Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

got some sort of redirct malware on my browers IE and mozil

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

got some sort of redirct malware on my browers IE and mozil

Unread postby stingerbud » February 13th, 2011, 1:19 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:51 PM, on 2/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\seclogonwow.exe
C:\WINDOWS\vgawow.exe
C:\WINDOWS\compobjwow.exe
C:\WINDOWS\NlsLexicons0011wow.exe
C:\WINDOWS\wlanmsmwow.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\june call\AppData\Roaming\SysWin\lsass.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0380955C-20A6-4D28-9870-939ECDDD4B13} - C:\Windows\system32\AUDIOKSE32.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 947bcb7a - {44F969B6-40A0-02F6-8288-96FB5033924F} - C:\ProgramData\AUDIOKSE32.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre0.dll
O3 - Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [seclogonwow.exe] C:\WINDOWS\seclogonwow.exe
O4 - HKLM\..\Run: [vgawow.exe] C:\WINDOWS\vgawow.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [compobjwow.exe] C:\WINDOWS\compobjwow.exe
O4 - HKLM\..\Run: [NlsLexicons0011wow.exe] C:\WINDOWS\NlsLexicons0011wow.exe
O4 - HKLM\..\Run: [wlanmsmwow.exe] C:\WINDOWS\wlanmsmwow.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\june call\AppData\Roaming\SysWin\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RTHDBPL] C:\Windows\system32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RTHDBPL] C:\Windows\system32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mozysupport.webex.com/client/T2 ... atgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\ProgramData\AUDIOKSE32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secondary Logon (seclogon32) - CodeGear - C:\Windows\system32\d3d10_1core32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11292 bytes
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am
Advertisement
Register to Remove

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 15th, 2011, 4:31 pm

Hi stingerbud,
It's infected alright.
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Put a Check on each the following lines:
(Some of these lines may be missing)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: (no name) - {0380955C-20A6-4D28-9870-939ECDDD4B13} - C:\Windows\system32\AUDIOKSE32.dll
O2 - BHO: 947bcb7a - {44F969B6-40A0-02F6-8288-96FB5033924F} - C:\ProgramData\AUDIOKSE32.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: WeatherBug Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [seclogonwow.exe] C:\WINDOWS\seclogonwow.exe
O4 - HKLM\..\Run: [vgawow.exe] C:\WINDOWS\vgawow.exe
O4 - HKLM\..\Run: [compobjwow.exe] C:\WINDOWS\compobjwow.exe
O4 - HKLM\..\Run: [NlsLexicons0011wow.exe] C:\WINDOWS\NlsLexicons0011wow.exe
O4 - HKLM\..\Run: [wlanmsmwow.exe] C:\WINDOWS\wlanmsmwow.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O20 - AppInit_DLLs: C:\ProgramData\AUDIOKSE32.dll
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

So we are looking for the Installed programs list from HiJackThis, and the Report from Avira Antivir.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 16th, 2011, 1:10 am

will did everything to this point Antivir wont let me Scan System Now
When the update is complete, click on Scan System Now it wont do anything.
any suggestions
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 16th, 2011, 12:40 pm

stingerbud,
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 16th, 2011, 9:11 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/16/2011 at 18:37:00.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 02/16/2011 at 18:37:10.





ComboFix 11-02-16.01 - june call 02/16/2011 18:53:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1401 [GMT -6:00]
Running from: c:\users\june call\Desktop\zzz.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\programdata\Desktop
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u1045610869v0
c:\programdata\SysWoW32\@u1045610869v1
c:\programdata\SysWoW32\@u1045610869v2
c:\programdata\SysWoW32\@u1045610869v3
c:\programdata\SysWoW32\_u1045610869v0
c:\programdata\SysWoW32\_u1045610869v1
c:\programdata\SysWoW32\_u1045610869v2
c:\programdata\SysWoW32\_u1045610869v3
c:\programdata\SysWoW32\_u1045610869v4
c:\programdata\SysWoW32\_u1045610869v5
c:\programdata\SysWoW32\_u1045610869v6
c:\programdata\SysWoW32\_u1045610869v7
c:\programdata\SysWoW32\mu1045610869v4
c:\programdata\SysWoW32\mu1045610869v4.kwd
c:\programdata\SysWoW32\mu1045610869v5
c:\programdata\SysWoW32\mu1045610869v5.kwd
c:\programdata\SysWoW32\mu1045610869v6
c:\programdata\SysWoW32\mu1045610869v6.kwd
c:\programdata\SysWoW32\mu1045610869v7
c:\programdata\SysWoW32\mu1045610869v7.kwd
c:\programdata\SysWoW32\wu1045610869v0
c:\programdata\SysWoW32\wu1045610869v0.kwd
c:\programdata\SysWoW32\wu1045610869v1
c:\programdata\SysWoW32\wu1045610869v1.kwd
c:\programdata\SysWoW32\wu1045610869v2
c:\programdata\SysWoW32\wu1045610869v2.kwd
c:\programdata\SysWoW32\wu1045610869v3
c:\programdata\SysWoW32\wu1045610869v3.kwd
c:\programdata\unrar.exe
c:\users\june call\AppData\Local\{FDBEC395-7D44-4FC2-8A7D-0EAB900D4814}
c:\users\june call\AppData\Local\{FDBEC395-7D44-4FC2-8A7D-0EAB900D4814}\chrome\content\overlay.xul
c:\users\june call\AppData\Local\{FDBEC395-7D44-4FC2-8A7D-0EAB900D4814}\install.rdf
c:\users\june call\AppData\Local\Temp\ppcrlui_4500_2
c:\users\june call\AppData\Roaming\completescan
c:\users\june call\AppData\Roaming\install
c:\users\june call\AppData\Roaming\Microsoft\Windows\Recent\Alexa the Web Information Company.url
c:\users\june call\AppData\Roaming\Microsoft\Windows\Recent\My Documents.url
c:\users\june call\AppData\Roaming\Microsoft\Windows\Recent\Support Mozy.url
c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{bdd75058-3707-433a-9f45-166942f61d1e}
c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{bdd75058-3707-433a-9f45-166942f61d1e}\chrome.manifest
c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{bdd75058-3707-433a-9f45-166942f61d1e}\chrome\xulcache.jar
c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{bdd75058-3707-433a-9f45-166942f61d1e}\defaults\preferences\xulcache.js
c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{bdd75058-3707-433a-9f45-166942f61d1e}\install.rdf
c:\users\june call\AppData\Roaming\syswin
c:\users\june call\AppData\Roaming\syswin\lsass.exe
c:\users\june call\Documents\My Documents.url
c:\users\JUNECA~1\AppData\Local\Temp\ppcrlui_4500_2
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 01:02 . 2011-02-17 01:02 -------- d-----w- c:\users\jim\AppData\Local\temp
2011-02-17 01:02 . 2011-02-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-17 00:50 . 2011-02-17 00:51 -------- d-----w- C:\32788R22FWJFW
2011-02-16 04:12 . 2011-02-16 04:12 -------- d-----w- c:\users\june call\AppData\Roaming\Avira
2011-02-16 04:08 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-16 04:08 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-16 04:08 . 2011-02-16 04:08 -------- d-----w- c:\programdata\Avira
2011-02-16 04:08 . 2011-02-16 04:08 -------- d-----w- c:\program files\Avira
2011-02-16 03:34 . 2011-02-16 03:33 497664 --sh--w- c:\windows\wups2wow.exe
2011-02-15 18:33 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7B70984-ECD5-45B3-BF2A-486321994D04}\mpengine.dll
2011-02-13 04:47 . 2011-02-13 04:47 388096 ----a-r- c:\users\june call\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 04:47 . 2011-02-13 04:47 -------- d-----w- c:\program files\Trend Micro
2011-02-13 04:41 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-13 04:36 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-13 04:36 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-13 04:11 . 2011-02-13 04:11 483840 --sh--w- c:\windows\wlanmsmwow.exe
2011-02-08 04:04 . 2011-02-08 04:04 488448 --sha-w- c:\windows\NlsLexicons0011wow.exe
2011-02-08 04:01 . 2011-02-08 04:01 175616 ----a-w- c:\windows\system32\fdSSDP32.exe
2011-02-08 03:43 . 2011-02-08 03:43 488448 --sha-w- c:\windows\compobjwow.exe
2011-02-06 19:51 . 2011-02-06 19:51 488448 --sh--w- c:\windows\eappgnuiwow.exe
2011-02-02 02:39 . 2011-02-06 19:52 -------- d-----w- c:\program files\FileZilla Server
2011-02-02 02:22 . 2011-02-02 02:22 -------- d-----w- C:\public_html
2011-02-01 19:04 . 2011-02-01 19:04 480256 --sha-w- c:\windows\vgawow.exe
2011-02-01 05:13 . 2011-02-01 05:13 480256 --sha-w- c:\windows\seclogonwow.exe
2011-02-01 04:58 . 2011-02-01 04:57 480256 --sha-w- c:\windows\msieftpwow.exe
2011-01-31 04:15 . 2011-01-31 04:15 -------- d-----w- c:\program files\7-Zip
2011-01-31 03:02 . 2011-01-31 03:02 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-01-31 02:56 . 2011-01-31 02:56 -------- d-----w- c:\program files\Adobe Media Player
2011-01-31 02:44 . 2011-02-16 03:32 -------- d-----w- c:\program files\Common Files\Akamai
2011-01-30 15:14 . 2011-01-30 15:14 -------- d-----w- c:\users\june call\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2011-01-30 15:13 . 2011-01-30 15:14 -------- d-----w- c:\program files\Market Samurai
2011-01-29 22:31 . 2011-02-12 04:31 -------- d-----w- c:\users\june call\AppData\Roaming\FileZilla
2011-01-29 22:31 . 2011-02-13 04:08 -------- d-----w- c:\program files\FileZilla FTP Client
2011-01-29 20:22 . 2011-01-29 20:22 -------- d-----w- c:\users\june call\AppData\Local\Microsoft Help
2011-01-29 19:36 . 2011-01-30 05:36 -------- d-----w- c:\program files\SAT
2011-01-29 02:19 . 2011-01-29 02:19 494592 --sh--w- c:\windows\xpssvcswow.exe
2011-01-29 01:12 . 2011-02-13 04:08 -------- d-----w- c:\programdata\McAfee Security Scan
2011-01-29 01:12 . 2011-01-29 01:12 -------- d-----w- c:\programdata\McAfee
2011-01-29 01:12 . 2011-02-01 01:00 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-28 20:10 . 2011-01-28 20:10 494592 --sh--w- c:\windows\KBDVNTCwow.exe
2011-01-25 03:46 . 2011-01-25 03:46 -------- d-----w- c:\program files\CCleaner
2011-01-23 22:43 . 2011-01-23 22:43 -------- d-----w- c:\program files\FLVUnit
2011-01-23 15:51 . 2011-01-23 15:51 0 ---ha-w- c:\windows\system32\onobyqvnhg.tmp
2011-01-23 14:48 . 2011-01-23 14:48 246784 ----a-w- c:\programdata\AUDIOKSE32.dll
2011-01-23 14:48 . 2011-01-23 14:48 1330176 ----a-w- c:\programdata\fltLib32.exe
2011-01-23 14:48 . 2011-01-23 14:48 1330176 ----a-w- c:\windows\system32\d3d10_1core32.exe
2011-01-23 14:48 . 2011-01-23 14:48 175616 ----a-w- c:\windows\system32\fltLib32.exe
2011-01-22 00:02 . 2011-01-22 00:02 -------- d-----w- c:\users\june call\AppData\Roaming\Image Zone Express
2011-01-22 00:02 . 2011-01-22 00:02 -------- d-----w- c:\users\june call\AppData\Roaming\Printer Info Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 23:11 . 2010-04-19 04:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 02:37 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 02:37 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-13 21:45 1125888 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\1000.tmp
2010-11-14 17:45 1125888 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\B138.tmp
2010-11-13 21:45 1125888 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\BCA.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E01687D4-1FCC-CE16-7FD4-CB7578582FB7}]
2011-01-23 14:48 246784 ----a-w- c:\programdata\AUDIOKSE32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre0.dll" [2010-09-15 2735200]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}"= "c:\program files\Free_TV_Bar_c3\tbFre0.dll" [2010-09-15 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 22:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 22:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
"wups2wow.exe"="c:\windows\wups2wow.exe" [2011-02-16 497664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

