TechSpot

Yet another search engine redirect problem

By Shadoefax
Dec 19, 2009
  1. Judging from the amount of traffic on the 'net, it would appear that this particular virus/malware problem is running rampant.

    I have all the common symptoms: All search engine result links are redirected to various unrelated sites. (Currently it's favoring cox.net, but others have appeared also.)

    I've run just about every spyware/malware/adware/virus scan I could find with no positive results.

    Attached are the three logs requested in the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions thread.

    Thank you in advance for taking the time to help!
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You have got several antivirus/antimalware programs installed Kaspersky, AdAware, AVG. There are other free protection programs out there. Decide on what antivirus program you want and uninstall the other. I like free Avast and it's bootup scan feature. Your system might be running much slower than it has to.

    Run the ESET On-Line Scanner:
    Scanner

    See what it comes up with
     
  3. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    Ok ... ESET On-Line Scanner came up with a couple of items, but the problem still exists.

    :
     
  4. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    Bump, please
     
  5. almcneil

    almcneil TS Guru Posts: 1,277

  6. Speedz213

    Speedz213 TS Rookie

    I can't seem to find anything in your logs, hopefully it's not a ws2_32.dll file.

    Please do the following:

    • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
      Link 1
      Link 2
    • Double click DDS.scr to run.
    • When complete, two logs will open. Save both of the report to your Desktop.
    • Copy and paste BOTH LOGS back here, use more than one post if needed.
     
  7. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by CBaker at 19:50:06.04 on Fri 12/25/2009
    Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1609 [GMT -7:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Office\2007\Office12\GrooveMonitor.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TomTom HOME\TomTomHOMERunner.exe
    C:\Users\CBaker\Desktop\Utilities\Virus utilities\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME\TomTomHOMEService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Users\CBaker\Desktop\Utilities\Virus utilities\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\hp\kbd\kbd.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox 3.5 Beta 4\fx.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Users\CBaker\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\2007\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
    TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOMERunner.exe"
    uRun: [SUPERAntiSpyware] c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [<NO NAME>]
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\2007\office12\GrooveMonitor.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\users\cbaker\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\2007\office12\EXCEL.EXE/3000
    IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\2007\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\2007\office12\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
     
  8. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    (cont.)

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\2007\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASWINLO.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\2007\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - file:///C:/Users/CBaker/Desktop/Client%20Website%20Development/CSC/clients.html
    FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
    FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
    FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npdeploytk.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nppdf32.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ============= SERVICES / DRIVERS ===============

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-15 64288]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
    R1 SASDIFSV;SASDIFSV;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\sasdifsv.sys [2009-11-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-12-21 123280]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-12-21 41616]
    R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
    R2 SBSDWSCService;SBSD Security Center Service;c:\users\cbaker\desktop\utilities\virus utilities\spybot - search & destroy\SDWinSec.exe [2009-12-15 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2009-8-27 92008]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
    R3 SASENUM;SASENUM;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASENUM.SYS [2009-11-23 7408]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
    S2 gupdate1c926e716881e10;Google Update Service (gupdate1c926e716881e10);c:\program files\google\update\GoogleUpdate.exe [2008-10-5 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-12-17 31824]
     
  9. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    (cont.)

    =============== Created Last 30 ================

    2009-12-25 03:02:15 0 d-----w- C:\UBCD4Win
    2009-12-22 17:46:58 0 d-----w- c:\program files\Alex Feinman
    2009-12-22 00:24:51 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2009-12-22 00:24:41 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2009-12-22 00:24:34 0 d-----w- c:\program files\Sun
    2009-12-19 22:09:06 0 d-----w- c:\program files\ESET
    2009-12-19 21:14:48 0 d-----w- c:\program files\Trend Micro
    2009-12-17 22:02:34 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2009-12-17 22:02:34 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2009-12-17 22:02:34 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
    2009-12-17 22:02:34 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2009-12-17 00:29:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-17 00:28:46 0 d-----w- c:\users\cbaker\appdata\roaming\SUPERAntiSpyware.com
    2009-12-17 00:22:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2009-12-17 00:17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-17 00:17:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-16 02:41:30 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-16 02:31:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2009-12-16 01:00:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-12-16 00:58:40 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2009-12-16 00:57:52 0 d-----w- c:\programdata\Lavasoft
    2009-12-16 00:57:52 0 d-----w- c:\program files\Lavasoft
    2009-12-16 00:41:26 0 d-----w- c:\users\cbaker\appdata\roaming\Malwarebytes
    2009-12-16 00:41:21 0 d-----w- c:\programdata\Malwarebytes
    2009-12-12 23:20:45 132096 --sha-r- c:\windows\system32\KBDTH08.dll
    2009-12-12 23:03:47 0 d-----w- c:\program files\delaydots
    2009-12-09 13:23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-09 13:23:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-09 13:23:08 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-09 12:34:24 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-11-30 04:15:09 0 d-----w- c:\users\cbaker\dwhelper

