Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
4 replies to this topic

#1 joelddhans

joelddhans

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 24 February 2010 - 05:45 PM

I have been following all the advice i can on your stie, and have run numerous programs, but it seems like I can't shake this google redirect problem. It is happening in internet explorer and firefox, though i only tried ie because of the firefox redirect. I will attach all the files i can think of from my last few days of scanning.

I don't think i can get a gmer log though. it ran for about 36 hours, and then froze.

Anyway here goes.

OTL.txt

OTL logfile created on: 2/24/2010 4:32:22 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Joel\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 34.24 Gb Free Space | 45.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROGRAMDIRECTOR
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/24 16:30:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\My Documents\Downloads\OTL.exe
PRC - [2010/02/19 09:46:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/01 09:07:00 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 09:43:08 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 09:43:07 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 09:43:04 | 000,745,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2009/11/12 12:25:59 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/12 12:25:57 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 12:25:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/05/16 14:01:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/06 17:17:26 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
PRC - [2004/04/23 09:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2004/01/21 09:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/10/20 11:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) -- C:\Program Files\RDS\SrScanDr.exe
PRC - [2002/11/25 22:08:18 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe
PRC - [2002/11/20 16:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\DdsSchedNT.exe
PRC - [2000/11/30 22:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\RsiSvc.exe
PRC - [2000/06/26 06:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 00:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/24 16:30:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/06 02:28:18 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/12 12:25:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/21 03:43:27 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/16 14:01:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2007/12/05 15:52:10 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/01 16:56:01 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/01 16:55:51 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/01/21 09:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/10/20 11:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) [Auto | Running] -- C:\Program Files\RDS\SrScanDr.exe -- (ScanRouterDriverV2)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/11/20 16:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\DdsSchedNT.exe -- (DdsSched)
SRV - [2002/07/31 10:43:44 | 000,098,304 | ---- | M] (RICOH Company Ltd.) [Auto | Stopped] -- C:\Program Files\RDS\SOption.exe -- (SOption)
SRV - [2000/11/30 22:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\RsiSvc.exe -- (RsiSvc)
SRV - [2000/06/26 06:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 00:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 09:46:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 09:46:12 | 000,000,000 | ---D | M]

[2008/09/19 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Mozilla\Extensions
[2010/02/21 07:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\11200i9w.default\extensions
[2010/02/24 15:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/21 16:36:20 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2002/08/29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000074-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxmvdec.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Joel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2006/06/05 10:00:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68683287341563904)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 15:32:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/22 15:28:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/22 15:28:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/22 15:28:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/22 15:28:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/22 15:28:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/22 15:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\how-to-use-combofix_files
[2010/02/22 15:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/22 11:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\tutorial42_files
[2010/02/19 17:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/19 17:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/19 17:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Application Data\SUPERAntiSpyware.com
[2010/02/19 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/19 15:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Application Data\Malwarebytes
[2010/02/19 15:34:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 15:34:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/19 15:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 15:24:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joel\Recent
[2010/02/19 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/17 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/01/18 05:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/06 02:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/17 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/31 11:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/01/21 13:15:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/01/21 13:15:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/03/24 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/03/24 10:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005/12/09 11:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2003/09/04 14:22:12 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/24 16:33:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/24 15:31:45 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/24 15:31:45 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/02/24 15:31:45 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/02/24 15:31:19 | 056,165,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/24 15:28:19 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/24 15:28:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/24 15:27:55 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/24 15:27:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/24 15:27:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 15:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/22 16:16:32 | 000,003,958 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Attach.zip
[2010/02/22 16:04:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\gmer.exe
[2010/02/22 15:47:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 15:32:13 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/02/22 15:27:48 | 000,062,358 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\how-to-use-combofix.htm
[2010/02/22 12:22:46 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/02/22 12:22:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joel\NTUSER.INI
[2010/02/22 12:18:17 | 000,006,367 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\hijackthis end
[2010/02/22 11:23:33 | 000,160,441 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\tutorial42.html
[2010/02/19 17:18:50 | 000,588,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 16:13:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FWW_Archive.lnk
[2010/02/19 14:11:21 | 000,197,312 | ---- | M] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/16 19:27:44 | 000,041,566 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\021600_1327[01].jpg
[2010/02/16 19:27:30 | 000,037,502 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\021600_1327[00].jpg
[2010/02/16 19:27:04 | 000,043,278 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\021600_1326[00].jpg
[2010/02/16 13:47:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/15 16:42:20 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 16:16:32 | 000,003,958 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Attach.zip
[2010/02/22 15:32:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/22 15:32:07 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/22 15:28:30 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/22 15:28:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/22 15:28:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/22 15:28:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/22 15:28:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/22 15:27:47 | 000,062,358 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\how-to-use-combofix.htm
[2010/02/22 12:18:17 | 000,006,367 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\hijackthis end
[2010/02/22 11:23:28 | 000,160,441 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\tutorial42.html
[2010/02/16 16:46:24 | 000,043,278 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\021600_1326[00].jpg
[2010/02/16 16:46:24 | 000,041,566 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\021600_1327[01].jpg
[2010/02/16 16:46:24 | 000,037,502 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\021600_1327[00].jpg
[2009/12/30 13:30:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/12/30 13:30:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/12/30 13:30:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/12/30 13:30:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/12/30 13:30:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/12/30 13:30:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/09/22 11:09:43 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\rftg
[2008/11/20 14:24:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/08/20 13:00:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/14 13:43:26 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 10:23:58 | 000,006,807 | ---- | C] () -- C:\WINDOWS\LDRAW.INI
[2008/05/19 10:51:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/28 09:56:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\PFP110JPR.{PB
[2008/04/28 09:56:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\PFP110JCM.{PB
[2008/01/21 10:58:43 | 000,049,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/12/19 14:12:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
[2007/01/04 10:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoPro.INI
[2006/10/19 13:08:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7C.DLL
[2006/10/14 18:02:33 | 000,000,084 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2006/10/14 17:58:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/10/14 17:57:58 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2006/10/14 17:57:57 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2006/10/14 17:57:57 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2006/10/14 17:57:56 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2006/10/14 17:57:56 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2006/10/14 17:57:55 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2006/10/14 17:57:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/10/14 17:57:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2006/10/14 17:57:54 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/10/14 17:57:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2006/10/14 17:57:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/10/14 17:53:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2006/10/14 17:53:29 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/10/14 17:53:27 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2006/09/18 22:22:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\LPubRay.dll
[2006/09/09 09:28:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2006/08/29 13:40:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2006/01/30 10:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2006/01/18 13:08:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/24 21:14:13 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2005/07/24 21:14:13 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2005/07/24 21:14:13 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2005/07/24 21:14:13 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2005/07/24 21:14:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/07/24 21:07:53 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2005/07/24 21:07:24 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/02/08 13:41:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2005/02/08 12:41:58 | 000,031,750 | ---- | C] () -- C:\WINDOWS\RicDB.ini
[2005/02/08 12:28:03 | 000,000,320 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2004/08/04 09:32:16 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/06/15 10:21:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/15 10:17:27 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/12/04 14:03:26 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/20 10:08:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2003/10/01 10:47:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2003/09/26 13:14:57 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2003/09/12 15:21:17 | 000,022,393 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/12 10:06:26 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/12 10:06:25 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/09/12 09:38:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2003/09/12 09:38:11 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2003/09/12 09:38:10 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2003/09/10 10:52:42 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/09/10 10:52:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/09/04 14:28:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/04 14:26:10 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/09/04 14:22:25 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/09/04 14:22:12 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/09/04 14:22:12 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/09/04 14:22:12 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/09/04 14:22:12 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/09/04 14:22:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/09/04 14:22:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/09/04 14:21:46 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/09/04 14:17:52 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/04 14:04:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/04 14:04:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/04 13:52:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2005/05/27 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2009/11/12 12:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/07/03 22:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/07/03 21:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/08/29 13:39:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/01/21 13:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/20 12:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/08/21 21:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/07/25 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/07/25 11:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/07/25 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2005/07/03 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2008/07/25 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2005/07/02 03:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/19 15:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/05/27 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\AVG7
[2009/04/28 14:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/03 10:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\FUJIFILM
[2008/08/20 12:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\HotSync
[2009/06/25 13:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2008/08/20 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Leadertech
[2009/12/30 11:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/06/19 20:57:48 | 001,560,218 | ---- | M] (InstallShield Software Corporation) -- C:\PluginsFix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/06 12:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/06 12:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/06 12:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/06 12:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 14:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2010/02/22 05:36:54 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/02/22 05:36:54 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2010/02/22 05:36:54 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



