Yet another search engine redirect problem

Status
Not open for further replies.
S

Shadoefax

Posts: 20   +0
Judging from the amount of traffic on the 'net, it would appear that this particular virus/malware problem is running rampant.

I have all the common symptoms: All search engine result links are redirected to various unrelated sites. (Currently it's favoring cox.net, but others have appeared also.)

I've run just about every spyware/malware/adware/virus scan I could find with no positive results.

Attached are the three logs requested in the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions thread.

Thank you in advance for taking the time to help!
 
You have got several antivirus/antimalware programs installed Kaspersky, AdAware, AVG. There are other free protection programs out there. Decide on what antivirus program you want and uninstall the other. I like free Avast and it's bootup scan feature. Your system might be running much slower than it has to.

Run the ESET On-Line Scanner:
Scanner

See what it comes up with
 
Ok ... ESET On-Line Scanner came up with a couple of items, but the problem still exists.

Spy.Zbot.JF trojan contained infected files
ActiveSpeed_setup.exe Win32/Adware.Ascentive application cleaned by deleting - quarantined
MP3 Stream Editor 3.3.3 Setup.exe probably a variant of Win32/Agent trojan deleted - quarantined
Click to expand...
:
 
I can't seem to find anything in your logs, hopefully it's not a ws2_32.dll file.

Please do the following:

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.
 
DDS (Ver_09-12-01.01) - NTFSx86
Run by CBaker at 19:50:06.04 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1609 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\2007\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME\TomTomHOMERunner.exe
C:\Users\CBaker\Desktop\Utilities\Virus utilities\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Users\CBaker\Desktop\Utilities\Virus utilities\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\fx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\CBaker\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\2007\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\2007\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\cbaker\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\2007\office12\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\2007\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\2007\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
 
(cont.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\2007\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\2007\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - file:///C:/Users/CBaker/Desktop/Client%20Website%20Development/CSC/clients.html
FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
FF - component: c:\users\cbaker\appdata\roaming\mozilla\firefox\profiles\2iot7g74.chuck(fx3.5)\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-15 64288]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R1 SASDIFSV;SASDIFSV;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-12-21 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-12-21 41616]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 SBSDWSCService;SBSD Security Center Service;c:\users\cbaker\desktop\utilities\virus utilities\spybot - search & destroy\SDWinSec.exe [2009-12-15 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2009-8-27 92008]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SASENUM;SASENUM;c:\users\cbaker\desktop\utilities\virus utilities\superantispyware\SASENUM.SYS [2009-11-23 7408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
S2 gupdate1c926e716881e10;Google Update Service (gupdate1c926e716881e10);c:\program files\google\update\GoogleUpdate.exe [2008-10-5 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-12-17 31824]
 
(cont.)

=============== Created Last 30 ================

2009-12-25 03:02:15 0 d-----w- C:\UBCD4Win
2009-12-22 17:46:58 0 d-----w- c:\program files\Alex Feinman
2009-12-22 00:24:51 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-12-22 00:24:41 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-22 00:24:34 0 d-----w- c:\program files\Sun
2009-12-19 22:09:06 0 d-----w- c:\program files\ESET
2009-12-19 21:14:48 0 d-----w- c:\program files\Trend Micro
2009-12-17 22:02:34 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-17 22:02:34 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2009-12-17 22:02:34 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 22:02:34 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 00:29:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-17 00:28:46 0 d-----w- c:\users\cbaker\appdata\roaming\SUPERAntiSpyware.com
2009-12-17 00:22:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-17 00:17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 00:17:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 02:41:30 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-16 02:31:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-16 01:00:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-16 00:58:40 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-16 00:57:52 0 d-----w- c:\programdata\Lavasoft
2009-12-16 00:57:52 0 d-----w- c:\program files\Lavasoft
2009-12-16 00:41:26 0 d-----w- c:\users\cbaker\appdata\roaming\Malwarebytes
2009-12-16 00:41:21 0 d-----w- c:\programdata\Malwarebytes
2009-12-12 23:20:45 132096 --sha-r- c:\windows\system32\KBDTH08.dll
2009-12-12 23:03:47 0 d-----w- c:\program files\delaydots
2009-12-09 13:23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 13:23:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 13:23:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 12:34:24 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-30 04:15:09 0 d-----w- c:\users\cbaker\dwhelper

==================== Find3M ====================

2009-12-26 01:30:21 13633568 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-25 05:36:33 6344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-25 05:36:33 1540128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 05:36:33 109660 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-22 00:25:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-22 00:25:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-22 00:25:01 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 17:36:15 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-15 17:36:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 11:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-07-04 22:41:20 22 --sha-w- c:\windows\sminst\HPCD.sys
2008-12-24 20:13:46 56 --sh--r- c:\windows\system32\7950857381.sys
2008-12-24 20:13:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:51:37.06 ===============
 
@almcneil

Whenever I go to that link, I get a different landing page. All say "Enigma Software" but contain nothing but ads. Is that one of the symptoms of the problem I'm having?
 
