Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browsers hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 zkid

zkid

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 30 July 2010 - 12:11 AM

After a Google Search, links I choose are redirected to various sites. For example, after clicking on a link from a search on "Dogs" the link that should have gone to nextdaypets.com went to goodbites.com and a ketchup commercial. The next time, the same link went to mydealmatch.com.

I recently had one of those "your computer is infected" popups. Malwarebytes seems to have cleared up the popup, but this redirect is still around. I have used Malwarebytes, Spyware Doctor and Super AntiSpyware and nothing seems to get rid of it.

DSS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Shawn at 22:10:56.50 on Thu 07/29/2010
Internet Explorer: 6.0.2900.3311 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1219 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetScaler\NetScaler Secure Remote Access\nsverctl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shawn\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Shawn\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [ATI Remote Control] "c:\program files\ati multimedia\remctrl\ATIRW.exe"
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVDtray.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [BHR] "c:\program files\zamaan's software\browser hijack retaliator 4.5\BHR.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://adc-tele-sslvpn.oracle.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ouweb.webex.com/client/T27L10NSP11EP5/training/ieatgpc.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\wnxtu6p2.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\shawn\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-29 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-11 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;c:\program files\array networks\common\8,4,0,264\arr_isrv.exe [2010-4-27 398768]
R2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;c:\program files\array networks\array ssl vpn\8,4,0,264\arr_srvs.exe [2010-4-27 239024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 ns80573;ns80573;c:\windows\system32\ns80573.sys [2009-9-22 42360]
R2 nsverctl;NetScaler SSL VPN Version Control;c:\program files\netscaler\netscaler secure remote access\nsverctl.exe [2009-9-22 53248]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-29 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-29 1142224]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-3-17 206120]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2010-7-29 45072]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-3-17 185640]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-19 54960]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 175232]
R3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184]
R3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-9-22 43640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-13 135664]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2009-1-4 148352]
S3 ATP;ArrayNetworks SSL VPN Miniport Driver;c:\windows\system32\drivers\atpdrvr.sys [2010-4-27 16256]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-29 112592]
S4 pyTivo;pyTivo;c:\program files\pytivo\pyTivoService.exe [2008-5-2 77824]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2010-07-30 04:09:03 0 ----a-w- c:\documents and settings\shawn\defogger_reenable
2010-07-30 02:15:53 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-30 02:15:53 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-07-30 02:15:53 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-07-30 02:12:11 0 d-----w- c:\program files\Webroot
2010-07-30 02:12:05 0 d--h--w- c:\docume~1\alluse~1\applic~1\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-30 02:11:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-07-30 01:32:47 0 d-----w- c:\program files\Trend Micro
2010-07-29 22:35:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-29 22:35:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-07-29 22:35:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-07-29 22:35:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-29 22:35:40 131 ----a-w- c:\windows\IDB.zip
2010-07-29 22:35:39 1152444 ----a-w- c:\windows\UDB.zip
2010-07-29 22:35:38 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-29 22:35:38 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-29 22:31:58 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-29 22:31:58 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-29 22:31:13 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-29 22:31:13 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-29 22:31:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-29 22:31:13 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-29 22:30:53 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-07-29 22:30:53 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-29 22:30:40 0 d-----w- c:\program files\common files\PC Tools
2010-07-29 22:30:39 0 d-----w- c:\program files\Spyware Doctor
2010-07-29 22:30:39 0 d-----w- c:\docume~1\shawn\applic~1\PC Tools
2010-07-29 22:30:39 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-07-29 22:02:24 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-07-29 22:02:24 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-07-29 22:02:23 0 d-----w- c:\program files\Zamaan's Software
2010-07-29 18:17:04 0 d-----w- c:\docume~1\shawn\applic~1\SUPERAntiSpyware.com
2010-07-29 18:17:04 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-29 18:16:46 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-28 16:12:21 0 d-----w- c:\windows\4E8390903B68436AB3CFA2A08C38DD26.TMP
2010-07-27 14:32:16 2 ----a-w- c:\windows\system32\veqwl
2010-07-27 03:58:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 03:58:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 03:32:00 150 ----a-w- C:\zrpt.xml
2010-07-27 03:31:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-15 15:37:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-30 02:56:05 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 15:37:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:35:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-09 20:41:03 106432 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

============= FINISH: 22:14:36.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 zkid

zkid
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 30 July 2010 - 06:03 PM

Behavior continues and viruses are re-appearing after virus scan and removal. I am resintalling Windows XP with formatting. Assistnce no longer needed.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 02 August 2010 - 02:10 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users