:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 03:05:19 0 d-----w- c:\users\gary\appdata\roaming\Malwarebytes
2009-12-31 03:04:52 0 d-----w- c:\programdata\Malwarebytes
2009-12-30 04:25:28 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-30 04:25:28 77824 ----a-w- c:\windows\system32\xvid.ax
2009-12-30 04:25:28 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-30 04:25:28 0 d-----w- c:\program files\Xvid
2009-12-30 04:12:28 0 d-----w- c:\users\gary\appdata\roaming\VideoReDo-TVSuite
2009-12-30 04:12:28 0 d-----w- c:\program files\VideoReDoTVSuite
2009-12-29 02:20:44 0 d-----w- c:\program files\Bonjour
2009-12-29 02:20:14 0 d-----w- c:\programdata\Apple
2009-12-29 02:19:17 0 d-----w- c:\program files\Air Mouse
2009-12-29 02:18:24 0 d-----w- c:\windows\Downloaded Installations
2009-12-27 17:18:51 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-27 17:07:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-12-27 17:07:17 0 d-----w- c:\windows\system32\QuickTime
2009-12-27 17:06:48 0 d-----w- c:\programdata\TechSmith
2009-12-27 17:06:27 0 d-----w- c:\program files\common files\TechSmith Shared
2009-12-26 17:39:29 0 d-----w- c:\users\gary\appdata\roaming\Macrovision
2009-12-26 17:34:07 0 d-----w- c:\programdata\Uninstall
2009-12-26 17:30:46 25584 ------w- c:\windows\system32\drivers\SaibVd32.sys
2009-12-26 17:30:45 21488 ------w- c:\windows\system32\drivers\SahdIa32.sys
2009-12-26 17:30:44 15856 ------w- c:\windows\system32\drivers\SaibIa32.sys
2009-12-26 17:29:52 0 d-----w- c:\programdata\CinemaNow
2009-12-26 17:29:46 0 d-----w- c:\program files\CinemaNow
2009-12-26 17:28:28 0 d-----w- c:\users\gary\appdata\roaming\Simple Star
2009-12-26 17:28:25 0 d-----w- c:\programdata\PhotoShow Shared Assets
2009-12-26 17:28:23 0 d-----w- c:\program files\Roxio
2009-12-26 17:27:30 0 d-----w- c:\programdata\eSellerate
2009-12-26 17:27:29 0 d-----w- c:\programdata\SmartSound Software Inc
2009-12-26 17:27:29 0 d-----w- c:\program files\SmartSound Software
2009-12-26 17:24:40 0 d-----w- c:\programdata\Sonic
2009-12-26 17:22:00 0 d-----w- c:\program files\common files\PX Storage Engine
2009-12-26 17:21:03 0 d-----w- c:\programdata\Roxio
2009-12-26 17:20:47 0 d-----w- c:\program files\common files\Sonic Shared
2009-12-26 17:20:46 0 d-----w- c:\programdata\Macrovision
2009-12-26 17:20:46 0 d-----w- c:\program files\Roxio 2010
2009-12-26 17:16:45 0 d-----w- c:\users\gary\appdata\roaming\Roxio Log Files
2009-12-26 01:21:07 0 d-----w- c:\program files\GrabIt
2009-12-25 05:27:22 0 d-----w- c:\windows\Panther
2009-12-25 05:16:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-12-25 05:16:38 0 d-----w- c:\program files\Synaptics
2009-12-25 05:16:15 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-12-25 05:16:15 179256 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-12-25 05:16:15 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-12-25 05:16:15 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-12-25 05:16:15 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-12-25 05:16:15 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2009-12-25 05:06:29 0 d-----w- c:\programdata\NOS
2009-12-25 03:52:22 0 d-----w- c:\program files\uTorrent
2009-12-25 03:51:31 0 d-----w- c:\users\gary\appdata\roaming\uTorrent
2009-12-25 03:47:42 0 d-----w- c:\users\gary\appdata\roaming\Movie Label
2009-12-25 03:46:14 0 d-----w- c:\program files\Movie Label 2010
2009-12-25 03:39:03 0 d---a-w- c:\programdata\TEMP
2009-12-25 03:29:51 0 d-----w- c:\programdata\Sony
2009-12-25 03:29:38 0 d-----w- c:\program files\Sony
2009-12-25 03:27:01 0 d-sh--w- c:\windows\Installer
2009-12-25 03:26:29 0 d-----w- c:\program files\Sony Setup
2009-12-25 03:22:55 0 d-----w- c:\program files\MagicISO
2009-12-25 03:11:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-25 03:10:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-25 03:10:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-25 03:10:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-25 03:10:17 0 d-----w- c:\program files\Symantec
2009-12-25 03:10:17 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-25 03:08:51 0 d-----w- c:\windows\system32\drivers\NIS
2009-12-25 03:08:46 0 d-----w- c:\program files\Norton Internet Security
2009-12-25 03:08:44 0 d-----w- c:\programdata\Norton
2009-12-25 03:08:24 0 d-----w- c:\programdata\NortonInstaller
2009-12-25 03:08:24 0 d-----w- c:\program files\NortonInstaller
2009-12-25 02:48:38 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-25 02:48:28 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-25 02:48:17 208206 --sh--r- C:\VZLEF
2009-12-25 02:46:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-24 05:52:51 0 d-----w- c:\users\gary\Movie Label Database
2009-12-19 07:59:07 20 --sh--r- C:\winx.ld
2009-12-19 07:27:56 0 d-sh--w- C:\Recovery
2009-12-18 23:53:27 8192 --sha-r- C:\BOOTSECT.BAK
2009-12-18 23:53:21 383562 --sha-r- C:\bootmgr
2009-12-18 23:53:18 0 d-sh--w- C:\Boot

==================== Find3M ====================

2009-12-28 02:04:00 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:06:42.60 ===============

Attached Files


Edited by garyam, 01 January 2010 - 12:46 AM.


#3 garyam

garyam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 06 January 2010 - 11:58 PM

Thanks ThePCGeek, you know your stuff.
You solved my problem in a few quick steps when no one else here even bothered to reply to my post.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:45 PM

Posted 09 January 2010 - 02:56 PM

Unfortunately we are swamped with logs here and since we are all volunteers it happens that there is a waiting time. This doesn't mean your topic was overlooked.


This topic is now closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users