Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Codeguy007

Codeguy007

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 25 April 2009 - 10:05 AM

My google search results are being redirected to some wierd sites the first and second time clicking on link.

DDS (Ver_09-03-16.01) - NTFSx86
Run by mark at 11:00:16.85 on 25/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1326 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\March Hare CM Suite Trial\EvsManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =

https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
mWinlogon: System=c:\windows\system32\svcnost.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7BC6B793-BBAA-4EED-9E56-8CBFA6F5BB03} - No File
BHO: {910324CA-D46A-4DBE-A7F2-3CFAFFB1BC2C} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [HydraVisionViewPort] c:\program files\ati technologies\ati hydravision\HydraMD.exe
mRun: [svchost.exe] c:\windows\system32\svcnost.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://mydesk-pi01.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.1/common/htdocs/SPX/2.0.3.17/TerminalSvcsTCS.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.201,85.255.112.144
TCP: {4F25B438-D6E4-46F9-BF06-D75465A2120F} = 85.255.112.201,85.255.112.144
TCP: {F7101E4E-24E8-401D-BCA4-A43935E9D26F} = 207.164.234.193,207.164.234.129
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: {7BC6B793-BBAA-4EED-9E56-8CBFA6F5BB03} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayyVnlJ setuid

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\izdnax6r.default\
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-23 11608]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2008-11-3 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-23 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-27 55640]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 evs;CM Server 3.1.01.3292;c:\program files\march hare cm suite trial\EvsManager.exe [2008-12-30 5116]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-4-16 93184]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-4-13 57344]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2009-4-14 822400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-16 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\mark\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mark\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\mediacoder\sysinfo.sys --> c:\program files\mediacoder\SysInfo.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\tp-link\tp-link wireless n client utility\jswpsapi.exe --> c:\program files\tp-link\tp-link wireless n client utility\jswpsapi.exe [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 s3chipid;s3chipid;c:\docume~1\mark\locals~1\temp\s3chipid.sys [2008-9-30 5376]

=============== Created Last 30 ================

2009-04-23 15:02 <DIR> --d----- c:\docume~1\mark\applic~1\Xilisoft Corporation
2009-04-23 15:01 <DIR> --d----- c:\program files\Xilisoft
2009-04-23 14:23 <DIR> --d----- c:\program files\Avira
2009-04-23 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-22 16:22 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-22 16:22 <DIR> --d----- c:\windows\Logs
2009-04-22 14:56 <DIR> --d----- c:\program files\common files\BioWare
2009-04-22 14:40 <DIR> --d----- c:\program files\Mass Effect
2009-04-17 23:13 266,360 a------- c:\windows\system32\TweakUI.exe
2009-04-17 23:13 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-04-17 08:23 208,896 -------- c:\windows\system32\SSRemove.exe
2009-04-17 08:23 8,478 -------- c:\windows\system32\SP119.ICO
2009-04-17 08:23 41,984 -------- c:\windows\system32\drivers\DGIVECP.SYS
2009-04-17 08:23 <DIR> --d----- c:\windows\Samsung
2009-04-16 18:06 <DIR> --d----- c:\program files\ATI
2009-04-16 18:02 <DIR> --d----- C:\ATI
2009-04-16 17:42 0 a------- c:\windows\ativpsrm.bin
2009-04-16 17:37 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-04-16 17:35 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-16 17:35 529 a----r-- c:\windows\system32\ATIODCLI.exe.manifest
2009-04-16 17:35 527 a----r-- c:\windows\system32\ATIODE.exe.manifest
2009-04-16 17:35 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-04-16 17:35 15,950 a------- c:\windows\atiogl.xml
2009-04-16 17:35 7,167 a----r-- c:\windows\system32\atifglpf.xml
2009-04-16 17:35 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-04-16 17:35 887,724 a----r-- c:\windows\system32\ativva6x.dat
2009-04-16 17:35 3,107,788 a----r-- c:\windows\system32\ativvaxx.dat
2009-04-16 17:35 3,107,788 a----r-- c:\windows\system32\ativva5x.dat
2009-04-16 17:35 184,394 a------- c:\windows\system32\atiicdxx.dat
2009-04-16 17:35 <DIR> --d----- c:\program files\ATI Technologies
2009-04-16 14:43 27,672 a----r-- c:\windows\system32\drivers\Entech.sys
2009-04-16 14:43 <DIR> --d----- c:\windows\system32\Futuremark
2009-04-16 14:43 <DIR> --d----- c:\program files\common files\Futuremark Shared
2009-04-16 07:06 290,816 a------- c:\windows\vncutil.exe
2009-04-16 07:06 122,880 a------- c:\windows\RtkAudioService.exe
2009-04-16 07:06 36,352 a------- c:\windows\system32\RtkCoInstXP.dll
2009-04-16 07:06 1,684,736 a------- c:\windows\system32\drivers\Ambfilt.sys
2009-04-16 07:06 1,389,056 a------- c:\windows\system32\drivers\Monfilt.sys
2009-04-16 07:06 <DIR> --d----- c:\program files\Realtek
2009-04-16 07:06 540,672 a------- c:\windows\RtlExUpd.dll
2009-04-16 01:42 215,465 a------- c:\windows\system32\nvapps.nvb
2009-04-16 01:21 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-04-16 00:12 962,612 a------- c:\windows\system32\mfc42d.dll
2009-04-16 00:12 434,252 a------- c:\windows\system32\MSVCRTD.DLL
2009-04-16 00:12 24,576 a------- c:\windows\system32\AsIO.dll
2009-04-16 00:12 12,400 a------- c:\windows\system32\drivers\AsIO.sys
2009-04-16 00:12 11,832 a------- c:\windows\system32\drivers\AsInsHelp64.sys
2009-04-16 00:12 10,216 a------- c:\windows\system32\drivers\AsInsHelp32.sys
2009-04-15 23:57 <DIR> --d----- c:\program files\ASUS
2009-04-14 21:04 822,400 a----r-- c:\windows\system32\drivers\WMP300Nv1.sys
2009-04-14 20:06 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 19:02 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-04-14 19:02 712,704 a------- c:\windows\system32\BCMLogon.dll
2009-04-14 19:02 712,704 a------- c:\windows\bcm22.tmp
2009-04-14 19:02 416 a------- c:\windows\system32\vcredist_x86.bat
2009-04-14 19:02 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-04-14 19:02 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-04-14 19:02 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-04-14 19:02 822,400 a------- c:\windows\system32\bcmwl5.sys
2009-04-14 01:42 1,344,224 a------- c:\windows\system32\drivers\athw.sys
2009-04-14 01:42 1,344,224 a------- c:\windows\system32\athw.sys
2009-04-14 01:42 158,249 a------- c:\windows\system32\netathw.inf
2009-04-14 01:42 38,128 a------- c:\windows\system32\netathw.cat
2009-04-13 22:21 <DIR> --d----- c:\program files\DriverGuide Toolkit
2009-04-13 21:34 57,344 a------- c:\windows\system32\jswscimd.sys
2009-04-13 21:34 57,344 a------- c:\windows\system32\drivers\jswscimd.sys
2009-04-13 21:34 27,298 a------- c:\windows\system32\jswscimdp.cat
2009-04-13 21:34 26,869 a------- c:\windows\system32\jswscimd.cat
2009-04-13 21:34 5,529 a------- c:\windows\system32\jswscimdp.inf
2009-04-13 21:34 2,231 a------- c:\windows\system32\jswscimd.inf
2009-04-13 21:34 405,583 a------- c:\windows\system32\jswscsup.dll
2009-04-13 20:56 <DIR> --d----- C:\temp
2009-04-13 18:15 <DIR> --d-hr-- c:\docume~1\alluse~1\applic~1\Atheros
2009-04-13 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TP-LINK
2009-04-12 15:59 <DIR> --d----- c:\program files\IrfanView
2009-04-12 15:53 <DIR> --d----- c:\docume~1\mark\applic~1\Windows Search
2009-04-10 12:58 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-10 08:39 <DIR> --d--r-- c:\program files\Skype
2009-04-08 09:48 <DIR> --d----- c:\docume~1\mark\applic~1\Windows Desktop Search
2009-04-08 09:46 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-08 09:46 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-07 00:42 <DIR> --d----- c:\program files\PFPortChecker
2009-04-01 16:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-01 11:47 <DIR> --d----- c:\docume~1\mark\applic~1\Uniblue
2009-04-01 11:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-04-01 11:39 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-01 10:44 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-01 10:44 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-01 10:44 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-01 10:37 <DIR> --d----- c:\program files\common files\PCSuite
2009-04-01 10:36 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-04-01 10:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-04-01 10:15 8,064 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-04-01 10:15 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-04-01 10:15 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-04-01 10:15 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-04-01 10:15 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-04-01 10:15 8,064 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-04-01 10:01 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-04-01 10:01 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-04-01 10:00 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-01 10:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-01 09:56 <DIR> --d----- c:\program files\common files\Nokia
2009-04-01 09:56 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-04-01 09:56 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-04-01 09:56 <DIR> --d----- c:\program files\Nokia
2009-03-30 20:58 <DIR> --d----- c:\documents and settings\mark\.zenmap
2009-03-30 20:57 <DIR> --d----- c:\program files\WinPcap
2009-03-30 20:57 <DIR> --d----- c:\program files\Nmap
2009-03-28 20:23 <DIR> --d----- c:\program files\MSECache
2009-03-27 21:18 <DIR> --d----- c:\program files\MSXML 6.0
2009-03-27 20:59 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-27 20:40 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-27 20:22 <DIR> --d----- c:\program files\CCleaner
2009-03-27 20:18 <DIR> --d----- c:\program files\Trend Micro
2009-03-27 19:23 422 a------- c:\windows\system32\mapisvc.inf
2009-03-27 19:23 <DIR> --d----- c:\program files\Microsoft Small Business
2009-03-27 19:20 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-27 19:14 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-03-27 17:33 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-27 17:33 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-27 17:33 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-27 17:33 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-27 17:33 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-27 17:33 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-27 17:33 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-27 17:33 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-27 17:33 <DIR> --d----- C:\40dee91f2ce52a11e7
2009-03-27 15:03 <DIR> --d----- c:\windows\SHELLNEW
2009-03-27 10:03 1,253,376 a------- c:\windows\system32\NvPVEnc.ax
2009-03-27 10:03 401,408 a------- c:\windows\system32\nvcuvid.dll

==================== Find3M ====================

2009-03-30 17:13 5,063,168 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-27 11:22 17,567,744 a------- c:\windows\RTHDCPL.EXE
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-19 10:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-16 17:33 3,597,312 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-16 16:26 328,704 a------- c:\windows\system32\ati2dvag.dll
2009-03-16 16:17 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-03-16 16:16 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-03-16 16:16 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-03-16 16:16 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-03-16 16:16 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-03-16 16:15 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-03-16 16:13 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-03-16 16:06 3,820,736 a------- c:\windows\system32\ati3duag.dll
2009-03-16 16:04 11,563,008 a------- c:\windows\system32\atioglxx.dll
2009-03-16 15:53 2,675,328 a------- c:\windows\system32\ativvaxx.dll
2009-03-16 15:40 49,664 a------- c:\windows\system32\atimpc32.dll
2009-03-16 15:40 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-03-16 15:36 475,136 a------- c:\windows\system32\atikvmag.dll
2009-03-16 15:35 303,104 a------- c:\windows\system32\atiok3x2.dll
2009-03-16 15:35 131,072 a------- c:\windows\system32\atiadlxx.dll
2009-03-16 15:35 45,056 a------- c:\windows\system32\aticalrt.dll
2009-03-16 15:34 45,056 a------- c:\windows\system32\aticalcl.dll
2009-03-16 15:34 17,408 a------- c:\windows\system32\atitvo32.dll
2009-03-16 15:34 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-03-16 15:33 3,264,512 a------- c:\windows\system32\aticaldd.dll
2009-03-16 15:28 630,784 a------- c:\windows\system32\ati2cqag.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-15 16:13 240,248 a------- c:\windows\system32\wpcap.dll
2009-03-15 16:13 88,696 a------- c:\windows\system32\Packet.dll
2009-03-15 16:13 68,224 a------- c:\windows\system32\WanPacket.dll
2009-03-15 16:13 53,299 a------- c:\windows\system32\pthreadVC.dll
2009-03-15 16:13 34,064 a------- c:\windows\system32\drivers\npf.sys
2009-03-10 14:32 2,168,320 a------- c:\windows\MicCal.exe
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 15:56 118,784 a------- c:\windows\system32\atibtmon.exe
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-18 13:55 294,912 a------- c:\windows\system32\ATIODE.exe
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:52 45,056 a------- c:\windows\system32\ATIODCLI.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2008-12-07 10:32 56 a--sh--- c:\docume~1\alluse~1\applic~1\dc64vg9.sys
2009-01-23 06:29 413,000 a--sh--- c:\windows\system32\JlnVyyay.ini2

============= FINISH: 11:00:37.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:13 AM

Posted 29 April 2009 - 02:26 PM

Hello Codeguy007,


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by SifuMike, 29 April 2009 - 02:29 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:13 AM

Posted 22 May 2009 - 05:45 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users