    ==================== Find3M ====================

    2009-12-26 01:30:21 13633568 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-12-25 05:36:33 6344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-12-25 05:36:33 1540128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-12-25 05:36:33 109660 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-12-22 00:25:02 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-22 00:25:02 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-22 00:25:01 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-15 17:36:15 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-15 17:36:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-11 11:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2008-07-04 22:41:20 22 --sha-w- c:\windows\sminst\HPCD.sys
    2008-12-24 20:13:46 56 --sh--r- c:\windows\system32\7950857381.sys
    2008-12-24 20:13:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 19:51:37.06 ===============
     
  10. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    @almcneil

    Whenever I go to that link, I get a different landing page. All say "Enigma Software" but contain nothing but ads. Is that one of the symptoms of the problem I'm having?
     
  11. almcneil

    almcneil TS Guru Posts: 1,277

    That's the page, click on the one for Conficker Removal Tool.

    -- Andy
     
  12. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    I don't know, Andy ... I just don't see any link on any of the pages that mention conflicker.

    Example 1
    Example 2
    Example 3

    Am I just blind?
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Shadowfax, I'd like to intervene here. Please stop running the random programs- give me a few minutes to look at your original logs and I will come back with instructions- okay?
     
  14. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    Understood :eek:
     
  15. almcneil

    almcneil TS Guru Posts: 1,277

    You are being redirected! My link is for Enigma Software (http://www.enigmasoftware.com) and you're ending up at Software by Chuck!

    Use another computer to download the Conficker Removal Tool and then run it on your own computer.

    -- Andy
     
  16. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    No Andy, those are just screen shots of the different landing pages I got with your link. SoftwareByChuck is just my domain where I hosted the pictures.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Going by the first HijackThis log, I only see the Kaspersky AV running.

    I note two entries for Norton Confidential: It originally was an identity protection program, but it is now incorporated into other Norton products. Symantec no longer support it as an identity tool.You should download the Norton Removal Tool HERE and save it to your desktop- don't run yet.

    Please reopen HijackThis to 'do system scan only.' Check each of the following present:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

    For the following entry, if you have a tab or homepage set to open blank, leave the following entry. If not, check for removal.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O

    Close all open Windows except HijackThis and click on "Fix Checked."


    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run the Norton Removal Tool

    You were told to run the Eset scan prematurely and then the entries weren't resolved. And I don't that a scan for Confliker is indicated at this point:

    Since the logs are basically clean with the exception of s few entries, since the problem still exists, please do this:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please attach the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    The delete the current logs you have for the Eset scan. Update and scan again and leave the log in your next reply. Don't copy and paste pieces of it, attach the entire Eset log.

    We'll go from there. (and I'll have you remove the cleaning tools and old restore points)
     
  18. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    Thanks, Bobbye. As it is getting kinda late here, I will follow your advice and post first thing tomorrow morning. Merry Christmas!
     
  19. almcneil

    almcneil TS Guru Posts: 1,277

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Andy, why are wanting to check for Conficker?
     
  21. almcneil

    almcneil TS Guru Posts: 1,277

    I recently had a customer with the conficker work virus. One of the symptoms was IE redirecting. The Conficker Removal Tool from Enigma Software easily detects it so it's worth trying.

    -- Andy
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Andy, do you realize that every malware infections here is affecting the searches? It may be different malware infections. It may involve the router or a dozen other programs. But you're going to be a very busy bee if you start checking for Conficker on every system that is having the searches redirected!
     
  23. almcneil

    almcneil TS Guru Posts: 1,277

    Bobbye, as I explained, I recently had a customer with Conficker. One of it's symptoms is IE redirecting. It is a serious problem and requires a special removal tool. It is worth checking out when the person complains that their IE is redirecting.

    -- Andy
     
  24. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    Ok ... did all you outlined in your previous post. ESET took nearly 3 hours to run, but came up clean. Here's the combofix log:

    ComboFix 09-12-25.04 - CBaker 12/26/2009 9:04.1.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2782 [GMT -7:00]
    Running from: c:\users\CBaker\Desktop\Combo-Fix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2255871677-1105587672-4134356626-500
    c:\$recycle.bin\S-1-5-21-2686051353-245676721-1022534712-500
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\users\CBaker\Documents\12202009.reg
    c:\windows\system32\temp.bat
    c:\windows\system32\vbzlib1.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
    .

