Hi,
I just recently started having my searches redirected to odd sites using google or yahoo. It only redirects some searches and not others, there's no pattern. Also sometimes a new tab just automatically opens up in a new tab going to similar sites are the redirected searches. Also there's the odd times where a blue crash menu comes up and does a memory dump, then restarts the computer. I've ran every antivirus program I can think of including SuperAntispyware, Malwarebyte, Avast! Antispyware, SpyBot, Ad Adware and I still have the same problem! Please help!!
Oh and yes I do have access to a Windows Install Disc.
DDS (Ver_10-03-17.01) - NTFSx86
Run by BabieWho at 2:37:46.29 on 09/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.895.155 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BabieWho\Documents\Documents\Applications\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\users\babiewho\appdata\local\temp\E_S8FC2.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\babiewho\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-2 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-1-8 11264]
=============== Created Last 30 ================
2010-06-09 09:08:24 0 d-----w- C:\fixwareout
2010-06-09 08:56:20 0 d-----w- c:\program files\Trend Micro
2010-06-08 08:24:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 08:24:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 06:41:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 01:59:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-03 06:28:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-03 06:15:35 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-03 06:14:46 0 d-----w- c:\programdata\Lavasoft
2010-06-03 06:14:46 0 d-----w- c:\program files\Lavasoft
2010-06-02 23:08:27 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-02 23:06:23 0 d-----w- c:\programdata\Alwil Software
2010-06-02 07:48:55 0 d-----w- c:\users\babiewho\appdata\roaming\Malwarebytes
2010-06-02 07:48:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 07:48:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 07:32:48 0 d-----w- c:\users\babiewho\appdata\roaming\Little Noir Stories
2010-05-31 07:29:16 0 d-----w- c:\program files\Lisa's Fleet Flight
2010-05-30 08:02:12 0 d-----w- c:\users\babiewho\appdata\roaming\Mipony
2010-05-30 08:01:52 0 d-----w- c:\program files\mipony-plugin
2010-05-30 08:01:52 0 d-----w- c:\program files\Conduit
2010-05-28 07:17:26 0 d-----w- c:\users\babiewho\appdata\roaming\freshgames
2010-05-28 07:17:26 0 d-----w- c:\programdata\freshgames
2010-05-28 07:17:04 0 d-----w- C:\games
2010-05-26 05:12:01 0 d-----w- c:\users\babiewho\appdata\roaming\FFSJ
2010-05-25 21:55:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 08:54:26 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-21 08:54:26 77824 ----a-w- c:\windows\system32\xvid.ax
2010-05-21 08:54:26 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-21 08:54:26 0 d-----w- c:\program files\Xvid
2010-05-21 07:39:48 0 d-----w- c:\users\babiewho\Tracing
2010-05-21 06:57:17 0 d-----w- c:\program files\Microsoft
2010-05-21 06:56:53 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 05:50:41 0 d-----w- c:\program files\common files\Windows Live
2010-05-20 06:48:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-19 05:29:03 156655008 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 05:24:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 05:23:19 0 d-----w- c:\users\babiewho\appdata\roaming\Research In Motion
2010-05-19 05:22:13 26752 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-19 05:21:46 0 d-----w- c:\users\babiewho\appdata\roaming\Blackberry Desktop
2010-05-19 05:21:31 0 d-----w- c:\program files\common files\Research In Motion
2010-05-19 05:21:16 0 d-----w- c:\program files\Research In Motion
2010-05-19 02:34:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-05-19 02:26:40 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-05-19 02:26:40 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-05-19 02:26:40 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-05-19 02:26:40 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-19 02:24:40 69632 ----a-r- c:\windows\system32\trcde.ax
2010-05-17 09:13:30 0 d-----w- c:\users\babiewho\appdata\roaming\GamesCafe
2010-05-17 09:11:24 0 d-----w- c:\program files\Sally's Studio Collector's Edition
2010-05-17 09:07:18 0 d-----w- c:\program files\Fix IT Up World Tour
