Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 LindaJ711

LindaJ711

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 09 June 2010 - 02:20 PM

I see that others are having the same problem so I'm adding my post to the list. This started yesterday. I'm using Firefox, and one time my home page got changed. Every link I click on from Google or other search engines redirect to other sites. If I type the link in the address bar, or copy and paste, I can get to the correct site. I ran MalWare Bytes and it found Bootkit.Agent plus some malware from GameVance.com. I ran AVG and it only found tracking cookies. I'll post my DDS.txt file here and attach the other files. Thank you for your help.

Linda

DDS (Ver_10-03-17.01) - FAT32x86
Run by Linda Juliano at 10:37:04.50 on Wed 06/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.89 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Linda Juliano\Application Data\Google\Update\GoogleUpdate.exe
SVCHOST.EXE
C:\Program Files\eClean2000\EClean.exe
C:\From Old Machine\My Music\unzipped\cliptrak[1]\ClipTrak.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\PowerTools 10\pttray.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Linda Juliano\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.iwon.com/iwon-homepage/home.jhtml
uSearch Bar = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
mLocal Page = c:\windows\system\blank.htm
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ChaCha Search Toolbar: {4e7bd74f-2b8d-469e-88bc-bc28f89aae3c} - c:\progra~1\chacha~1\CHACHA~1.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ChaCha Search Toolbar: {4e7bd74f-2b8d-469e-88bc-bc28f89aae3c} - c:\progra~1\chacha~1\CHACHA~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\SHDOCVW.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\linda juliano\application data\google\update\GoogleUpdate.exe" /c
mRun: [SystemTray] SysTray.Exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\lindaj~1\startm~1\programs\startup\powert~1.lnk - c:\program files\powertools 10\pttray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eclean~1.lnk - c:\program files\eclean2000\EClean.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\from old machine\my music\unzipped\cliptrak[1]\ClipTrak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\powert~1.lnk - c:\program files\powertools 10\pttray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 8.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~2.lnk - c:\windows\mHotkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: EditLevel = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\TOOLBAR.DLL/SEARCH.HTML
IE: ChaCha Search - file://c:\documents and settings\linda juliano\application data\chachatoolbar\SelectedContextSearch_ChaCha Search.htm
IE: ChaCha Search with guide - file://c:\documents and settings\linda juliano\application data\chachatoolbar\SelectedContextSearch_ChaCha Search with guide.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\SHDOCVW.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326}
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37631.2973611111
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R970/V31Controls/x86/mil/en/actsetup.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lindaj~1\applic~1\mozilla\firefox\profiles\kisbh8dg.default user\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - component: c:\documents and settings\linda juliano\application data\mozilla\firefox\profiles\kisbh8dg.default user\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\linda juliano\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\linda juliano\application data\mozilla\firefox\profiles\kisbh8dg.default user\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\profile\user.js - user_pref("capability.policy.policynames", "allowclipboard");
c:\program files\mozilla firefox\defaults\profile\user.js - user_pref("capability.policy.allowclipboard.sites", "http://www.mozilla.org https://www.mozilla.org");
c:\program files\mozilla firefox\defaults\profile\user.js - user_pref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess");
c:\program files\mozilla firefox\defaults\profile\user.js - user_pref("capability.policy.allowclipboard.Clipboard.paste", "allAccess");
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-15 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-1 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-1 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-1 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-21 266240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-22 46112]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S4 EBCCHGJZ;EBCCHGJZ;c:\docume~1\lindaj~1\locals~1\temp\ebcchgjz.exe --> c:\docume~1\lindaj~1\locals~1\temp\EBCCHGJZ.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-06-09 13:52:01 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-09 13:51:25 0 d-----w- c:\program files\Gamevance