c:\users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-20 113664]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 3571512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programdata\AUDIOKSE32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^june call^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 19:23 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 00:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-24 11:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-24 11:08 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2010-06-30 15:04 15688 ----a-w- c:\users\june call\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2010-06-30 15:04 773448 ----a-w- c:\users\june call\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2008-11-21 125440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-30 43912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 seclogon32;Secondary Logon ;c:\windows\system32\d3d10_1core32.exe [2011-01-23 1330176]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 14:10]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 14:10]

2011-02-16 c:\windows\Tasks\HPCeeScheduleForjune call.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-25 18:58]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{95651EAF-5A5D-4E59-AC85-8EC1E203124A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\PriceGong\2.1.0\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\june call\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
HKCU-Run-RTHDBPL - c:\users\june call\AppData\Roaming\SysWin\lsass.exe
HKLM-Run-hpqSRMon - (no file)
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Exetender - c:\program files\Free Ride Games\GPlayer.exe
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 19:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RTHDBPL = c:\users\june call\AppData\Roaming\SysWin\lsass.exe????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\JUNECA~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-16 19:06:00
ComboFix-quarantined-files.txt 2011-02-17 01:05

Pre-Run: 84,672,946,176 bytes free
Post-Run: 84,616,409,088 bytes free

- - End Of File - - 37AB56F29625F3880D31FDB6C0414E96


ok here you go thanks for all your help
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 17th, 2011, 7:28 am

stingerbud,
It's fairly likely this set of infections came from using Limewire or one of the other P2P programs.
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    c:\windows\wups2wow.exe
    c:\windows\wlanmsmwow.exe
    c:\windows\NlsLexicons0011wow.exe
    c:\windows\compobjwow.exe
    c:\windows\eappgnuiwow.exe
    c:\windows\vgawow.exe
    c:\windows\seclogonwow.exe
    c:\windows\msieftpwow.exe
    c:\windows\xpssvcswow.exe
    c:\windows\KBDVNTCwow.exe
    c:\windows\system32\onobyqvnhg.tmp
    c:\programdata\AUDIOKSE32.dll
    C:\WINDOWS\seclogonwow.exe
    C:\WINDOWS\vgawow.exe
    C:\WINDOWS\compobjwow.exe
    C:\WINDOWS\NlsLexicons0011wow.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    
    Folder::
    c:\programdata\McAfee Security Scan
    c:\programdata\McAfee
    C:\Program Files\Ask.com
    
    Registry::
    [-HKLM\~\startupfolder\C:^Users^june call^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wups2wow.exe"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the contents of the resultant log, saved in the main directory of the C: drive here > C:\ComboFix.txt, in your next reply.