2010-05-17 09:04:23 0 d-----w- c:\program files\common files\SWF Studio
2010-05-17 07:12:22 0 d-----w- c:\users\babiewho\appdata\roaming\SUPERAntiSpyware.com
2010-05-17 07:12:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-17 03:21:12 49786 ----a-w- c:\users\babiewho\appdata\roaming\nvModes.dat
2010-05-17 03:11:22 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-17 01:53:49 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-16 07:05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-16 06:41:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-16 06:41:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-16 06:40:24 0 d-----w- c:\program files\iPod
2010-05-16 06:40:16 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-05-16 06:40:15 0 d-----w- c:\program files\iTunes
2010-05-16 06:38:35 0 d-----w- c:\program files\Bonjour
2010-05-16 06:37:21 0 d-----w- c:\programdata\Apple Computer
2010-05-16 06:35:00 0 d-----w- c:\programdata\Apple
2010-05-15 22:17:38 0 d-----w- c:\program files\BitTorrent
2010-05-15 22:13:21 0 d-----w- c:\users\babiewho\appdata\roaming\BitTorrent
2010-05-15 01:49:43 0 d-----w- c:\users\babiewho\appdata\roaming\LimeWire
2010-05-13 23:56:34 0 d-----w- c:\windows\system32\Wat
2010-05-12 22:54:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-12 22:53:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-12 06:33:06 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 07:33:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-10 23:17:49 0 d-----w- c:\programdata\EPSON
2010-05-10 23:08:05 76800 ----a-w- c:\windows\system32\E_FLBAEA.DLL
2010-05-10 23:08:03 62976 ----a-w- c:\windows\system32\E_FD4BAEA.DLL
2010-05-10 23:07:30 61952 ----a-w- c:\windows\system32\escwiad.dll
2010-05-10 10:04:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-10 10:02:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-10 10:02:56 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-10 10:02:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
==================== Find3M ====================
2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 05:35:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 2:40:04.95 ===============
I just recently started having my searches redirected to odd sites using google or yahoo. It only redirects some searches and not others, there's no pattern. Also sometimes a new tab just automatically opens up in a new tab going to similar sites are the redirected searches. Also there's the odd times where a blue crash menu comes up and does a memory dump, then restarts the computer. I've ran every antivirus program I can think of including SuperAntispyware, Malwarebyte, Avast! Antispyware, SpyBot, Ad Adware and I still have the same problem! Please help!!
Oh and yes I do have access to a Windows Install Disc.
DDS (Ver_10-03-17.01) - NTFSx86
Run by BabieWho at 2:37:46.29 on 09/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.895.155 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BabieWho\Documents\Documents\Applications\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\users\babiewho\appdata\local\temp\E_S8FC2.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\babiewho\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-2 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-1-8 11264]
=============== Created Last 30 ================
2010-06-09 09:08:24 0 d-----w- C:\fixwareout
2010-06-09 08:56:20 0 d-----w- c:\program files\Trend Micro
2010-06-08 08:24:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 08:24:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 06:41:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 01:59:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-03 06:28:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-03 06:15:35 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-03 06:14:46 0 d-----w- c:\programdata\Lavasoft
2010-06-03 06:14:46 0 d-----w- c:\program files\Lavasoft
2010-06-02 23:08:27 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-02 23:06:23 0 d-----w- c:\programdata\Alwil Software
2010-06-02 07:48:55 0 d-----w- c:\users\babiewho\appdata\roaming\Malwarebytes
2010-06-02 07:48:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 07:48:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 07:32:48 0 d-----w- c:\users\babiewho\appdata\roaming\Little Noir Stories
2010-05-31 07:29:16 0 d-----w- c:\program files\Lisa's Fleet Flight