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 12:43:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-01 17:54:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-26 03:38:30 505 ----a-w- c:\program files\Shortcut to sndvol32.exe.lnk
2010-03-18 20:12:50 70984 ----a-w- c:\documents and settings\linda juliano\g2mdlhlpx.exe
2010-03-17 14:00:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2007-11-21 00:43:28 5632 --sha-w- c:\program files\Thumbs.db
2006-11-30 02:29:08 347038 ----a-w- c:\program files\DeisPT.isu
2006-11-30 02:16:02 3950 ------w- c:\program files\ERRORLOG.TXT
2003-12-24 20:52:50 141 ------w- c:\program files\pcdocrx_order.html
2002-04-22 17:30:02 271 ------w- c:\program files\desktop.ini
2002-04-22 17:30:02 23357 ------w- c:\program files\folder.htt
2002-04-16 22:58:56 4029 ------w- c:\program files\Instlog.lyt
2002-04-16 22:58:14 307 ------w- c:\program files\Uninstall.log
2002-04-16 22:58:12 1841 ------w- c:\program files\Group.ver
2001-11-12 17:29:18 13956 ------w- c:\program files\read1040.wri
2001-10-25 21:05:00 68249 ------w- c:\program files\bustax.scd
2001-10-25 20:44:14 106503 ------w- c:\program files\bustax.thp
2001-10-25 20:22:22 55568 ------w- c:\program files\tax.thp
2001-10-25 19:59:24 12521 ------w- c:\program files\tax.scd
2001-10-11 16:34:48 167936 ----a-r- c:\program files\taxunst.exe
2001-09-13 06:46:24 61440 ----a-r- c:\program files\U2LPeach.dll
2001-09-13 06:46:22 208896 ----a-r- c:\program files\pchup32.dll
2001-09-13 05:48:06 14802944 ----a-r- c:\program files\peachw.exe
2001-09-13 05:44:26 94208 ----a-r- c:\program files\ClsYear.dll
2001-09-13 05:44:02 147456 ----a-r- c:\program files\finanwiz.dll
2001-09-13 05:43:48 524288 ----a-r- c:\program files\FRMDSGN.dll
2001-09-13 05:43:16 102400 ----a-r- c:\program files\PAWRes.dll
2001-09-13 05:43:12 98304 ----a-r- c:\program files\NCSIII.dll
2001-09-13 05:43:04 393216 ----a-r- c:\program files\sample32.dll
2001-09-13 05:43:02 106496 ----a-r- c:\program files\pchfrm32.dll
2001-09-13 05:43:00 122880 ----a-r- c:\program files\PchCnvt2.dll
2001-09-13 05:42:50 323584 ----a-r- c:\program files\pchcvt32.dll
2001-09-13 05:42:42 69632 ----a-r- c:\program files\pchqb32.dll
2001-09-13 05:42:24 1232896 ----a-r- c:\program files\PchApp32.dll
2001-09-13 05:41:54 192512 ----a-r- c:\program files\PAWXML.dll
2001-09-13 05:39:48 593920 ----a-r- c:\program files\PAWMFC.dll
2001-09-13 05:39:12 53248 ----a-r- c:\program files\Basics.dll
2001-09-13 05:39:04 40960 ----a-r- c:\program files\pchncs32.dll
2001-09-13 05:38:58 2387968 ----a-r- c:\program files\Pchctl32.dll
2001-09-13 05:38:24 28672 ----a-r- c:\program files\PchCrstl.dll
2001-09-13 05:38:16 81920 ----a-r- c:\program files\pchdbe32.dll
2001-09-13 05:38:12 221184 ----a-r- c:\program files\PCHLIB32.dll
2001-09-13 05:37:56 266240 ----a-r- c:\program files\pchqcb32.dll
2001-09-05 18:55:40 17436 ------w- c:\program files\license.txt
2001-03-11 11:59:54 766 ------w- c:\program files\pcdoc.ico
2001-03-07 11:47:24 86016 ----a-r- c:\program files\fixhklm.exe
2001-03-02 20:27:54 36352 ----a-r- c:\program files\PCHLNK.DLL
2001-02-26 18:38:40 318 ----a-w- c:\program files\Contact.ini
2000-05-03 15:24:32 204859 ----a-r- c:\program files\PAWHelp.exe
2000-02-08 06:05:36 68096 ----a-r- c:\program files\WBTRV32.DLL
2000-02-08 06:05:36 5824 ----a-r- c:\program files\WBTRTHNK.DLL
2000-02-08 06:05:36 43472 ----a-r- c:\program files\WBTRCALL.DLL
2000-02-08 06:05:36 4292 ----a-r- c:\program files\WBT32RES.DLL
2000-02-08 06:05:36 4192 ----a-r- c:\program files\WBTRVRES.DLL
2000-02-08 06:05:36 314980 ----a-r- c:\program files\Wbtr32.exe
2000-02-08 06:05:36 17690 ----a-r- c:\program files\WBTRLOCL.DLL
2000-02-08 06:05:36 110080 ----a-r- c:\program files\W32MKRC.DLL
2000-02-08 06:05:34 38576 ----a-r- c:\program files\NWLOCALE.DLL
2000-02-08 06:05:34 320512 ----a-r- c:\program files\W32MKDE.EXE
1999-01-29 18:09:04 30208 ----a-r- c:\program files\PCHDBE.DLL
1999-01-29 17:24:58 117776 ----a-r- c:\program files\PCHLIB.DLL
1998-09-23 11:25:04 35840 ----a-r- c:\program files\pch32t10.dll
1998-09-23 11:24:28 10384 ----a-r- c:\program files\PCH16T10.EXE
1998-06-21 13:58:44 1167836 ------w- c:\program files\PROG.LZB
1998-02-16 17:43:12 65423 ------w- c:\program files\RECIPES.LZB
1997-12-05 15:46:52 98304 ----a-r- c:\program files\dunzip32.dll
1997-12-05 15:27:54 125440 ----a-r- c:\program files\dzip32.dll
1997-11-16 18:40:00 36336 ----a-r- c:\program files\cdrun.exe
1997-10-31 22:28:10 73632 ----a-r- c:\program files\QBCLIENT.DLL

============= FINISH: 10:39:48.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:01 PM

Posted 14 June 2010 - 03:52 AM

Hi Linda,

Welcome to the forum.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes.

Please update me on the current condition of your computer and tell me if you still have redirection problem.
In case you still need assistance please post a fress DDS.txt log, no need for the Attach.txt log in case you have not installed or uninstalled anything.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:01 PM

Posted 18 June 2010 - 06:39 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users