Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 dagun

dagun

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 26 May 2011 - 01:45 PM

EDIT: Fixed it myself, feel free to lock etc.

Hi; attach.txt is in attachment, dss.log in below but first:

Comp stats:
Win 7 64 bit home premium edition
All overclocking is turned off at present.
Two HDD's, 500gigs on each, secondary harddrive appears clear due to redirects continuing on HDD disable. (or more specifcally taken out of the case.)

Have tried:
combofix
malwarebytes anti-malware
superantimalware
manual registry cleaning
TDSS rootkit killer (and then a repeat of above when it found one)
Complete reinstall of firefox (profiles etc deleted, addons etc, have run ATF cleaner while it was uninstalled to no avail.)
EDIT: Hosts file is 100% clear, all that is inside is 127.0.0.1 localhost, aka it's still at default settings.

Symptoms:
Google redirects, TDSS orginally showed one rootkit, on kill ran combofix which removed a whole pack of stuff, doesn't appear to have gotten it all. System restores all fail on attempts (by fail i mean there is no effect on malware, it works fine.)
Redirects tend to be of common things, e.g. searching hybrid class builds comes up with hybrid cars.

Word of warning:
I cannot disable emulation software due to needing for work.(Unfortunately a few school projects require files burnt to disc, is 10x easier and quicker just to emulate files to check if working.) Defogger causes BSOD on usage. (which means it's uninstall only, and i can't keep uninstalling it due to aformentioned need.)

Things already killed off:
Random filename programs in hosts and system32, files keep adding to registry, was killed off after TDSS rootkit removal and some manual registry editing. Combofix appears to have removed all files from then.
Malwarebytes found about 14 things, all dead and scan now comes up clean.
Superanti-spyware comes up clean (never found a thing annoyingly.)