    2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\users\CBaker\AppData\Local\temp
    2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-25 18:03 . 2009-12-25 18:03 424 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
    2009-12-25 18:03 . 2009-12-25 18:03 376 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
    2009-12-25 18:03 . 2009-12-25 18:03 371 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
    2009-12-25 18:03 . 2009-12-25 18:03 364 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
    2009-12-25 18:03 . 2009-12-25 18:03 340 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
    2009-12-25 18:03 . 2009-12-25 18:03 339 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
    2009-12-25 03:02 . 2009-12-25 03:13 -------- d-----w- C:\UBCD4Win
    2009-12-23 01:02 . 2009-12-23 01:02 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-12-23 01:02 . 2009-12-23 01:02 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-12-23 01:02 . 2009-12-23 01:02 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-12-23 01:02 . 2009-12-23 01:02 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
    2009-12-23 01:02 . 2009-12-23 01:02 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-12-23 01:02 . 2009-12-23 01:02 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
    2009-12-23 01:01 . 2009-12-23 01:01 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-12-23 01:00 . 2009-12-23 01:00 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-12-23 01:00 . 2009-12-23 01:00 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-12-23 01:00 . 2009-12-23 01:00 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2009-12-23 01:00 . 2009-12-23 01:00 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-12-23 01:00 . 2009-12-23 01:00 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-12-23 01:00 . 2009-12-23 01:00 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-12-23 00:27 . 2009-12-23 00:27 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    2009-12-23 00:27 . 2009-12-23 00:27 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
    2009-12-23 00:27 . 2007-12-30 12:01 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
    2009-12-23 00:27 . 2009-12-23 00:27 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
    2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- c:\program files\Alex Feinman
    2009-12-22 04:00 . 2009-12-22 04:26 -------- d-----w- c:\users\CBaker\AppData\Roaming\Download Manager
    2009-12-22 00:24 . 2009-12-17 22:02 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2009-12-22 00:24 . 2009-12-17 22:02 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2009-12-22 00:24 . 2009-12-22 00:24 -------- d-----w- c:\program files\Sun
    2009-12-21 17:54 . 2009-11-02 18:37 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
    2009-12-21 17:54 . 2009-12-21 17:54 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
    2009-12-21 17:54 . 2009-12-21 17:54 424 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
    2009-12-21 17:54 . 2009-12-21 17:54 364 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
    2009-12-21 17:54 . 2009-09-03 06:37 371 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
    2009-12-21 17:54 . 2009-09-03 06:37 339 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
    2009-12-20 17:48 . 2009-12-20 17:48 -------- d-----w- c:\users\CBaker\AppData\Local\Adobe
    2009-12-20 01:20 . 2007-05-07 18:34 2707456 ----a-w- c:\users\CBaker\AppData\Roaming\Snapfish\BinCache\Core.dll
    2009-12-19 22:09 . 2009-12-19 22:09 -------- d-----w- c:\program files\ESET
    2009-12-19 21:14 . 2009-12-19 21:14 -------- d-----w- c:\program files\Trend Micro
    2009-12-19 19:51 . 2009-12-26 15:41 52224 ----a-w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-19 01:53 . 2009-12-19 01:53 -------- d-----w- c:\users\CBaker\AppData\Local\Apple
    2009-12-18 23:18 . 2009-10-22 20:04 55296 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.dll
    2009-12-18 23:18 . 2009-12-15 21:27 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
    2009-12-18 23:18 . 2009-12-05 14:22 13312 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    2009-12-18 23:18 . 2009-10-22 20:04 258048 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\SDL.dll
    2009-12-17 23:53 . 2009-11-02 18:37 376 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
    2009-12-17 23:53 . 2009-11-02 18:37 340 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
    2009-12-17 23:50 . 2009-11-02 18:37 424 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
    2009-12-17 23:50 . 2009-09-03 06:37 371 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
    2009-12-17 23:50 . 2009-09-03 06:37 339 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
    2009-12-17 23:50 . 2009-11-02 20:44 364 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
    2009-12-17 22:02 . 2009-12-17 22:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2009-12-17 22:02 . 2009-12-17 22:02 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2009-12-17 22:02 . 2009-12-17 22:02 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
    2009-12-17 22:02 . 2009-12-17 22:02 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2009-12-17 00:29 . 2009-12-20 03:18 117760 ----a-w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-17 00:29 . 2009-12-17 00:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-17 00:28 . 2009-12-17 00:28 -------- d-----w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com
     
  25. Shadoefax

    Shadoefax TS Rookie Topic Starter Posts: 20

    (cont.)

