Jump to content

Browser Redirect


Recommended Posts

Hey, I have gotten the apparently very popular browser redirect virus. At first it wasnt a big deal since it only would change a search entry every once in awhile. However now it does it for almost every single entry in every search engine I have used. I cant seem to figure out how to get rid of it or what is causing this so any help would be greatly appreciated.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7367

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

8/3/2011 10:52:30 PM

mbam-log-2011-08-03 (22-52-30).txt

Scan type: Quick scan

Objects scanned: 172783

Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I put both scans in one post, hope that is ok.

____________________________________

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7390

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

8/5/2011 7:33:06 PM

mbam-log-2011-08-05 (19-33-06).txt

Scan type: Quick scan

Objects scanned: 173663

Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

___________________________________________________

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Keith at 19:35:19 on 2011-08-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3322.2375 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Ati2evxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\cmstplua32.exe

C:\Windows\system32\STacSV.exe

C:\ProgramData\atitmmxx32.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Tablet.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\SCIROCCO\SCIROCCO Take a Break\TakeABreak.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [TakeABreak] c:\program files\scirocco\scirocco take a break\TakeABreak.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\keith\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\keith\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{289A2F29-257A-40FB-80F1-5151E4A4003B} : DhcpNameServer = 97.64.183.164 97.64.209.37

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\4ix159ub.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57717

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: XUL Cache: {87781d77-fe84-4dba-864a-651f70212366} - %profile%\extensions\{87781d77-fe84-4dba-864a-651f70212366}

.

============= SERVICES / DRIVERS ===============

.

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-4-23 21504]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]

R2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\cmstplua32.exe [2011-7-23 802816]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-4-1 20448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-06 00:25:13 517 --sha-w- c:\programdata\atipdlxx32.dll

2011-08-06 00:19:37 -------- d-----w- c:\windows\system32\custom matrices

2011-08-06 00:19:36 -------- d-----w- c:\windows\system32\QuickTime

2011-08-06 00:19:36 -------- d-----w- c:\windows\system32\C2MP

2011-08-05 21:56:18 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{722ae9a3-cc74-49cc-afee-9bfc721c8428}\mpengine.dll

2011-08-05 21:52:13 -------- d-----w- c:\users\keith\appdata\local\{6585B3E9-59E4-494C-B7E3-E2C83DFA2A37}

2011-08-05 21:51:45 -------- d-----w- c:\users\keith\appdata\local\{915E06BE-CE92-4D68-B7BA-6D5492E65F79}

2011-08-05 08:20:57 517 --sha-w- c:\programdata\kbd10632.dll

2011-08-05 07:02:02 517 --sha-w- c:\programdata\polstore32.dll

2011-08-05 06:01:19 517 --sha-w- c:\programdata\KBDTIPRC32.dll

2011-08-05 05:00:37 517 --sha-w- c:\programdata\shfolder32.dll

2011-08-05 03:02:53 517 --sha-w- c:\programdata\KBDNEPR32.dll

2011-08-05 02:02:10 517 --sha-w- c:\programdata\NlsLexicons003e32.dll

2011-08-05 00:03:49 517 --sha-w- c:\programdata\D3DCompiler_4132.dll

2011-08-04 23:56:27 -------- d-----w- c:\program files\Coupons

2011-08-04 20:57:27 517 --sha-w- c:\programdata\PhotoMetadataHandler32.dll

2011-08-04 19:57:47 -------- d-----w- c:\users\keith\appdata\local\{EFAFA315-CAB4-4915-BE12-62C3E0DE4957}

2011-08-04 19:57:16 -------- d-----w- c:\users\keith\appdata\local\{F58B5BFC-9EE1-4C55-BF6D-911CF2BAB2D0}

