Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus / Google 'Server not found'


  • Please log in to reply
65 replies to this topic

#61 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 17 August 2010 - 10:38 PM

Been there .. still doing it! Check your email if you have time. I'll be ready to get started tomorrow. (with or without sleep)

BC AdBot (Login to Remove)

 


#62 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 19 August 2010 - 07:57 PM

Hi,

I backed up and reinstalled FF (fresh download). Still does the redirect but no where near as often .. only occasionally. It almost always goes to VideoCop if redirect is successful.
It is getting so random and infrequent that I will go from thinking it is fixed to having it happen 2 clicks later (so I've been trying not to think anymore)

#63 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:44 AM

Posted 20 August 2010 - 01:24 AM

Hello,

It's been a while since you posted a DDS log.....can I see a new one please? You know how you got this......after all this I have to wonder if one of those downloads is infected where I can't see. It really is like the proverbial needle. I just have no clue what's legit and what isn't, or which one to look at, or if it's maybe a certain site you're visiting that's doing this. Do you have the means to get your important stuff out, reformat and reinstall, SCAN those important files/programs files before you put them on a clean install? This is a last resort, but I think you should at least consider it while we're going through these steps again.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#64 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 20 August 2010 - 06:02 AM

I don't have time this morning to do another dds but will when I get back.
Is there a way to partition my existing hard drive and move existing files over until we find the cause. (ie: make a f: drive ... I am pretty sure there is a way and I should have enough capacity. The reason why I ask is I could work on it as I have time.
I've been thinking about getting a laptop so maybe I could transfer files to that until the problem pops up. Just don't really have the money for a laptop though.

#65 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:44 AM

Posted 20 August 2010 - 07:02 PM

How about flash drive or CD/DVD? Those can be scanned as well. If this was Windows7 I think a partition the way you want to do it would be possible, but I don't think it is on XP.......don't hold me to that 100%, but I believe that's the way it is. Now if you had an old hard drive there that you could format and slave out, then it would be no problem. You would still need to check anything you move over to it thoroughly so that drive doesn't get infected as well.

I'd still like to see a DDS when you get time. Let me know how it's behaving also......and I hope your daughter is doing well. smile.gif
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#66 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 22 August 2010 - 01:46 AM

Here is the dds. It is doing the redirect more often but not as bad as when we started.
My daughter is past the pain stage so that is a big relief ... not fighting to get the meds down. Thanks for asking.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim at 2:39:13.85 on Sun 08/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.397 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\docume~1\jim\startm~1\programs\startup\btguar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\docume~1\jim\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\jim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Html To Image - c:\program files\html to image\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\rbkjqsl6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\jim\application data\mozilla\firefox\profiles\rbkjqsl6.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\jim\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-25 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-25 40384]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-11 10448]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-25 40384]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2009-12-31 91830]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-9-4 245760]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-9-4 23296]

=============== Created Last 30 ================

2010-08-20 10:54:14 2799 ----a-w- c:\documents and settings\jim\.recently-used.xbel
2010-08-19 02:23:28 0 d-----w- c:\program files\MozBackup
2010-08-18 02:53:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 02:53:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 11:30:18 0 d-----w- c:\program files\Solveig Multimedia
2010-08-16 11:30:18 0 d-----w- c:\program files\common files\Solveig Multimedia
2010-08-14 00:20:16 0 d-----w- c:\program files\FDRLab
2010-08-14 00:06:58 0 d-----w- c:\program files\Datahjaelp
2010-08-13 23:30:09 0 d-----w- c:\docume~1\jim\applic~1\Passware
2010-08-13 23:29:35 0 d-----w- c:\program files\Passware
2010-08-13 11:39:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-12 10:51:38 0 d-----w- C:\BTGUARD
2010-08-12 10:31:54 0 d-----w- c:\program files\uTorrent
2010-08-11 05:56:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-08-11 05:56:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-11 05:56:39 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-11 05:56:22 0 d-----w- c:\windows\system32\ReinstallBackups
2010-08-11 05:56:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-08-11 05:54:16 0 d-----w- c:\docume~1\jim\applic~1\Logishrd
2010-08-11 02:25:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-11 02:25:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 23:32:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 23:11:11 0 d-----w- c:\docume~1\jim\applic~1\Malwarebytes
2010-08-10 19:53:01 0 d-sha-r- C:\cmdcons
2010-08-10 19:47:49 98816 ----a-w- c:\windows\sed.exe
2010-08-10 19:47:49 77312 ----a-w- c:\windows\MBR.exe
2010-08-10 19:47:49 256512 ----a-w- c:\windows\PEV.exe
2010-08-10 19:47:49 161792 ----a-w- c:\windows\SWREG.exe
2010-08-03 03:43:07 0 d-----w- c:\program files\common files\DivX Shared
2010-08-03 02:34:11 0 d-----w- c:\program files\DivX
2010-08-03 02:33:42 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-08-03 01:31:51 0 d-----w- c:\docume~1\jim\applic~1\CherryPickerLive
2010-08-03 00:31:16 0 d-----w- c:\program files\CherryPicker
2010-08-02 00:16:45 0 ----a-w- c:\documents and settings\jim\defogger_reenable
2010-08-01 13:02:49 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-31 00:51:37 0 d-----w- c:\docume~1\jim\applic~1\SafeReturner
2010-07-31 00:51:31 0 d-----w- c:\program files\Safe Returner
2010-07-26 01:01:24 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 23:30:49 0 d-----w- c:\windows\pss
2010-07-25 18:28:07 38848 ----a-w- c:\windows\avastSS.scr
2010-07-25 18:27:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-23 23:54:56 0 d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-08-22 06:09:22 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-21 23:22:06 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-30 12:23:55 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14:38 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2007-03-22 01:07:11 217 ----a-w- c:\program files\setup.ini
2003-09-16 06:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-16 06:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-16 06:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-16 06:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

============= FINISH: 2:39:49.14 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users