dds log



DDS (Ver_09-12-01.01) - NTFSx86
Run by Joel at 16:13:41.17 on Mon 02/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.462 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RDS\RsiSvc.exe
C:\Program Files\RDS\srscandr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\RDS\ddsschednt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joel\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [PDUiP6220DMon] c:\program files\canon\memory card utility\ip6220d\PDUiP6220DMon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000074-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmvdec.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joel\applic~1\mozilla\firefox\profiles\11200i9w.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://mail2.finalweb.net
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccessc:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-21 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-27 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-12 285392]
R2 DdsSched;Dds Scheduler Deamon;c:\program files\rds\DdsSchedNT.exe [2005-2-8 36864]
R2 RsiSvc;Ridoc Server Information Service;c:\program files\rds\RsiSvc.exe [2005-2-8 65536]
R2 ScanRouterDriverV2;ScanRouterDriverV2;c:\program files\rds\SrScanDr.exe [2005-2-8 178688]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 SOption;SOption;c:\program files\rds\SOption.exe [2005-2-8 98304]
S3 PinnacleMarvinPro;Pinnacle Systems Liquid Edition PRO Device;c:\windows\system32\drivers\MarvinPro.sys [2005-7-24 1714176]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-12-5 1174664]

=============== Created Last 30 ================

2010-02-22 21:32:04 0 d-sha-r- C:\cmdcons
2010-02-22 21:28:30 98816 ----a-w- c:\windows\sed.exe
2010-02-22 21:28:30 77312 ----a-w- c:\windows\MBR.exe
2010-02-22 21:28:30 261632 ----a-w- c:\windows\PEV.exe
2010-02-22 21:28:30 161792 ----a-w- c:\windows\SWREG.exe
2010-02-19 23:23:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-19 23:23:00 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-19 23:22:59 0 d-----w- c:\docume~1\joel\applic~1\SUPERAntiSpyware.com
2010-02-19 23:22:20 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-19 21:34:28 0 d-----w- c:\docume~1\joel\applic~1\Malwarebytes
2010-02-19 21:34:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 21:34:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 21:34:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 21:34:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-19 20:50:12 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-02-22 11:36:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-02-22 11:36:54 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2002-07-26 21:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
2008-09-06 20:04:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 16:15:15.87 ===============

i atached what i thought i should.... I hope this helps.


Attached Files



BC AdBot (Login to Remove)

 


#2 joelddhans

joelddhans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 25 February 2010 - 12:40 PM

This morning, when i got to my computer, AVG free version 9 found a virus. win32/patched.ch it said that it was infecting windows/system/drivers/atapi.sys

This seems like a good thing to have identified. ?!?!

#3 joelddhans

joelddhans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 26 February 2010 - 05:50 PM

I know I'm not supposed to do anything after I post, but i had to keep trying things cause it's been acouple days, and this is my work computer. I kept searching on here ,and found lots of helpful stuff.



I ran tdskiller and ended up i think solving the problem. I am attaching the file.

I have not been redirected for about twenty searches.

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 26 February 2010 - 09:13 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 04 March 2010 - 04:41 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users