-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
Tell it to DELETE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

So we are looking for the log from Combofix (zzz.exe), and the Avira Antivir Report.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 18th, 2011, 6:53 pm

Per your request

ComboFix 11-02-16.01 - june call 02/18/2011 9:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1339 [GMT -6:00]
Running from: c:\users\june call\Desktop\zzz.exe
Command switches used :: c:\users\june call\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\AWS\WeatherBug\Weather.exe"
"c:\programdata\AUDIOKSE32.dll"
"c:\windows\compobjwow.exe"
"c:\windows\eappgnuiwow.exe"
"c:\windows\KBDVNTCwow.exe"
"c:\windows\msieftpwow.exe"
"c:\windows\NlsLexicons0011wow.exe"
"c:\windows\seclogonwow.exe"
"c:\windows\system32\onobyqvnhg.tmp"
"c:\windows\vgawow.exe"
"c:\windows\wlanmsmwow.exe"
"c:\windows\wups2wow.exe"
"c:\windows\xpssvcswow.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\AWS\WeatherBug\Weather.exe
c:\programdata\AUDIOKSE32.dll
c:\programdata\McAfee Security Scan
c:\programdata\McAfee Security Scan\ftstate.ini
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log
c:\programdata\SysWoW32
c:\windows\compobjwow.exe
c:\windows\eappgnuiwow.exe
c:\windows\KBDVNTCwow.exe
c:\windows\msieftpwow.exe
c:\windows\NlsLexicons0011wow.exe
c:\windows\seclogonwow.exe
c:\windows\system32\onobyqvnhg.tmp
c:\windows\vgawow.exe
c:\windows\wlanmsmwow.exe
c:\windows\xpssvcswow.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 15:34 . 2011-02-18 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-18 15:34 . 2011-02-18 15:34 -------- d-----w- c:\users\jim\AppData\Local\temp
2011-02-18 13:48 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD3BD3E-206E-40A3-BBB2-4D7AB6E2C8A5}\mpengine.dll
2011-02-17 20:21 . 2011-02-17 20:21 497664 --sh--w- c:\windows\xactengine2_3wow.exe
2011-02-16 04:12 . 2011-02-16 04:12 -------- d-----w- c:\users\june call\AppData\Roaming\Avira
2011-02-16 04:08 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-16 04:08 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-16 04:08 . 2011-02-16 04:08 -------- d-----w- c:\programdata\Avira
2011-02-16 04:08 . 2011-02-16 04:08 -------- d-----w- c:\program files\Avira
2011-02-13 04:47 . 2011-02-13 04:47 388096 ----a-r- c:\users\june call\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 04:47 . 2011-02-13 04:47 -------- d-----w- c:\program files\Trend Micro
2011-02-13 04:41 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-13 04:36 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-13 04:36 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 04:01 . 2011-02-08 04:01 175616 ----a-w- c:\windows\system32\fdSSDP32.exe
2011-02-02 02:39 . 2011-02-06 19:52 -------- d-----w- c:\program files\FileZilla Server
2011-02-02 02:22 . 2011-02-02 02:22 -------- d-----w- C:\public_html
2011-01-31 04:15 . 2011-01-31 04:15 -------- d-----w- c:\program files\7-Zip
2011-01-31 03:02 . 2011-01-31 03:02 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-01-31 02:56 . 2011-01-31 02:56 -------- d-----w- c:\program files\Adobe Media Player
2011-01-31 02:44 . 2011-02-16 03:32 -------- d-----w- c:\program files\Common Files\Akamai
2011-01-30 15:14 . 2011-01-30 15:14 -------- d-----w- c:\users\june call\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2011-01-30 15:13 . 2011-01-30 15:14 -------- d-----w- c:\program files\Market Samurai
2011-01-29 22:31 . 2011-02-12 04:31 -------- d-----w- c:\users\june call\AppData\Roaming\FileZilla
2011-01-29 22:31 . 2011-02-13 04:08 -------- d-----w- c:\program files\FileZilla FTP Client
2011-01-29 20:22 . 2011-01-29 20:22 -------- d-----w- c:\users\june call\AppData\Local\Microsoft Help
2011-01-29 19:36 . 2011-01-30 05:36 -------- d-----w- c:\program files\SAT
2011-01-29 01:12 . 2011-02-01 01:00 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-25 03:46 . 2011-01-25 03:46 -------- d-----w- c:\program files\CCleaner
2011-01-23 22:43 . 2011-01-23 22:43 -------- d-----w- c:\program files\FLVUnit
2011-01-23 14:48 . 2011-01-23 14:48 1330176 ----a-w- c:\programdata\fltLib32.exe
2011-01-23 14:48 . 2011-01-23 14:48 1330176 ----a-w- c:\windows\system32\d3d10_1core32.exe
2011-01-23 14:48 . 2011-01-23 14:48 175616 ----a-w- c:\windows\system32\fltLib32.exe
2011-01-22 00:02 . 2011-01-22 00:02 -------- d-----w- c:\users\june call\AppData\Roaming\Image Zone Express
2011-01-22 00:02 . 2011-01-22 00:02 -------- d-----w- c:\users\june call\AppData\Roaming\Printer Info Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 23:11 . 2010-04-19 04:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 02:37 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 02:37 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre0.dll" [2010-09-15 2735200]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}"= "c:\program files\Free_TV_Bar_c3\tbFre0.dll" [2010-09-15 2735200]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 22:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 22:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"xactengine2_3wow.exe"="c:\windows\xactengine2_3wow.exe" [2011-02-17 497664]

c:\users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-20 113664]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 3571512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 19:23 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 00:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-24 11:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-24 11:08 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2010-06-30 15:04 15688 ----a-w- c:\users\june call\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2010-06-30 15:04 773448 ----a-w- c:\users\june call\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
R2 seclogon32;Secondary Logon ;c:\windows\system32\d3d10_1core32.exe [2011-01-23 1330176]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2008-11-21 125440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-30 43912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - CFCATCHME
*Deregistered* - CFcatchme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 14:10]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 14:10]

2011-02-16 c:\windows\Tasks\HPCeeScheduleForjune call.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-25 18:58]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{95651EAF-5A5D-4E59-AC85-8EC1E203124A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\PriceGong\2.1.0\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\june call\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

BHO-{E01687D4-1FCC-CE16-7FD4-CB7578582FB7} - c:\programdata\AUDIOKSE32.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 09:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-18 09:37:45
ComboFix-quarantined-files.txt 2011-02-18 15:37
ComboFix2.txt 2011-02-17 01:06

Pre-Run: 84,825,059,328 bytes free
Post-Run: 84,771,008,512 bytes free

- - End Of File - - 6F79718C8C1D629D662216215F488B77

Avira AntiVir Personal
Report file date: Friday, February 18, 2011 09:56

Scanning for 2414244 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUNECALL-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 20:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 20:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 04:09:23
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 04:09:23
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 04:09:23
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 04:09:23
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 04:09:24
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 04:09:24
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 04:09:24
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 04:09:24
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 04:09:24
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 04:09:25
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 04:09:25
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 04:09:39
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 04:08:58
VBASE015.VDF : 7.11.3.98 2048 Bytes 2/16/2011 04:08:58
VBASE016.VDF : 7.11.3.99 2048 Bytes 2/16/2011 04:08:58
VBASE017.VDF : 7.11.3.100 2048 Bytes 2/16/2011 04:08:59
VBASE018.VDF : 7.11.3.101 2048 Bytes 2/16/2011 04:08:59
VBASE019.VDF : 7.11.3.102 2048 Bytes 2/16/2011 04:08:59
VBASE020.VDF : 7.11.3.103 2048 Bytes 2/16/2011 04:08:59
VBASE021.VDF : 7.11.3.104 2048 Bytes 2/16/2011 04:08:59
VBASE022.VDF : 7.11.3.105 2048 Bytes 2/16/2011 04:08:59
VBASE023.VDF : 7.11.3.106 2048 Bytes 2/16/2011 04:09:00
VBASE024.VDF : 7.11.3.107 2048 Bytes 2/16/2011 04:09:00
VBASE025.VDF : 7.11.3.108 2048 Bytes 2/16/2011 04:09:00
VBASE026.VDF : 7.11.3.109 2048 Bytes 2/16/2011 04:09:00
VBASE027.VDF : 7.11.3.110 2048 Bytes 2/16/2011 04:09:00
VBASE028.VDF : 7.11.3.111 2048 Bytes 2/16/2011 04:09:01
VBASE029.VDF : 7.11.3.112 2048 Bytes 2/16/2011 04:09:01
VBASE030.VDF : 7.11.3.113 2048 Bytes 2/16/2011 04:09:01
VBASE031.VDF : 7.11.3.140 111104 Bytes 2/18/2011 15:53:09
Engineversion : 8.2.4.170
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 20:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/16/2011 04:09:55
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 20:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 20:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 20:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/16/2011 04:09:54
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/16/2011 04:09:53
AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2/18/2011 04:40:56
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/16/2011 04:09:47
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/16/2011 04:09:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 20:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/16/2011 04:09:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 20:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 20:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 20:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 20:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 20:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 20:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 20:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 20:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 20:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, February 18, 2011 09:56