2010-05-30 08:02:12 0 d-----w- c:\users\babiewho\appdata\roaming\Mipony
2010-05-30 08:01:52 0 d-----w- c:\program files\mipony-plugin
2010-05-30 08:01:52 0 d-----w- c:\program files\Conduit
2010-05-28 07:17:26 0 d-----w- c:\users\babiewho\appdata\roaming\freshgames
2010-05-28 07:17:26 0 d-----w- c:\programdata\freshgames
2010-05-28 07:17:04 0 d-----w- C:\games
2010-05-26 05:12:01 0 d-----w- c:\users\babiewho\appdata\roaming\FFSJ
2010-05-25 21:55:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 08:54:26 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-21 08:54:26 77824 ----a-w- c:\windows\system32\xvid.ax
2010-05-21 08:54:26 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-21 08:54:26 0 d-----w- c:\program files\Xvid
2010-05-21 07:39:48 0 d-----w- c:\users\babiewho\Tracing
2010-05-21 06:57:17 0 d-----w- c:\program files\Microsoft
2010-05-21 06:56:53 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 05:50:41 0 d-----w- c:\program files\common files\Windows Live
2010-05-20 06:48:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-19 05:29:03 156655008 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 05:24:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 05:23:19 0 d-----w- c:\users\babiewho\appdata\roaming\Research In Motion
2010-05-19 05:22:13 26752 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-19 05:21:46 0 d-----w- c:\users\babiewho\appdata\roaming\Blackberry Desktop
2010-05-19 05:21:31 0 d-----w- c:\program files\common files\Research In Motion
2010-05-19 05:21:16 0 d-----w- c:\program files\Research In Motion
2010-05-19 02:34:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-05-19 02:26:40 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-05-19 02:26:40 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-05-19 02:26:40 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-05-19 02:26:40 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-19 02:24:40 69632 ----a-r- c:\windows\system32\trcde.ax
2010-05-17 09:13:30 0 d-----w- c:\users\babiewho\appdata\roaming\GamesCafe
2010-05-17 09:11:24 0 d-----w- c:\program files\Sally's Studio Collector's Edition
2010-05-17 09:07:18 0 d-----w- c:\program files\Fix IT Up World Tour
2010-05-17 09:04:23 0 d-----w- c:\program files\common files\SWF Studio
2010-05-17 07:12:22 0 d-----w- c:\users\babiewho\appdata\roaming\SUPERAntiSpyware.com
2010-05-17 07:12:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-17 03:21:12 49786 ----a-w- c:\users\babiewho\appdata\roaming\nvModes.dat
2010-05-17 03:11:22 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-17 01:53:49 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-16 07:05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-16 06:41:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-16 06:41:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-16 06:40:24 0 d-----w- c:\program files\iPod
2010-05-16 06:40:16 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-05-16 06:40:15 0 d-----w- c:\program files\iTunes
2010-05-16 06:38:35 0 d-----w- c:\program files\Bonjour
2010-05-16 06:37:21 0 d-----w- c:\programdata\Apple Computer
2010-05-16 06:35:00 0 d-----w- c:\programdata\Apple
2010-05-15 22:17:38 0 d-----w- c:\program files\BitTorrent
2010-05-15 22:13:21 0 d-----w- c:\users\babiewho\appdata\roaming\BitTorrent
2010-05-15 01:49:43 0 d-----w- c:\users\babiewho\appdata\roaming\LimeWire
2010-05-13 23:56:34 0 d-----w- c:\windows\system32\Wat
2010-05-12 22:54:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-12 22:53:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-12 06:33:06 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 07:33:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-10 23:17:49 0 d-----w- c:\programdata\EPSON
2010-05-10 23:08:05 76800 ----a-w- c:\windows\system32\E_FLBAEA.DLL
2010-05-10 23:08:03 62976 ----a-w- c:\windows\system32\E_FD4BAEA.DLL
2010-05-10 23:07:30 61952 ----a-w- c:\windows\system32\escwiad.dll
2010-05-10 10:04:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-10 10:02:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-10 10:02:56 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-10 10:02:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
==================== Find3M ====================
2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 05:35:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 2:40:04.95 ===============