    2009-12-17 00:22 . 2009-12-17 00:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-17 00:17 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-17 00:17 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-16 02:41 . 2009-12-19 19:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-16 02:31 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2009-12-16 01:00 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-12-16 00:58 . 2009-12-16 01:00 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2009-12-16 00:58 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
    2009-12-16 00:57 . 2009-12-16 01:00 -------- d-----w- c:\programdata\Lavasoft
    2009-12-16 00:57 . 2009-12-16 00:57 -------- d-----w- c:\program files\Lavasoft
    2009-12-16 00:41 . 2009-12-16 00:41 -------- d-----w- c:\users\CBaker\AppData\Roaming\Malwarebytes
    2009-12-16 00:41 . 2009-12-16 00:41 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-12 23:20 . 2009-12-12 23:20 132096 --sha-r- c:\windows\system32\KBDTH08.dll
    2009-12-12 23:03 . 2009-12-12 23:03 -------- d-----w- c:\program files\delaydots
    2009-12-09 13:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-09 13:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-09 13:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-09 12:34 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-12-07 22:55 . 2009-12-07 22:55 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
    2009-11-30 04:15 . 2009-11-30 04:34 -------- d-----w- c:\users\CBaker\dwhelper
    2009-11-28 01:33 . 2009-11-28 01:33 -------- d-----w- c:\program files\QuickTime

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-26 15:57 . 2008-02-22 02:29 -------- d-----w- c:\programdata\Symantec
    2009-12-26 15:51 . 2009-06-07 00:27 6344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-12-26 15:51 . 2009-06-07 00:27 1540128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-12-26 15:51 . 2009-06-07 00:27 13640736 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-12-26 15:51 . 2009-06-07 00:27 109744 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-12-26 15:40 . 2009-06-07 00:27 -------- d-----w- c:\programdata\Kaspersky Lab
    2009-12-25 23:13 . 2008-05-27 17:46 -------- d-----w- c:\programdata\Google Updater
    2009-12-24 23:37 . 2008-09-06 02:25 14 ----a-w- c:\windows\popcinfo.dat
    2009-12-24 18:55 . 2009-05-04 23:20 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
    2009-12-20 01:22 . 2008-02-22 02:28 -------- d-----w- c:\program files\Yahoo!
    2009-12-20 01:20 . 2008-05-21 20:27 -------- d-----w- c:\users\CBaker\AppData\Roaming\Snapfish
    2009-12-20 01:18 . 2009-04-06 00:19 -------- d-----w- c:\program files\PageBreeze
    2009-12-20 01:16 . 2008-02-22 02:10 -------- d---a-w- c:\program files\Common Files\LightScribe
    2009-12-20 01:12 . 2009-03-17 17:45 -------- d-----w- c:\program files\GRETECH
    2009-12-20 01:09 . 2009-03-21 00:46 -------- d-----w- c:\program files\Acro Software
    2009-12-19 23:54 . 2008-05-27 17:46 -------- d-----w- c:\program files\Google
    2009-11-24 22:19 . 2008-05-21 20:27 374184 ----a-w- c:\users\CBaker\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-11-23 13:40 . 2008-02-22 02:15 -------- d-----w- c:\program files\Java
    2009-11-22 17:11 . 2009-11-22 17:11 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
    2009-11-22 17:11 . 2009-11-22 17:11 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
    2009-11-22 17:11 . 2009-11-22 17:11 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
    2009-11-22 17:11 . 2009-11-22 17:11 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    2009-11-22 17:11 . 2009-11-22 17:11 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
    2009-11-22 17:11 . 2009-11-22 17:11 24576 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    2009-11-22 17:11 . 2009-11-22 17:11 120832 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
    2009-11-21 17:15 . 2009-11-21 17:15 24576 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    2009-11-21 17:15 . 2009-11-21 17:15 120832 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
    2009-11-21 17:15 . 2009-11-21 17:15 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    2009-11-21 17:15 . 2009-11-21 17:15 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
    2009-11-21 17:15 . 2009-11-21 17:15 424 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
    2009-11-21 17:15 . 2009-11-21 17:15 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
    2009-11-21 17:15 . 2009-11-21 17:15 371 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
    2009-11-21 17:15 . 2009-11-21 17:15 364 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
    2009-11-21 17:15 . 2009-11-21 17:15 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
    2009-11-21 17:15 . 2009-11-21 17:15 339 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
    2009-11-21 17:15 . 2009-11-21 17:15 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
    2009-11-21 17:15 . 2009-11-21 17:15 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
    2009-11-21 06:40 . 2009-12-09 12:35 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-09 12:35 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-09 12:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-09 12:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-17 18:03 . 2009-11-21 18:12 4233623 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\sample.exe
    2009-11-15 17:36 . 2009-11-15 17:36 -------- d-----w- c:\program files\Windows Portable Devices
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...