Shadowfax, I'd like to intervene here. Please stop running the random programs- give me a few minutes to look at your original logs and I will come back with instructions- okay?
 
No Andy, those are just screen shots of the different landing pages I got with your link. SoftwareByChuck is just my domain where I hosted the pictures.
 
Going by the first HijackThis log, I only see the Kaspersky AV running.

I note two entries for Norton Confidential: It originally was an identity protection program, but it is now incorporated into other Norton products. Symantec no longer support it as an identity tool.You should download the Norton Removal Tool HERE and save it to your desktop- don't run yet.

Please reopen HijackThis to 'do system scan only.' Check each of the following present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
For the following entry, if you have a tab or homepage set to open blank, leave the following entry. If not, check for removal.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O
Close all open Windows except HijackThis and click on "Fix Checked."


Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run the Norton Removal Tool

You were told to run the Eset scan prematurely and then the entries weren't resolved. And I don't that a scan for Confliker is indicated at this point:

Since the logs are basically clean with the exception of s few entries, since the problem still exists, please do this:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please attach the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
The delete the current logs you have for the Eset scan. Update and scan again and leave the log in your next reply. Don't copy and paste pieces of it, attach the entire Eset log.

We'll go from there. (and I'll have you remove the cleaning tools and old restore points)
 
Thanks, Bobbye. As it is getting kinda late here, I will follow your advice and post first thing tomorrow morning. Merry Christmas!
 
Bobbye said:
Andy, why are wanting to check for Conficker?
Click to expand...

I recently had a customer with the conficker work virus. One of the symptoms was IE redirecting. The Conficker Removal Tool from Enigma Software easily detects it so it's worth trying.

-- Andy
 
Andy, do you realize that every malware infections here is affecting the searches? It may be different malware infections. It may involve the router or a dozen other programs. But you're going to be a very busy bee if you start checking for Conficker on every system that is having the searches redirected!
 
Bobbye said:
Andy, do you realize that every malware infections here is affecting the searches? It may be different malware infections. It may involve the router or a dozen other programs. But you're going to be a very busy bee if you start checking for Conficker on every system that is having the searches redirected!
Click to expand...

Bobbye, as I explained, I recently had a customer with Conficker. One of it's symptoms is IE redirecting. It is a serious problem and requires a special removal tool. It is worth checking out when the person complains that their IE is redirecting.

-- Andy
 
Ok ... did all you outlined in your previous post. ESET took nearly 3 hours to run, but came up clean. Here's the combofix log:

ComboFix 09-12-25.04 - CBaker 12/26/2009 9:04.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2782 [GMT -7:00]
Running from: c:\users\CBaker\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2255871677-1105587672-4134356626-500
c:\$recycle.bin\S-1-5-21-2686051353-245676721-1022534712-500
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\users\CBaker\Documents\12202009.reg
c:\windows\system32\temp.bat
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\users\CBaker\AppData\Local\temp
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-25 18:03 . 2009-12-25 18:03 424 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
2009-12-25 18:03 . 2009-12-25 18:03 376 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
2009-12-25 18:03 . 2009-12-25 18:03 371 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
2009-12-25 18:03 . 2009-12-25 18:03 364 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
2009-12-25 18:03 . 2009-12-25 18:03 340 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
2009-12-25 18:03 . 2009-12-25 18:03 339 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
2009-12-25 03:02 . 2009-12-25 03:13 -------- d-----w- C:\UBCD4Win
2009-12-23 01:02 . 2009-12-23 01:02 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-23 01:02 . 2009-12-23 01:02 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-23 01:02 . 2009-12-23 01:02 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-23 01:02 . 2009-12-23 01:02 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-23 01:02 . 2009-12-23 01:02 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-23 01:02 . 2009-12-23 01:02 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-23 01:01 . 2009-12-23 01:01 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 01:00 . 2009-12-23 01:00 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-23 01:00 . 2009-12-23 01:00 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-23 01:00 . 2009-12-23 01:00 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-23 01:00 . 2009-12-23 01:00 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-23 01:00 . 2009-12-23 01:00 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-23 01:00 . 2009-12-23 01:00 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-23 00:27 . 2009-12-23 00:27 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-23 00:27 . 2009-12-23 00:27 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-23 00:27 . 2007-12-30 12:01 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-23 00:27 . 2009-12-23 00:27 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FEBE 7.0 dev\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
2009-12-22 17:46 . 2009-12-22 17:46 -------- d-----w- c:\program files\Alex Feinman
2009-12-22 04:00 . 2009-12-22 04:26 -------- d-----w- c:\users\CBaker\AppData\Roaming\Download Manager
2009-12-22 00:24 . 2009-12-17 22:02 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-12-22 00:24 . 2009-12-17 22:02 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-22 00:24 . 2009-12-22 00:24 -------- d-----w- c:\program files\Sun
2009-12-21 17:54 . 2009-11-02 18:37 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
2009-12-21 17:54 . 2009-12-21 17:54 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
2009-12-21 17:54 . 2009-12-21 17:54 424 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
2009-12-21 17:54 . 2009-12-21 17:54 364 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
2009-12-21 17:54 . 2009-09-03 06:37 371 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
2009-12-21 17:54 . 2009-09-03 06:37 339 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.FRAU\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
2009-12-20 17:48 . 2009-12-20 17:48 -------- d-----w- c:\users\CBaker\AppData\Local\Adobe
2009-12-20 01:20 . 2007-05-07 18:34 2707456 ----a-w- c:\users\CBaker\AppData\Roaming\Snapfish\BinCache\Core.dll
2009-12-19 22:09 . 2009-12-19 22:09 -------- d-----w- c:\program files\ESET
2009-12-19 21:14 . 2009-12-19 21:14 -------- d-----w- c:\program files\Trend Micro
2009-12-19 19:51 . 2009-12-26 15:41 52224 ----a-w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 01:53 . 2009-12-19 01:53 -------- d-----w- c:\users\CBaker\AppData\Local\Apple
2009-12-18 23:18 . 2009-10-22 20:04 55296 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.dll
2009-12-18 23:18 . 2009-12-15 21:27 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
2009-12-18 23:18 . 2009-12-05 14:22 13312 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-12-18 23:18 . 2009-10-22 20:04 258048 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\2iot7g74.Chuck(Fx3.5)\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\SDL.dll
2009-12-17 23:53 . 2009-11-02 18:37 376 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
2009-12-17 23:53 . 2009-11-02 18:37 340 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
2009-12-17 23:50 . 2009-11-02 18:37 424 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
2009-12-17 23:50 . 2009-09-03 06:37 371 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
2009-12-17 23:50 . 2009-09-03 06:37 339 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
2009-12-17 23:50 . 2009-11-02 20:44 364 ------w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\7h7x5z6r.CLbackup\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
2009-12-17 22:02 . 2009-12-17 22:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-17 22:02 . 2009-12-17 22:02 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2009-12-17 22:02 . 2009-12-17 22:02 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 22:02 . 2009-12-17 22:02 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 00:29 . 2009-12-20 03:18 117760 ----a-w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-17 00:29 . 2009-12-17 00:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-17 00:28 . 2009-12-17 00:28 -------- d-----w- c:\users\CBaker\AppData\Roaming\SUPERAntiSpyware.com
 
(cont.)