2011-08-04 03:58:14 517 --sha-w- c:\programdata\FDResPub32.dll

2011-08-04 02:33:01 -------- d-----w- c:\program files\CamStudio

2011-08-04 01:47:23 517 --sha-w- c:\programdata\KBDA132.dll

2011-08-04 00:14:52 517 --sha-w- c:\programdata\puiobj32.dll

2011-08-03 22:33:38 517 --sha-w- c:\programdata\d3d8thk32.dll

2011-08-03 21:50:43 -------- d-----w- c:\users\keith\appdata\local\{C2E32C45-FBB2-4C1D-B803-22FF5CBC87FB}

2011-08-03 21:50:25 -------- d-----w- c:\users\keith\appdata\local\{AE35A68A-952E-4106-A41E-C6DB6CC9C17A}

2011-08-03 20:07:59 517 --sha-w- c:\programdata\PNPXAssoc32.dll

2011-08-03 19:06:54 517 --sha-w- c:\programdata\shsvcs32.dll

2011-08-03 17:42:41 517 --sha-w- c:\programdata\neth32.dll

2011-08-03 16:40:10 517 --sha-w- c:\programdata\wshext32.dll

2011-08-03 15:36:44 517 --sha-w- c:\programdata\iscsium32.dll

2011-08-03 12:55:10 517 --sha-w- c:\programdata\ddrawex32.dll

2011-08-03 11:54:27 517 --sha-w- c:\programdata\msaatext32.dll

2011-08-03 10:53:45 517 --sha-w- c:\programdata\ATIDEMGX32.dll

2011-08-03 09:53:03 517 --sha-w- c:\programdata\pstorec32.dll

2011-08-03 08:52:21 517 --sha-w- c:\programdata\sbeio32.dll

2011-08-03 07:51:39 517 --sha-w- c:\programdata\KBDGR132.dll

2011-08-03 06:50:57 517 --sha-w- c:\programdata\wiascanprofiles32.dll

2011-08-03 04:49:52 517 --sha-w- c:\programdata\KBDURDU32.dll

2011-08-03 03:49:06 517 --sha-w- c:\programdata\KBDSP32.dll

2011-08-03 02:48:23 517 --sha-w- c:\programdata\XPSSHHDR32.dll

2011-08-03 00:57:26 517 --sha-w- c:\programdata\objsel32.dll

2011-08-02 21:50:51 -------- d-----w- c:\users\keith\appdata\local\{A4766456-AE7D-4068-861B-30B3F4646877}

2011-08-02 21:50:34 -------- d-----w- c:\users\keith\appdata\local\{DC2976D9-B044-4077-A813-7A6EB3370922}

2011-08-02 11:33:23 517 --sha-w- c:\programdata\wucltux32.dll

2011-08-02 07:31:14 517 --sha-w- c:\programdata\azroles32.dll

2011-08-02 06:30:49 -------- d-----w- c:\users\keith\appdata\local\{4EFC0700-FFD0-4171-909A-3259D2634752}

2011-08-02 05:45:31 517 --sha-w- c:\programdata\cmicryptinstall32.dll

2011-08-02 04:44:48 517 --sha-w- c:\programdata\WMALFXGFXDSP32.dll

2011-08-02 03:44:06 517 --sha-w- c:\programdata\sstpsvc32.dll

2011-08-02 02:43:24 517 --sha-w- c:\programdata\CompatUI32.dll

2011-08-02 01:42:42 517 --sha-w- c:\programdata\dmsynth32.dll

2011-08-02 00:42:00 517 --sha-w- c:\programdata\AuthFWGP32.dll

2011-08-01 23:41:17 517 --sha-w- c:\programdata\WlanMmHC32.dll

2011-08-01 08:57:39 517 --sha-w- c:\programdata\KBDIULAT32.dll

2011-08-01 07:56:35 517 --sha-w- c:\programdata\NlsLexicons000232.dll

2011-08-01 06:56:14 517 --sha-w- c:\programdata\mciwave32.dll

2011-08-01 05:55:52 -------- d-----w- c:\users\keith\appdata\local\{850ADC90-F3DE-48BF-B1A2-58FB0E9988AF}