DSS.txt:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Apache at 19:32:24 on 2011-05-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4481 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Apache\Downloads\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
StartupFolder: C:\Users\Apache\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Apache\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-explorer: SeparateProcess = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Apache\AppData\Roaming\Mozilla\Firefox\Profiles\lbw93kpv.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Apache\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-5-25 90112]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-2-7 86016]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
.
=============== Created Last 30 ================
.
2011-05-26 18:24:29 388096 ----a-r- C:\Users\Apache\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-26 18:24:29 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-26 18:14:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 18:03:58 98816 ----a-w- C:\Windows\sed.exe
2011-05-26 18:03:58 89088 ----a-w- C:\Windows\MBR.exe
2011-05-26 18:03:58 256512 ----a-w- C:\Windows\PEV.exe
2011-05-26 18:03:58 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-26 17:09:13 -------- d-----w- C:\Users\Apache\AppData\Local\DinsCurse
2011-05-26 17:09:11 -------- d-----w- C:\ProgramData\DinsCurse
2011-05-26 16:38:01 -------- d-----w- C:\Program Files (x86)\Din's Curse - Demon War Expansion
2011-05-26 16:36:58 -------- d-----w- C:\Program Files (x86)\Din's Curse
2011-05-26 13:07:33 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox NoNightly
2011-05-25 18:55:12 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2011-05-25 13:53:25 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2011-05-25 13:53:25 13368 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2011-05-25 13:53:21 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-05-25 13:53:21 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-05-25 13:53:21 -------- d-----w- C:\Program Files (x86)\ASUS
2011-05-25 13:53:09 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-25 13:53:09 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-25 13:53:09 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-25 13:53:08 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-25 13:53:07 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-25 13:50:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-05-25 13:50:22 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
2011-05-25 13:47:17 -------- d-----w- C:\Program Files (x86)\Driver Checker
2011-05-25 13:35:53 -------- d-----w- C:\Users\Apache\AppData\Roaming\ChemTable Software
2011-05-25 13:35:45 -------- d-----w- C:\Program Files (x86)\Reg Organizer
2011-05-25 13:35:41 -------- d-----w- C:\Users\Apache\AppData\Local\ChemTable Software
2011-05-24 18:29:39 -------- d-----w- C:\Program Files (x86)\Git
2011-05-24 12:29:12 -------- d-----w- C:\Users\Apache\AppData\Local\Adobe
2011-05-24 12:28:53 -------- d-----w- C:\Program Files (x86)\GnuWin32
2011-05-23 13:58:41 231600 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-05-23 13:58:39 56752 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-05-23 13:58:38 -------- d-----w- C:\Program Files\Oracle
2011-05-22 13:48:17 -------- d-----w- C:\Users\Apache\AppData\Local\The Witcher 2
2011-05-22 13:27:56 -------- d-----w- C:\Program Files (x86)\The Witcher 2
2011-05-21 12:30:26 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-05-21 12:30:24 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-05-20 07:49:10 -------- d-----w- C:\FM Genie Scout 11
2011-05-18 13:39:06 -------- d-sh--w- C:\ProgramData\DSS
2011-05-18 13:38:37 -------- d-----w- C:\Users\Apache\AppData\Roaming\Lionhead Studios
2011-05-18 13:30:45 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-05-16 18:43:20 -------- d-----w- C:\Program Files (x86)\MSI Kombustor
2011-05-16 17:54:07 -------- d-----w- C:\Users\Apache\.assistant
2011-05-16 17:53:55 -------- d-----w- C:\Program Files (x86)\X Plugin Manager
2011-05-16 17:45:56 -------- d-----w- C:\Program Files (x86)\DeepSilver
2011-05-16 17:45:20 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-05-16 17:45:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-05-16 17:45:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-05-16 17:45:20 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-05-16 17:45:20 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-05-16 17:45:20 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-05-16 17:45:20 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-05-16 17:35:14 176560 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-05-16 17:35:14 156912 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-05-16 17:35:10 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-05-15 19:49:01 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-05-15 19:48:56 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-05-15 14:33:43 506368 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2011-05-15 10:26:41 -------- d-----w- C:\Users\Apache\AppData\Roaming\foobar2000
2011-05-15 10:26:36 -------- d-----w- C:\Program Files (x86)\foobar2000
2011-05-15 08:07:37 -------- d-----w- C:\Users\Apache\AppData\Local\Stardock
2011-05-14 20:08:07 -------- d-----w- C:\Users\Apache\AppData\Roaming\Stardock
2011-05-14 20:07:42 -------- dc-h--w- C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2011-05-14 20:07:24 -------- d-----w- C:\ProgramData\Stardock
2011-05-14 20:07:24 -------- d-----w- C:\Program Files (x86)\Stardock
2011-05-14 20:06:49 -------- d-----w- C:\Program Files (x86)\Kalypso
2011-05-14 18:30:07 -------- d-----w- C:\Program Files (x86)\Rainmeter
2011-05-14 07:36:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-13 17:32:33 -------- d-----w- C:\Users\Apache\AppData\Roaming\Malwarebytes
2011-05-13 17:32:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-13 17:32:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-13 17:32:25 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-13 17:32:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-12 14:07:10 -------- d-----w- C:\Program Files (x86)\Paradox Interactive
2011-05-10 17:55:47 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-05-10 17:55:10 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-05-09 19:33:36 -------- d-----w- C:\Users\Apache\Cubivore NTSC-U
2011-05-09 16:01:54 -------- d-----w- C:\Users\Apache\VirtualBox VMs
2011-05-09 15:58:36 -------- d-----w- C:\Users\Apache\.VirtualBox
2011-05-09 14:20:53 -------- d-----w- C:\Users\Apache\AppData\Roaming\Dwarfs
2011-05-09 14:18:48 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-05-08 16:29:08 -------- d-----w- C:\Program Files\BreakPoint Software
2011-05-08 15:48:48 -------- d-----w- C:\Users\Apache\AppData\Roaming\Web Page Maker
2011-05-08 15:48:06 -------- d-----w- C:\Program Files (x86)\Web Page Maker
2011-05-08 15:29:10 -------- d-----w- C:\Program Files (x86)\VelociGames
2011-05-08 11:51:15 -------- d-----w- C:\Program Files (x86)\CMake 2.8
2011-05-08 10:50:52 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-05-08 10:50:52 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-05-08 10:50:47 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-05-08 10:50:23 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-05-08 10:49:39 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-05-08 10:49:39 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-05-08 10:49:15 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2011-05-08 10:49:14 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-05-08 07:55:47 -------- d-----w- C:\Program Files (x86)\TimeGate Studios
2011-05-07 09:00:42 -------- d-----w- C:\Users\Apache\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-07 08:59:03 -------- d-----w- C:\Program Files (x86)\Mount&Blade With Fire and Sword
2011-05-07 07:58:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-07 07:58:45 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-07 07:58:45 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-07 07:57:39 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-07 07:57:39 -------- d-----w- C:\Program Files\iTunes
2011-05-07 07:57:39 -------- d-----w- C:\Program Files\iPod
2011-05-07 07:57:39 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-07 07:56:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-07 07:55:36 -------- d-----w- C:\Program Files\Bonjour
2011-05-07 07:55:36 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-06 18:43:51 -------- d-----w- C:\Program Files (x86)\LOLReplay
2011-05-05 15:30:19 -------- d-----w- C:\Users\Apache\AppData\Roaming\GetRightToGo
2011-05-02 14:12:09 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-04-30 13:38:47 -------- d-----w- C:\Users\Apache\AppData\Roaming\Kalypso Media
2011-04-30 13:30:01 -------- d-----w- C:\Program Files (x86)\Patrician IV
2011-04-29 20:01:38 -------- d-----w- C:\ProgramData\ASign
2011-04-28 20:38:06 -------- d-----w- C:\Users\Apache\AppData\Roaming\Xfire
2011-04-28 20:38:05 -------- d-----w- C:\ProgramData\Xfire
2011-04-28 20:38:05 -------- d-----w- C:\Program Files (x86)\Xfire
2011-04-28 18:17:32 -------- d-----w- C:\ProgramData\Sports Interactive
2011-04-28 18:16:30 -------- d-----w- C:\Users\Apache\AppData\Roaming\Sports Interactive
2011-04-28 18:16:30 -------- d-----w- C:\Users\Apache\AppData\Local\Sports Interactive
2011-04-28 14:49:00 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-04-26 18:32:46 -------- d-----w- C:\Program Files (x86)\Activision
2011-04-26 18:32:39 306688 ----a-w- C:\Windows\IsUninst.exe
.
==================== Find3M ====================
.
2011-04-26 10:42:57 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-04-26 10:42:47 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-26 10:42:47 2337865 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-04-22 10:38:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-17 19:57:54 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-04-17 19:57:54 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-28 20:33:12 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-03-28 18:28:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-28 18:28:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-28 18:28:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-28 18:28:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-03-21 14:07:44 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-03-15 13:43:37 0 ----a-r- C:\logwmemory.bin
2011-03-14 17:03:18 521448 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 19:32:38.44 ===============

Attached Files


Edited by dagun, 27 May 2011 - 11:29 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,845 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:36 AM

Posted 27 May 2011 - 02:25 PM

EDIT: Fixed it myself, feel free to lock etc

.


Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users