Starting search for hidden objects.
c:\windows\system32\regsvr32.exe
c:\windows\system32\regsvr32.exe
[NOTE] The process is not visible.
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'wordpad.exe' - '61' Module(s) have been scanned
Scan process 'mozybackup.exe' - '29' Module(s) have been scanned
Scan process 'mozybackup.exe' - '53' Module(s) have been scanned
Scan process 'hphc_service.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'iexplore.exe' - '98' Module(s) have been scanned
Scan process 'WinMail.exe' - '103' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'mozystat.exe' - '36' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '36' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'Explorer.EXE' - '148' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'fltLib32.exe' - '15' Module(s) have been scanned
Module is infected -> <C:\ProgramData\fltLib32.exe>
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'd3d10_1core32.exe' - '62' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\System32\d3d10_1core32.exe>
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
Module is infected -> <C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\EAAC.tmp>
[DETECTION] Is the TR/Killproc.A.6 Trojan
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'avshadow.exe' - '36' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'FileZilla Server.exe' - '18' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'atashost.exe' - '26' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
c:\windows\system32\regsvr32.exe
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'wordpad.exe' - '61' Module(s) have been scanned
Scan process 'mozybackup.exe' - '29' Module(s) have been scanned
Scan process 'mozybackup.exe' - '53' Module(s) have been scanned
Scan process 'hphc_service.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'iexplore.exe' - '98' Module(s) have been scanned
Scan process 'WinMail.exe' - '103' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'mozystat.exe' - '36' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '36' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'Explorer.EXE' - '148' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'fltLib32.exe' - '15' Module(s) have been scanned
Module is infected -> <C:\ProgramData\fltLib32.exe>
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'd3d10_1core32.exe' - '62' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\System32\d3d10_1core32.exe>
Module is infected -> <C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\EAAC.tmp>
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'avshadow.exe' - '36' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'FileZilla Server.exe' - '18' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'atashost.exe' - '26' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

The scan of running processes will be started
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'wordpad.exe' - '61' Module(s) have been scanned
Scan process 'mozybackup.exe' - '29' Module(s) have been scanned
Scan process 'mozybackup.exe' - '53' Module(s) have been scanned
Scan process 'hphc_service.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'iexplore.exe' - '98' Module(s) have been scanned
Scan process 'WinMail.exe' - '103' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'mozystat.exe' - '36' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '36' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'Explorer.EXE' - '148' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'fltLib32.exe' - '15' Module(s) have been scanned
Module is infected -> <C:\ProgramData\fltLib32.exe>
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'd3d10_1core32.exe' - '62' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\System32\d3d10_1core32.exe>
Module is infected -> <C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\EAAC.tmp>
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'avshadow.exe' - '36' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'FileZilla Server.exe' - '18' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'atashost.exe' - '26' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\System32\d3d10_1core32.exe
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
C:\WINDOWS\xactengine2_3wow.exe
[DETECTION] Is the TR/Katusha.2.19 Trojan

The registry was scanned ( '1922' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\Konvertor\Kconvgame.dll
[DETECTION] Is the TR/PSW.Tibia.gyv Trojan
C:\ProgramData\fltLib32.exe
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\h\2\index.htm
[DETECTION] Contains recognition pattern of the JS/Dldr.FraudLoa.eos Java script virus
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\C\ProgramData\AUDIOKSE32.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v1.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.7 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.7 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v2.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.10 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.10 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v3.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.8 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.8 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v1.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.22 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.22 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v2.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.21 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.21 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v3.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.20 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.20 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v1.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Diple.pe Trojan
--> setup.exe
[DETECTION] Is the TR/Diple.pe Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v2.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.14 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.14 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v4.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v5.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v6.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v7.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
C:\Qoobox\Quarantine\C\Users\june call\AppData\Roaming\SysWin\lsass.exe.vir
[DETECTION] Is the TR/Searches.jx Trojan
C:\Qoobox\Quarantine\C\WINDOWS\compobjwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\eappgnuiwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\KBDVNTCwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\msieftpwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\NlsLexicons0011wow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\seclogonwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\vgawow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\wlanmsmwow.exe.vir
[DETECTION] Is the TR/Diple.pf Trojan
C:\Qoobox\Quarantine\C\WINDOWS\xpssvcswow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7F9F1049-00004E8D.eml
[0] Archive type: MIME
[DETECTION] Contains recognition pattern of the EXP/Pidief.33680 exploit
--> UnionRfc.PDF
[DETECTION] Contains recognition pattern of the EXP/Pidief.33680 exploit
C:\Users\june call\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7403803b-32d5a1be
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
C:\Users\june call\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\406df447-42f04503
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.RC exploit
--> vload.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.RC exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.PG exploit
C:\WINDOWS\xactengine2_3wow.exe
[DETECTION] Is the TR/Katusha.2.19 Trojan
C:\WINDOWS\System32\d3d10_1core32.exe
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
C:\WINDOWS\System32\fdSSDP32.exe
[DETECTION] Is the TR/Searches.jx Trojan
C:\WINDOWS\System32\fltLib32.exe
[DETECTION] Is the TR/Searches.jx Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\1000.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\2EF6.tmp
[DETECTION] Is the TR/BHO.bfjq Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\B138.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\BCA.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\EAAC.tmp
[DETECTION] Is the TR/Killproc.A.6 Trojan
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe
[DETECTION] Is the TR/Searches.jx Trojan
C:\WINDOWS\Temp\2876.tmp
[DETECTION] Is the TR/Katusha.2.19 Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\WINDOWS\Temp\2876.tmp
[DETECTION] Is the TR/Katusha.2.19 Trojan
[NOTE] The file was moved to the quarantine directory under the name '495950a0.qua'.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe
[DETECTION] Is the TR/Searches.jx Trojan
[NOTE] The file was moved to the quarantine directory under the name '51e47f4a.qua'.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\EAAC.tmp
[DETECTION] Is the TR/Killproc.A.6 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] The file could not be deleted!
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\BCA.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
[NOTE] The file was moved to the quarantine directory under the name '20284731.qua'.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\B138.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f3d756e.qua'.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\2EF6.tmp
[DETECTION] Is the TR/BHO.bfjq Trojan
[NOTE] The file was moved to the quarantine directory under the name '13b05918.qua'.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\1000.tmp
[DETECTION] Is the TR/Killproc.A.24 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6f821974.qua'.
C:\WINDOWS\System32\fltLib32.exe
[DETECTION] Is the TR/Searches.jx Trojan
[NOTE] The file was moved to the quarantine directory under the name '4284367d.qua'.
C:\WINDOWS\System32\fdSSDP32.exe
[DETECTION] Is the TR/Searches.jx Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b8f0dff.qua'.
C:\Users\june call\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\406df447-42f04503
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.PG exploit
[NOTE] The file was moved to the quarantine directory under the name '37f62193.qua'.
C:\Users\june call\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7403803b-32d5a1be
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '4655180a.qua'.
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7F9F1049-00004E8D.eml
[DETECTION] Contains recognition pattern of the EXP/Pidief.33680 exploit
[NOTE] The file was moved to the quarantine directory under the name '485628fb.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\xpssvcswow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d3951c3.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\wlanmsmwow.exe.vir
[DETECTION] Is the TR/Diple.pf Trojan
[NOTE] The file was moved to the quarantine directory under the name '045c556c.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\vgawow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c1d4c18.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\seclogonwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '709735d6.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\NlsLexicons0011wow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e795513.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\msieftpwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d617e69.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\KBDVNTCwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bcc3e07.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\eappgnuiwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '393445c3.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\compobjwow.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '33746ea3.qua'.
C:\Qoobox\Quarantine\C\Users\june call\AppData\Roaming\SysWin\lsass.exe.vir
[DETECTION] Is the TR/Searches.jx Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c530aeb.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v7.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '724f06ca.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v6.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '2737023f.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v5.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '2aa17313.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v4.vir
[DETECTION] Is the TR/Dldr.Waick.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '36fc671a.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v2.vir
[DETECTION] Is the TR/Katusha.2.14 Trojan
[NOTE] The file was moved to the quarantine directory under the name '072f2ad9.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v1.vir
[DETECTION] Is the TR/Diple.pe Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b793eee.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v3.vir
[DETECTION] Is the TR/Katusha.2.20 Trojan
[NOTE] The file was moved to the quarantine directory under the name '22e31bee.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v2.vir
[DETECTION] Is the TR/Katusha.2.21 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7976133f.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1045610869v1.vir
[DETECTION] Is the TR/Katusha.2.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1fc41fd7.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v3.vir
[DETECTION] Is the TR/Katusha.2.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '484a6d7c.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v2.vir
[DETECTION] Is the TR/Katusha.2.10 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a3a3a08.qua'.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u1045610869v1.vir
[DETECTION] Is the TR/Katusha.2.7 Trojan
[NOTE] The file was moved to the quarantine directory under the name '022a409f.qua'.
C:\Qoobox\Quarantine\C\ProgramData\AUDIOKSE32.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2271443a.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '774802ad.qua'.
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\h\2\index.htm
[DETECTION] Contains recognition pattern of the JS/Dldr.FraudLoa.eos Java script virus
[NOTE] The file was moved to the quarantine directory under the name '16152317.qua'.
C:\ProgramData\fltLib32.exe
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] The file could not be deleted!
[NOTE] The file is scheduled for deleting after reboot.
C:\Program Files\Konvertor\Kconvgame.dll
[DETECTION] Is the TR/PSW.Tibia.gyv Trojan
[NOTE] The file was moved to the quarantine directory under the name '058529bb.qua'.
C:\WINDOWS\xactengine2_3wow.exe
[DETECTION] Is the TR/Katusha.2.19 Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xactengine2_3wow.exe> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '17305504.qua'.
C:\WINDOWS\System32\d3d10_1core32.exe
[DETECTION] Is the TR/Dldr.Tracur.A.109 Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\seclogon32\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon32\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon32\ImagePath> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '006336b7.qua'.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: Friday, February 18, 2011 16:38
Used time: 2:47:44 Hour(s)

The scan has been done completely.

30772 Scanned directories
889479 Files were scanned
46 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
39 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
889432 Files not concerned
47186 Archives were scanned
2 Warnings
41 Notes
860242 Objects were scanned with rootkit scan
1 Hidden objects were found



Thank you
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 19th, 2011, 10:23 am

stingerbud,
That's an awful lot of infected files.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Click on the Run Scan button at the top left hand corner.
  4. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
    Please post the contents of these files.
    You may use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 20th, 2011, 12:20 am

First

OTL logfile created on: 2/19/2011 10:11:56 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\june call\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.15 Gb Total Space | 77.15 Gb Free Space | 34.89% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: JUNECALL-PC | User Name: june call | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/10/17 13:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/29 20:41:50 | 000,043,912 | ---- | M] (Cisco WebEx LLC) -- C:\WINDOWS\System32\atashost.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/20 20:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe


========== Modules (SafeList) ==========

MOD - [2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/30 20:44:21 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)
SRV - [2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/17 13:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/29 20:41:50 | 000,043,912 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/20 21:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/11/20 21:07:08 | 000,125,440 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/24 05:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/20 21:02:48 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/11/20 20:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/11/20 20:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 11:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 12:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 12:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/28 01:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 14:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/01 07:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 07:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 16:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 15:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5C 95 80 03 A6 20 28 4D 98 70 93 9E CD DD 4B 13 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {bdd75058-3707-433a-9f45-166942f61d1e}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/26 20:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/08 13:23:51 | 000,000,000 | ---D | M]

[2011/01/26 20:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Extensions
[2010/04/18 23:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/16 19:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions
[2011/01/26 20:40:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/26 20:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 22:58:18 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/06/15 19:58:59 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQ834HWX.DEFAULT\EXTENSIONS\{BDD75058-3707-433A-9F45-166942F61D1E}

O1 HOSTS File: ([2011/02/18 09:34:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (947bcb7a) - {0C015699-7DB8-6942-80C6-C5057CA00DE7} - C:\ProgramData\AUDIOKSE32.dll (Borland Software Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mozysupport.webex.com/client/T2 ... atgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\june call\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\june call\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 19:48:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/19 22:11:02 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
[2011/02/18 09:51:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/02/18 09:49:35 | 000,246,784 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\AUDIOKSE32.dll
[2011/02/18 09:40:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/18 09:24:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/16 18:52:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/16 18:52:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/16 18:52:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/16 18:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/16 18:51:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Avira
[2011/02/15 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/15 22:08:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/15 22:08:06 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/15 22:08:06 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/15 22:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/15 22:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/12 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/12 22:47:12 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/12 22:42:38 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/12 22:42:31 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/12 22:42:30 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/12 22:42:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/12 22:42:14 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/12 22:42:13 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/12 22:42:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/12 22:42:13 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/12 22:42:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/12 22:42:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/12 22:42:12 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/12 22:42:12 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/12 22:42:12 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/12 22:42:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/12 22:42:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/12 22:42:11 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/12 22:42:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/12 22:42:09 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/12 22:42:09 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/12 22:42:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/12 22:42:09 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/12 22:42:08 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/12 22:42:08 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/12 22:42:08 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/12 22:42:08 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/12 22:42:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/12 22:42:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/12 22:42:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/12 22:37:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/12 22:37:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/12 22:37:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/12 22:37:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/12 22:37:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/02/12 22:37:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/02/12 22:36:16 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/12 22:36:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/11 09:20:51 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\WinRAR
[2011/02/01 20:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/02/01 20:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla Server
[2011/02/01 20:22:04 | 000,000,000 | ---D | C] -- C:\public_html
[2011/01/31 19:14:10 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2011/01/31 19:14:10 | 000,402,481 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006
[2011/01/31 19:14:10 | 000,203,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011/01/31 19:14:10 | 000,174,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007
[2011/01/31 19:14:10 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2011/01/31 19:14:10 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vb6stkit.dll
[2011/01/31 19:14:10 | 000,097,280 | ---- | C] (Visual Components, Inc.) -- C:\Windows\System32\vspell32.ocx
[2011/01/31 19:14:10 | 000,070,656 | ---- | C] (Visual Components, Inc.) -- C:\Windows\System32\vspell32.dll
[2011/01/31 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PageBreeze
[2011/01/31 19:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageBreeze
[2011/01/31 19:14:09 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003
[2011/01/31 19:14:09 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2011/01/31 19:14:09 | 000,369,696 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\Comct332.ocx
[2011/01/31 19:14:09 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2011/01/31 19:14:09 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
[2011/01/31 19:14:09 | 000,089,600 | ---- | C] (AY Software Corporation) -- C:\Windows\System32\Leocx32.ocx
[2011/01/31 19:14:09 | 000,084,992 | ---- | C] (AY Software Corporation) -- C:\Windows\System32\Ledit32.dll
[2011/01/31 19:14:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2011/01/31 19:14:08 | 001,245,184 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatCert.dll
[2011/01/31 19:14:08 | 001,105,920 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatFtp2.dll
[2011/01/31 19:14:08 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2011/01/31 19:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\PageBreeze
[2011/01/31 19:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/01/30 22:26:31 | 000,000,000 | ---D | C] -- C:\Users\june call\Documents\OneNote Notebooks
[2011/01/30 22:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/30 22:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/30 21:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/01/30 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/01/30 20:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/01/30 20:50:23 | 000,000,000 | ---D | C] -- C:\Users\june call\Desktop\Adobe CS5
[2011/01/30 20:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/01/30 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/30 09:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2011/01/29 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\FileZilla
[2011/01/29 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/01/29 16:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/01/29 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Local\Microsoft Help
[2011/01/29 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAT
[2011/01/28 19:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/01/26 20:37:54 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Local\Mozilla
[2011/01/26 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/24 21:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/24 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/24 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/23 16:43:36 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVUnit
[2011/01/23 16:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\FLVUnit
[2011/01/21 18:23:34 | 000,000,000 | ---D | C] -- C:\Users\june call\Desktop\keep
[2011/01/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Printer Info Cache
[2011/01/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Image Zone Express
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\june call\Desktop\*.tmp files -> C:\Users\june call\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
[2011/02/19 21:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 21:42:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/19 21:19:14 | 000,048,379 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/19 21:19:13 | 000,048,379 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/19 21:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/18 18:40:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 18:40:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 16:56:17 | 000,127,440 | ---- | M] () -- C:\Users\june call\Desktop\newset log.rtf
[2011/02/18 16:39:56 | 3152,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/18 16:38:34 | 000,000,104 | ---- | M] () -- C:\Windows\System32\514231384
[2011/02/18 16:34:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\343072851
[2011/02/18 11:41:41 | 000,002,123 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011/02/18 10:42:54 | 000,000,148 | -HS- | M] () -- C:\ProgramData\878234495
[2011/02/18 10:21:48 | 000,001,353 | ---- | M] () -- C:\Users\june call\Desktop\Update and Scan with Antivir.rtf
[2011/02/18 09:49:47 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/02/18 09:49:35 | 000,246,784 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\AUDIOKSE32.dll
[2011/02/18 09:34:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/18 09:26:59 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2011/02/18 08:03:27 | 000,000,246 | ---- | M] () -- C:\Users\june call\Desktop\business.url
[2011/02/17 22:41:28 | 000,000,175 | ---- | M] () -- C:\ProgramData\34889c28
[2011/02/16 18:49:23 | 004,270,215 | R--- | M] () -- C:\Users\june call\Desktop\zzz.exe
[2011/02/16 18:35:53 | 000,721,199 | ---- | M] () -- C:\Users\june call\Desktop\rkill.exe
[2011/02/15 23:10:35 | 000,000,235 | ---- | M] () -- C:\Users\june call\Desktop\Yahoo! Answers - Home.url
[2011/02/15 22:00:05 | 049,788,256 | ---- | M] () -- C:\Users\june call\Desktop\avira_antivir_personal_en.exe
[2011/02/15 21:45:39 | 000,005,768 | ---- | M] () -- C:\Users\june call\Documents\uninstall_list
[2011/02/15 21:31:52 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjune call.job
[2011/02/15 21:07:40 | 000,005,480 | ---- | M] () -- C:\Users\june call\Documents\infected.rtf
[2011/02/13 20:52:47 | 000,001,852 | ---- | M] () -- C:\Users\june call\Documents\action plan.rtf
[2011/02/13 19:13:32 | 000,000,344 | ---- | M] () -- C:\Users\june call\Desktop\Mass Money Makers.url
[2011/02/13 14:14:36 | 000,004,444 | ---- | M] () -- C:\Windows\mozy.blk
[2011/02/13 14:14:36 | 000,000,610 | ---- | M] () -- C:\Windows\mozy.flt
[2011/02/13 03:32:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 03:32:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/13 03:24:21 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/12 23:05:43 | 000,000,287 | ---- | M] () -- C:\Users\june call\Desktop\MalWare Removal • Login.url
[2011/02/12 22:47:12 | 000,001,956 | ---- | M] () -- C:\Users\june call\Desktop\HiJackThis.lnk
[2011/02/11 22:45:17 | 000,000,212 | ---- | M] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In (2).url
[2011/02/11 22:45:10 | 000,000,266 | ---- | M] () -- C:\Users\june call\Desktop\WordPress.com — Get a Free Blog Here.url
[2011/02/11 22:44:18 | 000,000,208 | ---- | M] () -- C:\Users\june call\Desktop\Alexa the Web Information Company.url
[2011/02/11 21:39:31 | 000,000,232 | ---- | M] () -- C:\Users\june call\Desktop\FileZilla - The free FTP solution.url
[2011/02/11 21:35:59 | 000,000,212 | ---- | M] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In.url
[2011/02/11 21:35:10 | 000,000,306 | ---- | M] () -- C:\Users\june call\Desktop\Home Quantcast.url
[2011/02/11 21:34:44 | 000,000,205 | ---- | M] () -- C:\Users\june call\Desktop\KompoZer - Easy web authoring.url
[2011/02/11 21:08:13 | 000,000,613 | ---- | M] () -- C:\Users\june call\Documents\tv hoplink.rtf
[2011/02/11 20:28:58 | 000,001,164 | ---- | M] () -- C:\Users\june call\Documents\clickbank pass.rtf
[2011/02/11 14:51:54 | 000,000,583 | ---- | M] () -- C:\Users\june call\Desktop\Google (2).url
[2011/02/11 11:20:49 | 000,001,019 | ---- | M] () -- C:\Users\june call\Documents\word notes.rtf
[2011/02/07 07:08:43 | 000,000,619 | ---- | M] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform (2).url
[2011/02/07 07:08:24 | 000,000,619 | ---- | M] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform.url
[2011/02/07 06:59:06 | 000,000,234 | ---- | M] () -- C:\Users\june call\Documents\watchpccontentontv.com
[2011/02/07 06:15:06 | 000,000,294 | ---- | M] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host (2).url
[2011/02/07 06:00:11 | 000,000,668 | ---- | M] () -- C:\Users\june call\Desktop\iContact Login - iContact (2).url
[2011/02/06 21:53:13 | 000,000,261 | ---- | M] () -- C:\Users\june call\Desktop\Reset Password - iContact.url
[2011/02/06 14:54:39 | 000,010,246 | ---- | M] () -- C:\Users\june call\Documents\hoplink.docx
[2011/02/06 11:45:24 | 000,000,343 | ---- | M] () -- C:\Users\june call\Desktop\iContact Email Marketing Simplified.url
[2011/02/06 11:43:26 | 000,014,213 | ---- | M] () -- C:\Users\june call\Documents\word list.rtf
[2011/02/05 18:34:46 | 000,013,031 | ---- | M] () -- C:\Users\june call\Documents\internet tv on tv.docx
[2011/02/05 18:11:47 | 000,012,549 | ---- | M] () -- C:\Users\june call\Documents\internet tv to tv.docx
[2011/02/05 15:20:58 | 000,000,913 | ---- | M] () -- C:\Users\june call\Desktop\Google.url
[2011/02/05 15:06:03 | 000,000,214 | ---- | M] () -- C:\Users\june call\Desktop\Compete Compete.url
[2011/02/05 14:45:26 | 000,000,242 | ---- | M] () -- C:\Users\june call\Desktop\- ClickBank.url
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/01 20:55:06 | 000,000,220 | ---- | M] () -- C:\Users\june call\Desktop\Cheap Domain Names Registration, Domain Transfer, Free SSL Certificates, Free DNS, Privacy Protection • Namecheap.com.url
[2011/02/01 20:39:28 | 000,001,868 | ---- | M] () -- C:\Users\june call\Desktop\FileZilla Server Interface.lnk
[2011/02/01 16:08:03 | 000,011,372 | ---- | M] () -- C:\Users\june call\Documents\So you want to turn your computer into a TV set.docx
[2011/02/01 15:46:46 | 000,122,436 | ---- | M] () -- C:\Users\june call\Documents\keywordtpc.rtf
[2011/02/01 15:36:06 | 000,000,232 | ---- | M] () -- C:\Users\june call\Desktop\Keyword Analysis Tool - Market Samurai.url
[2011/02/01 13:55:20 | 000,000,344 | ---- | M] () -- C:\Users\june call\Desktop\Mass Money Makers (2).url
[2011/01/31 19:38:47 | 000,000,730 | ---- | M] () -- C:\Windows\pagebreeze.ini
[2011/01/31 19:14:15 | 000,000,044 | ---- | M] () -- C:\Windows\formbreeze.ini
[2011/01/31 06:16:15 | 000,020,480 | ---- | M] () -- C:\Users\june call\Documents\Sandy Morain bio.wps
[2011/01/31 06:16:15 | 000,002,000 | ---- | M] () -- C:\Users\june call\AppData\Roaming\wklnhst.dat
[2011/01/31 06:14:09 | 000,017,408 | ---- | M] () -- C:\Users\june call\Documents\guest for pillar of community.wps
[2011/01/30 23:28:02 | 000,030,720 | ---- | M] () -- C:\Users\june call\Documents\cable.msam
[2011/01/30 23:16:36 | 000,000,318 | ---- | M] () -- C:\Users\june call\Desktop\untitled.html
[2011/01/30 22:26:30 | 000,001,111 | ---- | M] () -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/01/30 22:15:45 | 000,001,735 | ---- | M] () -- C:\Users\june call\Desktop\Free Dolphin Screensaver.lnk
[2011/01/30 20:37:49 | 000,000,250 | ---- | M] () -- C:\Users\june call\Desktop\Web design software, HTML editor Adobe Dreamweaver CS5.url
[2011/01/30 18:26:38 | 000,000,666 | ---- | M] () -- C:\Users\june call\Desktop\iContact Login - iContact.url
[2011/01/30 11:38:30 | 000,001,659 | ---- | M] () -- C:\Users\june call\Documents\wordlisttv.rtf
[2011/01/30 10:11:58 | 000,000,158 | ---- | M] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host.url
[2011/01/30 09:10:15 | 000,000,252 | ---- | M] () -- C:\Users\june call\Desktop\Market Samurai.url
[2011/01/29 23:32:55 | 000,032,269 | ---- | M] () -- C:\Users\june call\Documents\satellite cable digital tv on your pc.docx
[2011/01/29 22:45:59 | 000,017,488 | ---- | M] () -- C:\Users\june call\Documents\Document.rtf
[2011/01/29 21:19:55 | 000,000,217 | ---- | M] () -- C:\Users\june call\Desktop\Email Marketing - iContact.url
[2011/01/29 14:23:14 | 000,095,285 | ---- | M] () -- C:\Users\june call\Documents\keyword_ideas_20110129_1220145(1).xlsx
[2011/01/29 00:05:21 | 000,003,143 | ---- | M] () -- C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml
[2011/01/28 23:57:56 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (3).url
[2011/01/28 23:51:27 | 000,000,150 | ---- | M] () -- C:\Users\june call\Desktop\GIMP - The GNU Image Manipulation Program.url
[2011/01/28 23:19:28 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (2).url
[2011/01/28 22:09:55 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool.url
[2011/01/28 20:31:30 | 000,027,857 | ---- | M] () -- C:\Users\june call\Desktop\MassMoneyEMails.pdf
[2011/01/26 20:37:56 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/01/26 20:37:30 | 000,001,748 | ---- | M] () -- C:\Users\june call\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/26 17:50:18 | 000,018,432 | ---- | M] () -- C:\Users\june call\Documents\JUNE MEDICINE 1 26 11.wps
[2011/01/24 12:45:35 | 000,016,384 | ---- | M] () -- C:\Users\june call\Documents\june life insurance information.wps
[2011/01/23 16:43:36 | 000,000,788 | ---- | M] () -- C:\Users\june call\Desktop\FLVUnit.lnk
[2011/01/23 09:23:14 | 000,119,296 | ---- | M] () -- C:\Users\june call\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 08:49:28 | 000,000,165 | ---- | M] () -- C:\ProgramData\sl1438210541
[2011/01/22 16:12:02 | 000,000,178 | ---- | M] () -- C:\Users\june call\Desktop\101 Ways To Make Money - Learn How To Make Money Online.url
[2011/01/22 12:06:48 | 000,000,277 | ---- | M] () -- C:\Users\june call\Desktop\Primerica Business Opportunity.url
[2011/01/22 12:05:06 | 000,000,403 | ---- | M] () -- C:\Users\june call\Desktop\Primerica Business Opportunity - Part-Time Opportunity.url
[2011/01/22 11:13:52 | 000,010,516 | ---- | M] () -- C:\Users\june call\Desktop\Make Money Online (Without Spending a Dime).url
[2011/01/22 10:16:56 | 000,001,619 | ---- | M] () -- C:\Users\june call\Desktop\make money internet - How-To Videos & Articles « Wonder How To.url
[2011/01/21 18:05:05 | 000,009,175 | ---- | M] () -- C:\Users\june call\Desktop\wonderhowto.url
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\june call\Desktop\*.tmp files -> C:\Users\june call\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/18 09:55:37 | 000,001,353 | ---- | C] () -- C:\Users\june call\Desktop\Update and Scan with Antivir.rtf
[2011/02/18 09:49:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/02/18 09:41:59 | 000,127,440 | ---- | C] () -- C:\Users\june call\Desktop\newset log.rtf
[2011/02/18 09:26:59 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2011/02/18 08:03:27 | 000,000,246 | ---- | C] () -- C:\Users\june call\Desktop\business.url