2011-08-01 05:38:13 517 --sha-w- c:\programdata\drmmgrtn32.dll

2011-08-01 03:41:36 517 --sha-w- c:\programdata\colorui32.dll

2011-08-01 02:20:35 517 --sha-w- c:\programdata\icfupgd32.dll

2011-08-01 01:20:14 517 --sha-w- c:\programdata\QUTIL32.dll

2011-08-01 00:19:53 517 --sha-w- c:\programdata\msutb32.dll

2011-07-31 23:19:32 517 --sha-w- c:\programdata\dmcompos32.dll

2011-07-31 22:19:11 517 --sha-w- c:\programdata\spwinsat32.dll

2011-07-31 21:18:50 517 --sha-w- c:\programdata\drprov32.dll

2011-07-31 19:30:57 517 --sha-w- c:\programdata\rgb9rast32.dll

2011-07-31 18:47:46 3577856 ----a-w- c:\windows\system32\ffdshow.ax

2011-07-31 18:31:38 3854848 ----a-w- c:\windows\system32\ffmpeg.dll

2011-07-31 18:29:45 517 --sha-w- c:\programdata\IPBusEnum32.dll

2011-07-31 17:29:24 517 --sha-w- c:\programdata\icardie32.dll

2011-07-31 16:29:24 -------- d-----w- c:\users\keith\appdata\local\{81BF9937-9AA8-4020-A8BF-FB8A69716016}

2011-07-30 23:08:19 517 --sha-w- c:\programdata\xactsrv32.dll

2011-07-30 22:07:53 517 --sha-w- c:\programdata\jscript32.dll

2011-07-30 21:07:19 517 --sha-w- c:\programdata\pmspl32.dll

2011-07-30 20:04:23 517 --sha-w- c:\programdata\sfc_os32.dll

2011-07-30 17:30:08 517 --sha-w- c:\programdata\wiaaut32.dll

2011-07-30 16:29:45 517 --sha-w- c:\programdata\KBDMAORI32.dll

2011-07-30 15:29:20 517 --sha-w- c:\programdata\NlsLexicons002632.dll

2011-07-30 14:25:11 -------- d-----w- c:\users\keith\appdata\local\{E86BEFD5-5C23-457F-890F-FDD6638C67D1}

2011-07-30 09:23:02 517 --sha-w- c:\programdata\wshqos32.dll

2011-07-30 08:22:40 517 --sha-w- c:\programdata\deskmon32.dll

2011-07-30 07:22:19 517 --sha-w- c:\programdata\msasn132.dll

2011-07-30 05:21:37 517 --sha-w- c:\programdata\scansetting32.dll

2011-07-30 04:21:16 517 --sha-w- c:\programdata\KBDHE31932.dll

2011-07-30 03:20:55 517 --sha-w- c:\programdata\wiavideo32.dll

2011-07-30 02:20:34 517 --sha-w- c:\programdata\jdns_sd32.dll

2011-07-30 00:19:50 517 --sha-w- c:\programdata\WUDFCoinstaller32.dll

2011-07-29 23:19:25 517 --sha-w- c:\programdata\xpssvcs32.dll

2011-07-29 19:41:15 517 --sha-w- c:\programdata\occache32.dll

2011-07-29 18:41:25 -------- d-----w- c:\users\keith\appdata\local\{EAE55BD3-69B9-449B-84EF-2F7356263EA1}

2011-07-29 04:47:07 517 --sha-w- c:\programdata\KBDSW32.dll

2011-07-29 01:45:51 517 --sha-w- c:\programdata\basecsp32.dll

2011-07-29 00:45:30 517 --sha-w- c:\programdata\cmipnpinstall32.dll

2011-07-28 23:45:09 517 --sha-w- c:\programdata\wmdmlog32.dll

2011-07-28 20:35:20 517 --sha-w- c:\programdata\stclient32.dll

2011-07-28 19:19:12 517 --sha-w- c:\programdata\comres32.dll

2011-07-28 18:23:21 -------- d-----w- c:\users\keith\appdata\local\{CB64D342-917D-45B3-8B65-026166E58023}

