1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Newly reformatted but i have redirectors already.

Discussion in 'Virus & Other Malware Removal' started by boydphoto, Apr 10, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. boydphoto

    boydphoto Thread Starter

    Joined:
    Nov 25, 2005
    Messages:
    601
    First Name:
    boyd
    i ran a recovery disk last night on my hp g62 laptop (reformat). i have visited NO suspicious websites. yet sometimes i can hardly get to the site i'm trying to reach, as i keep getting other sites i've never heard of and definitely don't want.

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , 64 bit
    Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 2810 Mb
    Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250 , 256 Mb
    Hard Drives: C: Total - 288256 MB, Free - 254728 MB; D: Total - 16683 MB, Free - 2407 MB;
    Motherboard: Hewlett-Packard, 1444, 69.26, P X210 01 1Z ZN QZ6
    Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled

    thank you, boyd.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  3. boydphoto

    boydphoto Thread Starter

    Joined:
    Nov 25, 2005
    Messages:
    601
    First Name:
    boyd
    hi. i ran hijack this, but i can't save the log file. it won't highlight and there's no save option. ? thanks, boyd.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    run DDS then as you were asked to
     
  5. boydphoto

    boydphoto Thread Starter

    Joined:
    Nov 25, 2005
    Messages:
    601
    First Name:
    boyd
    ok, here are the first two i am able to do:


    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by boydphoto at 16:15:53.57 on Tue 04/12/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1508 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\boydphoto\Downloads\dds.com
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.ask.com/
    mWinlogon: Userinit=userinit.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    mRun-x64: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\BOYDPH~1\AppData\Roaming\Mozilla\Firefox\Profiles\wa9kawwz.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-4-9 69376]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-4-9 450608]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-4-9 802864]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-9 1124472]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110411.001\IDSviA64.sys [2011-4-11 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-4-9 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-4-9 382072]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-9 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-9 202752]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-1 1753048]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-4-9 130000]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2011-4-9 6403072]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-4-9 188928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-9 347680]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-9 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-4-9 132656]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-4-1 17152]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-9 245792]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-10 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2011-04-12 22:28:44 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-12 22:28:32 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-04-12 18:07:25 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
    2011-04-12 16:10:03 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Diagnostics
    2011-04-12 13:14:21 -------- d-----w- C:\PROGRA~3\Recovery
    2011-04-12 02:21:37 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Symantec
    2011-04-11 17:05:53 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
    2011-04-11 16:56:35 -------- d-----w- C:\PROGRA~3\ALM
    2011-04-11 16:51:30 -------- d-----w- C:\Users\boydphoto\Adobe Flash Builder 4
    2011-04-11 12:13:49 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Adobe
    2011-04-11 01:33:04 -------- d-----w- C:\Users\BOYDPH~1\AppData\Roaming\Tific
    2011-04-11 00:34:24 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Eraser 6
    2011-04-11 00:25:46 -------- d-----w- C:\Program Files\Eraser
    2011-04-10 20:17:44 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\NPE
    2011-04-10 17:29:24 -------- d-----w- C:\dd1a23a2b553cc29af23aa071bb6
    2011-04-10 15:00:25 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-10 15:00:11 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-04-10 14:59:58 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-04-10 14:59:55 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-10 14:26:50 388096 ----a-r- C:\Users\BOYDPH~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-10 14:26:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-04-10 13:43:04 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-04-10 13:24:31 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-04-10 13:24:31 -------- d-----w- C:\Windows\System32\Wat
    2011-04-10 13:19:07 -------- d-----w- C:\Users\BOYDPH~1\AppData\Roaming\Malwarebytes
    2011-04-10 13:19:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-10 13:18:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-04-10 13:18:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-04-10 13:18:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-04-10 13:08:45 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-04-10 13:08:45 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-04-10 12:56:00 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-04-10 12:56:00 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-04-10 12:56:00 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-04-10 12:56:00 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-04-10 12:56:00 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-04-10 12:56:00 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-04-10 12:56:00 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-04-10 12:56:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-04-10 12:56:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-04-10 12:56:00 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-04-10 12:52:47 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-04-10 12:52:47 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2011-04-10 12:12:58 552960 ----a-w- C:\Windows\System32\msdri.dll
    2011-04-10 12:11:58 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2011-04-10 02:19:33 -------- d-----w- C:\Program Files (x86)\FreeTime
    2011-04-10 00:42:03 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2011-04-09 22:20:16 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-04-09 22:20:11 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-04-09 22:13:38 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Sunbelt Software
    2011-04-09 22:12:02 -------- dc-h--w- C:\PROGRA~3\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
    2011-04-09 22:11:53 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-04-09 21:32:21 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-04-09 21:26:48 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
    2011-04-09 21:26:48 450608 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys
    2011-04-09 21:26:48 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
    2011-04-09 21:26:47 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
    2011-04-09 21:26:47 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
    2011-04-09 21:26:47 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
    2011-04-09 21:26:40 -------- d-----w- C:\Windows\System32\drivers\NISx64\1205000.07D
    2011-04-09 21:11:07 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\ATI
    2011-04-09 21:10:24 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-04-09 21:10:24 -------- d-----w- C:\Program Files\Symantec
    2011-04-09 21:10:24 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-04-09 21:10:07 -------- d-----w- C:\Users\BOYDPH~1\AppData\Roaming\hpqLog
    2011-04-09 21:09:40 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\VirtualStore
    2011-04-09 21:09:00 -------- d-----w- C:\Users\BOYDPH~1\AppData\Local\Hewlett-Packard
    2011-04-09 20:41:12 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-04-09 20:41:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-04-09 20:39:22 -------- d-----w- C:\Windows\ehome
    2011-04-09 20:09:48 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcBAC6.tmp
    2011-04-09 20:08:51 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2011-04-09 20:03:57 -------- d-----w- C:\Program Files (x86)\HP Games
    2011-04-09 20:03:55 -------- d-----w- C:\PROGRA~3\WildTangent
    2011-04-09 20:02:06 -------- d-----w- C:\Windows\System32\drivers\NISx64
    2011-04-09 20:02:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
    2011-04-09 20:02:02 -------- d-----w- C:\PROGRA~3\Norton
    2011-04-09 20:01:32 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-04-09 20:01:32 -------- d-----w- C:\PROGRA~3\NortonInstaller
    2011-04-09 20:01:14 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
    2011-04-09 20:00:04 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-04-09 19:59:49 -------- d-----w- C:\PROGRA~3\Uninstall
    2011-04-09 19:59:40 -------- d-----w- C:\PROGRA~3\CinemaNow
    2011-04-09 19:59:38 -------- d-----w- C:\Program Files (x86)\CinemaNow
    2011-04-09 19:59:32 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
    2011-04-09 19:51:48 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-04-09 19:50:58 -------- d-----w- C:\Windows\Hewlett-Packard
    2011-04-09 19:50:11 60416 ----a-w- C:\Windows\System32\athihvui.dll
    2011-04-09 19:50:11 439808 ----a-w- C:\Windows\System32\athihvs.dll
    2011-04-09 19:50:11 1594368 ----a-w- C:\Windows\System32\drivers\athrx.sys
    2011-04-09 19:50:11 -------- d-----w- C:\Windows\System32\nn-NO
    2011-04-09 19:50:03 904704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll
    2011-04-09 19:50:03 -------- d-----w- C:\Program Files (x86)\Cisco
    2011-04-09 19:50:03 -------- d-----w- C:\Program Files (x86)\Atheros
    2011-04-09 19:49:37 -------- d-----w- C:\PROGRA~3\Atheros
    2011-04-09 19:47:48 -------- d-----w- C:\Program Files\Synaptics
    2011-04-09 19:46:13 -------- d-----w- C:\Program Files\ATI
    2011-04-09 19:46:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    .
    ==================== Find3M ====================
    .
    2011-04-09 20:00:00 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-04-09 19:59:59 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-02-03 04:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-04 08:40:52 40007914 ----a-w- C:\Program Files (x86)\FFSetup260.exe
    .
    ============= FINISH: 16:16:30.41 ===============
     

    Attached Files:

  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
  7. boydphoto

    boydphoto Thread Starter

    Joined:
    Nov 25, 2005
    Messages:
    601
    First Name:
    boyd
    DVK, thank you so much for the help. i'm glad there's nothing on my computer now. thanks again, boyd.
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    did changing router DNS cure it or are you still having problems
     
  9. boydphoto

    boydphoto Thread Starter

    Joined:
    Nov 25, 2005
    Messages:
    601
    First Name:
    boyd
    hi, dvk. it seems to have done the trick; i have had no re-directions since then. thank you for all your help.
    boyd
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/990704

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice