Hi

I wonder if you can help.

Recently firefox has been re-directing itself to advertising websites. For example, if I type in bbc in Google and within the results page I click on the bbc link it will get re-directed to some other website. This is happening alot. Sometimes it will go to the correct website but only after multiple attempts.

I performed a scan with Avira AntiVir and it found nothing.

However the results of a Spybot Search & Destory search was Virtumonde.prx.

I have perfomed various scans in safe and normal mode using Malwarebytes, Spybot, AVG but the laptop still appears infected as I am still being re-directed in firefox.

Can you help please? I have attached the DDS.txt and Attach.txt logs below.

Many Thanks

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Yousra at 2:52:51 on 2011-07-30
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.366 [GMT 1:00]
.
AV: PC Tools AntiVirus 4.0.0.26 *Enabled/Updated* {832E7172-E406-4BB2-8B19-6D29F2C93A98}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uSearch Bar =
uDefault_Page_URL = hxxp://google-s.alltalkspectrum.net
mDefault_Page_URL = hxxp://google-s.alltalkspectrum.net
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uInternet Connection Wizard,ShellNext = hxxp://www.virgin.net/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [CTF Loader] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\yousra\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &Search - ?p=ZB
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6BAB535F-3796-4AE6-9754-1ED50AE91F18} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E79AB697-1579-4D47-806E-9CAB8F86662D} : DhcpNameServer = 192.168.11.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\yousra\application data\mozilla\firefox\profiles\bjoocx0m.newprofile\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ForceField Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
FF - Ext: XULRunner: {3A8E1CF6-315C-4826-9F1D-BA82CF238169} - c:\documents and settings\yousra\local settings\application data\{3A8E1CF6-315C-4826-9F1D-

BA82CF238169}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-10-31 128016]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-29 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-26 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-31 317072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-2-27 8576]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-31 486280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-26 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-26 269480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-26 66616]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-28 366640]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-28 22712]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys --> c:\windows\system32\drivers\avera800.sys [?]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 35448]
S3 PCTAVSvc;PC Tools AntiVirus Engine;"c:\program files\pc tools antivirus\pctavsvc.exe" --> c:\program files\pc tools antivirus\PCTAVSvc.exe [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2006-8-24 163840]
S4 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
.
=============== Created Last 30 ================
.
2011-07-29 03:38:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-29 03:38:28 -------- d-----w- c:\program files\Lavasoft
2011-07-29 03:36:28 388096 ----a-r- c:\documents and settings\yousra\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}

\HiJackThis.exe
2011-07-29 03:36:26 -------- d-----w- c:\program files\Trend Micro
2011-07-29 03:26:59 -------- d-----w- c:\documents and settings\yousra\application data\AVG10
2011-07-29 03:21:50 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-29 03:21:49 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-07-29 03:20:20 -------- d-----w- c:\program files\AVG
2011-07-29 03:16:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-29 03:15:21 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-29 03:07:53 -------- d-----w- c:\program files\SpywareBlaster
2011-07-29 03:04:41 -------- d-----w- c:\documents and settings\yousra\application data\SUPERAntiSpyware.com
2011-07-29 03:04:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-29 03:04:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-28 19:50:08 -------- d-----w- c:\program files\BillP Studios
2011-07-28 19:50:07 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-07-28 13:23:11 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-07-28 11:24:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 11:24:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 11:24:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 09:19:37 -------- d-----w- C:\VundoFix Backups
2011-07-27 18:29:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-27 16:40:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-07-27 16:39:21 -------- d-----w- c:\program files\common files\xing shared
2011-07-27 16:38:43 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-07-27 16:38:10 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-07-26 18:16:58 -------- d-----w- c:\documents and settings\yousra\application data\Avira
2011-07-26 15:07:50 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 15:07:47 -------- d-----w- c:\program files\Avira
2011-07-26 15:07:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-07-25 23:21:36 -------- d-----w- c:\documents and settings\yousra\local settings\application data\{3A8E1CF6-315C-4826-9F1D-

BA82CF238169}
2011-07-24 02:29:51 -------- d-----w- c:\documents and settings\yousra\application data\Malwarebytes
2011-07-24 02:10:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-24 02:10:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 01:58:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-23 18:54:42 0 ----a-w- c:\windows\Eqiqoyinebago.bin
2011-07-23 18:52:26 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-07-23 18:52:22 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-07-23 18:18:57 -------- d-----w- c:\documents and settings\yousra\application data\DAEMON Tools Lite
2011-07-23 18:18:57 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
.
==================== Find3M ====================
.
2011-07-27 16:37:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-27 16:37:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2006-12-29 19:22:43 75152 ----a-w- c:\program files\common files\infozip.exe
.
============= FINISH: 2:56:09.28 ===============