2011-07-28 06:51:19 517 --sha-w- c:\programdata\dnsapi32.dll

2011-07-28 05:47:48 517 --sha-w- c:\programdata\authui32.dll

2011-07-28 04:46:24 517 --sha-w- c:\programdata\wlanpref32.dll

2011-07-28 03:46:03 517 --sha-w- c:\programdata\KBDKAZ32.dll

2011-07-28 02:45:31 517 --sha-w- c:\programdata\NlsLexicons000332.dll

2011-07-28 01:45:09 517 --sha-w- c:\programdata\Mcx2Svc32.dll

2011-07-28 00:44:48 517 --sha-w- c:\programdata\drmv2clt32.dll

2011-07-27 21:21:59 517 --sha-w- c:\programdata\comcat32.dll

2011-07-27 20:21:20 517 --sha-w- c:\programdata\icmui32.dll

2011-07-27 19:20:59 517 --sha-w- c:\programdata\radardt32.dll

2011-07-27 18:20:38 517 --sha-w- c:\programdata\spwizres32.dll

2011-07-27 17:20:16 517 --sha-w- c:\programdata\ds32gt32.dll

2011-07-27 05:38:01 517 --sha-w- c:\programdata\msvcp7132.dll

2011-07-27 04:37:40 517 --sha-w- c:\programdata\dmdskres232.dll

2011-07-27 01:36:37 517 --sha-w- c:\programdata\riched3232.dll

2011-07-27 00:36:16 517 --sha-w- c:\programdata\IPBusEnumProxy32.dll

2011-07-26 23:35:54 517 --sha-w- c:\programdata\atiumdag32.dll

2011-07-26 22:35:33 517 --sha-w- c:\programdata\icardres32.dll

2011-07-26 21:17:41 517 --sha-w- c:\programdata\xmlprovi32.dll

2011-07-26 20:06:57 517 --sha-w- c:\programdata\catsrvut32.dll

2011-07-26 19:06:36 517 --sha-w- c:\programdata\kbd101a32.dll

2011-07-26 16:42:19 517 --sha-w- c:\programdata\pnpui32.dll

2011-07-26 05:40:02 517 --sha-w- c:\programdata\KBDTH232.dll

2011-07-26 04:39:40 517 --sha-w- c:\programdata\SHELL32.dll

2011-07-26 03:39:12 802816 ----a-w- c:\programdata\atitmmxx32.exe

2011-07-26 03:36:01 -------- d-----w- c:\users\keith\appdata\local\temp

2011-07-26 03:29:56 -------- d-----w- C:\$RECYCLE.BIN

2011-07-26 03:18:22 98816 ----a-w- c:\windows\sed.exe

2011-07-26 03:18:22 518144 ----a-w- c:\windows\SWREG.exe

2011-07-26 03:18:22 256000 ----a-w- c:\windows\PEV.exe

2011-07-26 03:18:22 208896 ----a-w- c:\windows\MBR.exe

2011-07-26 02:46:23 517 --sha-w- c:\programdata\wiadss32.dll

2011-07-26 01:46:01 517 --sha-w- c:\programdata\KBDNE32.dll

2011-07-26 00:45:40 517 --sha-w- c:\programdata\NlsLexicons002a32.dll

2011-07-25 21:22:44 517 --sha-w- c:\programdata\d3d932.dll

2011-07-25 20:22:23 517 --sha-w- c:\programdata\perfnet32.dll

2011-07-25 19:22:00 517 --sha-w- c:\programdata\fdPHost32.dll

2011-07-25 15:22:52 -------- d-----w- c:\users\keith\appdata\local\{15D77F8C-1A69-496B-847E-D7F7F8098479}