2009-12-17 00:22 . 2009-12-17 00:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 00:17 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 00:17 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 02:41 . 2009-12-19 19:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-16 02:31 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-16 01:00 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-16 00:58 . 2009-12-16 01:00 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-16 00:58 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-16 00:57 . 2009-12-16 01:00 -------- d-----w- c:\programdata\Lavasoft
2009-12-16 00:57 . 2009-12-16 00:57 -------- d-----w- c:\program files\Lavasoft
2009-12-16 00:41 . 2009-12-16 00:41 -------- d-----w- c:\users\CBaker\AppData\Roaming\Malwarebytes
2009-12-16 00:41 . 2009-12-16 00:41 -------- d-----w- c:\programdata\Malwarebytes
2009-12-12 23:20 . 2009-12-12 23:20 132096 --sha-r- c:\windows\system32\KBDTH08.dll
2009-12-12 23:03 . 2009-12-12 23:03 -------- d-----w- c:\program files\delaydots
2009-12-09 13:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 13:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 13:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 12:34 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 22:55 . 2009-12-07 22:55 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Thunderbird\Profiles\9fh66jdx.TEBE\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
2009-11-30 04:15 . 2009-11-30 04:34 -------- d-----w- c:\users\CBaker\dwhelper
2009-11-28 01:33 . 2009-11-28 01:33 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 15:57 . 2008-02-22 02:29 -------- d-----w- c:\programdata\Symantec
2009-12-26 15:51 . 2009-06-07 00:27 6344 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-26 15:51 . 2009-06-07 00:27 1540128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-26 15:51 . 2009-06-07 00:27 13640736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-26 15:51 . 2009-06-07 00:27 109744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-26 15:40 . 2009-06-07 00:27 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-25 23:13 . 2008-05-27 17:46 -------- d-----w- c:\programdata\Google Updater
2009-12-24 23:37 . 2008-09-06 02:25 14 ----a-w- c:\windows\popcinfo.dat
2009-12-24 18:55 . 2009-05-04 23:20 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-12-20 01:22 . 2008-02-22 02:28 -------- d-----w- c:\program files\Yahoo!
2009-12-20 01:20 . 2008-05-21 20:27 -------- d-----w- c:\users\CBaker\AppData\Roaming\Snapfish
2009-12-20 01:18 . 2009-04-06 00:19 -------- d-----w- c:\program files\PageBreeze
2009-12-20 01:16 . 2008-02-22 02:10 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-12-20 01:12 . 2009-03-17 17:45 -------- d-----w- c:\program files\GRETECH
2009-12-20 01:09 . 2009-03-21 00:46 -------- d-----w- c:\program files\Acro Software
2009-12-19 23:54 . 2008-05-27 17:46 -------- d-----w- c:\program files\Google
2009-11-24 22:19 . 2008-05-21 20:27 374184 ----a-w- c:\users\CBaker\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-23 13:40 . 2008-02-22 02:15 -------- d-----w- c:\program files\Java
2009-11-22 17:11 . 2009-11-22 17:11 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
2009-11-22 17:11 . 2009-11-22 17:11 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
2009-11-22 17:11 . 2009-11-22 17:11 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-11-22 17:11 . 2009-11-22 17:11 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-11-22 17:11 . 2009-11-22 17:11 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-11-22 17:11 . 2009-11-22 17:11 24576 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-11-22 17:11 . 2009-11-22 17:11 120832 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\eebhvdko.peptest\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-11-21 17:15 . 2009-11-21 17:15 24576 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-11-21 17:15 . 2009-11-21 17:15 120832 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-11-21 17:15 . 2009-11-21 17:15 90112 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-11-21 17:15 . 2009-11-21 17:15 57856 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
2009-11-21 17:15 . 2009-11-21 17:15 424 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\zip.bat
2009-11-21 17:15 . 2009-11-21 17:15 376 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\7zip.bat
2009-11-21 17:15 . 2009-11-21 17:15 371 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winrar.bat
2009-11-21 17:15 . 2009-11-21 17:15 364 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\wzcline.bat
2009-11-21 17:15 . 2009-11-21 17:15 340 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\cygzip.bat
2009-11-21 17:15 . 2009-11-21 17:15 339 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}\winzip.bat
2009-11-21 17:15 . 2009-11-21 17:15 307200 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-11-21 17:15 . 2009-11-21 17:15 172032 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-11-21 06:40 . 2009-12-09 12:35 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 12:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 12:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 12:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 18:03 . 2009-11-21 18:12 4233623 ----a-w- c:\users\CBaker\AppData\Roaming\Mozilla\Firefox\Profiles\vzd9j895.Ish\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\sample.exe
2009-11-15 17:36 . 2009-11-15 17:36 -------- d-----w- c:\program files\Windows Portable Devices
 
Status
Not open for further replies.

Similar threads

Daniel Sims
If you have any of these Android apps, uninstall them now
2
Replies
34
Views
2K
Rocky4040
Rocky4040
S
Inactive Malware created Win7 system processes I cannot end or delete
2
Replies
36
Views
5K
Broni
Broni
Cal Jeffrey
Fortnite cheaters got pwned by malware posing as an aimbot
Replies
6
Views
1K
davislane1
D

Latest posts

Back