2011-07-24 23:26:48 517 --sha-w- c:\programdata\d3d832.dll

2011-07-24 21:04:46 517 --sha-w- c:\programdata\pdhui32.dll

2011-07-24 20:03:20 517 --sha-w- c:\programdata\fde32.dll

2011-07-24 19:02:55 517 --sha-w- c:\programdata\atitmmxx32.dll

2011-07-24 18:03:07 -------- d-----w- c:\users\keith\appdata\local\{4EFCC0CF-94C2-4898-A7AF-1EFD7A420888}

2011-07-24 10:16:44 517 --sha-w- c:\programdata\CardGames32.dll

2011-07-24 06:23:21 517 --sha-w- c:\programdata\KBDTH032.dll

2011-07-23 19:27:39 -------- d-----w- c:\users\keith\appdata\local\{1F18A157-808C-4B40-A728-CFB865955E1F}

2011-07-23 17:22:33 802816 ----a-w- c:\windows\system32\cmstplua32.exe

2011-07-22 14:17:52 -------- d-----w- c:\users\keith\appdata\local\{9B431B62-29DF-4B27-B3FE-42787A47E02C}

2011-07-21 11:18:32 -------- d-----w- c:\users\keith\appdata\local\{49152100-8C1E-4176-8356-76D43DCB9330}

2011-07-20 09:40:12 -------- d-----w- c:\users\keith\appdata\local\{DBED6AFB-8D7C-4C1B-90CF-C0CE6E8F11A0}

2011-07-19 19:08:04 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-19 19:06:48 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-07-19 19:06:36 158208 ----a-w- c:\windows\system32\ff_unrar.dll

2011-07-19 19:06:34 96768 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-07-19 19:06:34 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-07-19 19:06:32 145920 ----a-w- c:\windows\system32\ff_libmad.dll

2011-07-19 19:06:30 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-07-19 19:06:30 113664 ----a-w- c:\windows\system32\ff_liba52.dll

2011-07-19 19:06:28 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-07-19 19:06:28 211456 ----a-w- c:\windows\system32\ff_libdts.dll

2011-07-19 03:49:20 -------- d-----w- c:\users\keith\appdata\local\{CECCC877-ACF5-4896-96E5-E1C1317D9944}

2011-07-18 09:40:32 -------- d-----w- c:\users\keith\appdata\local\{1B2C6AC4-B4D0-451A-A4C8-29016176C8CC}

2011-07-17 13:15:21 -------- d-----w- c:\program files\SpeedFan

2011-07-17 05:27:07 -------- d-----w- c:\users\keith\appdata\local\{9ED84668-E442-4C64-91B4-D4CA2F9F0BA4}

2011-07-16 01:32:01 -------- d-----w- c:\users\keith\appdata\local\{653DA141-39C8-48BE-9FAC-0B3AD43C5ABE}

2011-07-15 02:56:35 -------- d-----w- c:\users\keith\appdata\local\{E0E4A5BA-7D84-4F70-BC16-FC93CA8765DB}

2011-07-14 03:16:41 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 03:16:33 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-14 03:16:33 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 01:30:47 -------- d-----w- c:\users\keith\appdata\local\{060DF32F-6A1B-454F-94D7-A94C120BA824}

2011-07-12 08:19:04 -------- d-----w- c:\program files\ffdshow

2011-07-11 22:36:35 -------- d-----w- c:\users\keith\appdata\local\{E1FDB1AF-11AC-4C94-8A05-DFB19E989F9A}

2011-07-10 23:45:29 -------- d-----w- c:\users\keith\appdata\local\{59623107-9CED-4BAA-9B3B-AAFC45A9C824}

2011-07-09 14:35:57 -------- d-----w- c:\users\keith\appdata\local\{FA816468-E6AF-4110-AC90-87988C1C48D8}

2011-07-07 23:35:20 -------- d-----w- c:\users\keith\appdata\local\{AA260132-1E43-472A-B69F-91F703AA5E56}

.

==================== Find3M ====================

.

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-30 13:42:50 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-23 07:46:30 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-05-13 21:03:34 49016 ----a-w- c:\windows\system32\sirenacm.dll

.

============= FINISH: 19:36:04.47 ===============

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.