[2011/02/16 18:52:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/16 18:52:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/16 18:52:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/16 18:52:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/16 18:52:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/16 18:49:04 | 004,270,215 | R--- | C] () -- C:\Users\june call\Desktop\zzz.exe
[2011/02/16 18:35:52 | 000,721,199 | ---- | C] () -- C:\Users\june call\Desktop\rkill.exe
[2011/02/15 21:59:57 | 049,788,256 | ---- | C] () -- C:\Users\june call\Desktop\avira_antivir_personal_en.exe
[2011/02/15 21:45:32 | 000,005,768 | ---- | C] () -- C:\Users\june call\Documents\uninstall_list
[2011/02/15 21:07:40 | 000,005,480 | ---- | C] () -- C:\Users\june call\Documents\infected.rtf
[2011/02/13 20:52:47 | 000,001,852 | ---- | C] () -- C:\Users\june call\Documents\action plan.rtf
[2011/02/12 23:05:43 | 000,000,287 | ---- | C] () -- C:\Users\june call\Desktop\MalWare Removal • Login.url
[2011/02/12 22:47:12 | 000,001,956 | ---- | C] () -- C:\Users\june call\Desktop\HiJackThis.lnk
[2011/02/11 20:33:08 | 000,000,613 | ---- | C] () -- C:\Users\june call\Documents\tv hoplink.rtf
[2011/02/11 20:28:12 | 000,001,164 | ---- | C] () -- C:\Users\june call\Documents\clickbank pass.rtf
[2011/02/11 17:08:43 | 000,000,212 | ---- | C] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In (2).url
[2011/02/11 17:08:39 | 000,000,212 | ---- | C] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In.url
[2011/02/11 10:49:33 | 000,001,019 | ---- | C] () -- C:\Users\june call\Documents\word notes.rtf
[2011/02/07 06:59:06 | 000,000,234 | ---- | C] () -- C:\Users\june call\Documents\watchpccontentontv.com
[2011/02/07 05:51:16 | 000,000,266 | ---- | C] () -- C:\Users\june call\Desktop\WordPress.com — Get a Free Blog Here.url
[2011/02/06 21:51:31 | 000,000,619 | ---- | C] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform (2).url
[2011/02/06 14:54:39 | 000,010,246 | ---- | C] () -- C:\Users\june call\Documents\hoplink.docx
[2011/02/05 18:34:45 | 000,013,031 | ---- | C] () -- C:\Users\june call\Documents\internet tv on tv.docx
[2011/02/05 18:11:47 | 000,012,549 | ---- | C] () -- C:\Users\june call\Documents\internet tv to tv.docx
[2011/02/05 08:44:27 | 000,000,232 | ---- | C] () -- C:\Users\june call\Desktop\FileZilla - The free FTP solution.url
[2011/02/01 20:39:28 | 000,001,868 | ---- | C] () -- C:\Users\june call\Desktop\FileZilla Server Interface.lnk
[2011/02/01 16:08:01 | 000,011,372 | ---- | C] () -- C:\Users\june call\Documents\So you want to turn your computer into a TV set.docx
[2011/02/01 15:46:46 | 000,122,436 | ---- | C] () -- C:\Users\june call\Documents\keywordtpc.rtf
[2011/01/31 19:14:15 | 000,000,730 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2011/01/31 19:14:15 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
[2011/01/31 06:14:09 | 000,017,408 | ---- | C] () -- C:\Users\june call\Documents\guest for pillar of community.wps
[2011/01/30 23:16:36 | 000,000,318 | ---- | C] () -- C:\Users\june call\Desktop\untitled.html
[2011/01/30 22:26:30 | 000,001,111 | ---- | C] () -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/01/30 22:15:45 | 000,001,735 | ---- | C] () -- C:\Users\june call\Desktop\Free Dolphin Screensaver.lnk
[2011/01/30 21:01:54 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
[2011/01/30 20:58:14 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/01/30 20:58:00 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/01/30 20:57:41 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/01/30 20:55:47 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/01/30 18:22:52 | 000,000,261 | ---- | C] () -- C:\Users\june call\Desktop\Reset Password - iContact.url
[2011/01/30 18:17:57 | 000,000,668 | ---- | C] () -- C:\Users\june call\Desktop\iContact Login - iContact (2).url
[2011/01/30 18:17:39 | 000,000,666 | ---- | C] () -- C:\Users\june call\Desktop\iContact Login - iContact.url
[2011/01/30 18:17:28 | 000,000,343 | ---- | C] () -- C:\Users\june call\Desktop\iContact Email Marketing Simplified.url
[2011/01/30 11:38:30 | 000,001,659 | ---- | C] () -- C:\Users\june call\Documents\wordlisttv.rtf
[2011/01/30 10:47:52 | 000,000,583 | ---- | C] () -- C:\Users\june call\Desktop\Google (2).url
[2011/01/30 10:06:25 | 000,030,720 | ---- | C] () -- C:\Users\june call\Documents\cable.msam
[2011/01/30 09:14:09 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/01/30 09:10:15 | 000,000,252 | ---- | C] () -- C:\Users\june call\Desktop\Market Samurai.url
[2011/01/29 23:32:54 | 000,032,269 | ---- | C] () -- C:\Users\june call\Documents\satellite cable digital tv on your pc.docx
[2011/01/29 22:46:48 | 000,014,213 | ---- | C] () -- C:\Users\june call\Documents\word list.rtf
[2011/01/29 22:45:58 | 000,017,488 | ---- | C] () -- C:\Users\june call\Documents\Document.rtf
[2011/01/29 21:18:15 | 000,000,294 | ---- | C] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host (2).url
[2011/01/29 16:18:57 | 000,000,232 | ---- | C] () -- C:\Users\june call\Desktop\Keyword Analysis Tool - Market Samurai.url
[2011/01/29 14:23:12 | 000,095,285 | ---- | C] () -- C:\Users\june call\Documents\keyword_ideas_20110129_1220145(1).xlsx
[2011/01/29 13:36:39 | 000,000,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAT.lnk
[2011/01/29 12:28:07 | 000,000,913 | ---- | C] () -- C:\Users\june call\Desktop\Google.url
[2011/01/29 00:05:19 | 000,003,143 | ---- | C] () -- C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml
[2011/01/28 23:58:57 | 000,000,235 | ---- | C] () -- C:\Users\june call\Desktop\Yahoo! Answers - Home.url
[2011/01/28 23:58:38 | 000,000,217 | ---- | C] () -- C:\Users\june call\Desktop\Email Marketing - iContact.url
[2011/01/28 23:58:14 | 000,000,619 | ---- | C] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform.url
[2011/01/28 23:57:56 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (3).url
[2011/01/28 23:57:38 | 000,000,158 | ---- | C] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host.url
[2011/01/28 23:57:22 | 000,000,220 | ---- | C] () -- C:\Users\june call\Desktop\Cheap Domain Names Registration, Domain Transfer, Free SSL Certificates, Free DNS, Privacy Protection • Namecheap.com.url
[2011/01/28 23:56:56 | 000,000,306 | ---- | C] () -- C:\Users\june call\Desktop\Home Quantcast.url
[2011/01/28 23:54:14 | 000,000,208 | ---- | C] () -- C:\Users\june call\Desktop\Alexa the Web Information Company.url
[2011/01/28 23:53:58 | 000,000,214 | ---- | C] () -- C:\Users\june call\Desktop\Compete Compete.url
[2011/01/28 23:52:58 | 000,000,205 | ---- | C] () -- C:\Users\june call\Desktop\KompoZer - Easy web authoring.url
[2011/01/28 23:52:09 | 000,000,250 | ---- | C] () -- C:\Users\june call\Desktop\Web design software, HTML editor Adobe Dreamweaver CS5.url
[2011/01/28 23:51:27 | 000,000,150 | ---- | C] () -- C:\Users\june call\Desktop\GIMP - The GNU Image Manipulation Program.url
[2011/01/28 23:24:09 | 000,000,344 | ---- | C] () -- C:\Users\june call\Desktop\Mass Money Makers (2).url
[2011/01/28 23:24:04 | 000,000,344 | ---- | C] () -- C:\Users\june call\Desktop\Mass Money Makers.url
[2011/01/28 23:19:28 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (2).url
[2011/01/28 22:09:55 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool.url
[2011/01/28 20:31:30 | 000,027,857 | ---- | C] () -- C:\Users\june call\Desktop\MassMoneyEMails.pdf
[2011/01/27 15:58:08 | 000,020,480 | ---- | C] () -- C:\Users\june call\Documents\Sandy Morain bio.wps
[2011/01/26 20:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/26 20:37:30 | 000,001,748 | ---- | C] () -- C:\Users\june call\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 16:43:36 | 000,000,788 | ---- | C] () -- C:\Users\june call\Desktop\FLVUnit.lnk
[2011/01/23 08:56:24 | 000,002,123 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011/01/23 08:49:28 | 000,000,165 | ---- | C] () -- C:\ProgramData\sl1438210541
[2011/01/23 08:48:48 | 000,000,104 | ---- | C] () -- C:\Windows\System32\514231384
[2011/01/23 08:40:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/01/22 23:08:28 | 000,000,242 | ---- | C] () -- C:\Users\june call\Desktop\- ClickBank.url
[2011/01/22 16:12:02 | 000,000,178 | ---- | C] () -- C:\Users\june call\Desktop\101 Ways To Make Money - Learn How To Make Money Online.url
[2011/01/22 12:06:48 | 000,000,277 | ---- | C] () -- C:\Users\june call\Desktop\Primerica Business Opportunity.url
[2011/01/22 12:05:06 | 000,000,403 | ---- | C] () -- C:\Users\june call\Desktop\Primerica Business Opportunity - Part-Time Opportunity.url
[2011/01/22 10:43:23 | 000,010,516 | ---- | C] () -- C:\Users\june call\Desktop\Make Money Online (Without Spending a Dime).url
[2011/01/21 19:48:10 | 000,001,619 | ---- | C] () -- C:\Users\june call\Desktop\make money internet - How-To Videos & Articles « Wonder How To.url
[2010/11/14 20:53:01 | 000,000,006 | ---- | C] () -- C:\Users\june call\AppData\Roaming\start
[2010/11/14 20:16:10 | 000,000,175 | ---- | C] () -- C:\ProgramData\34889c28
[2010/11/13 15:46:38 | 000,000,148 | -HS- | C] () -- C:\ProgramData\878234495
[2010/11/13 15:46:37 | 000,001,185 | ---- | C] () -- C:\ProgramData\343072851
[2010/07/22 16:09:26 | 000,000,120 | ---- | C] () -- C:\Users\june call\AppData\Local\Owatusezejo.dat
[2010/07/22 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\Omadegefi.bin
[2010/06/19 15:42:46 | 000,026,760 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2010/05/11 11:51:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/10 18:25:58 | 000,002,000 | ---- | C] () -- C:\Users\june call\AppData\Roaming\wklnhst.dat
[2010/04/25 19:52:06 | 000,000,680 | ---- | C] () -- C:\Users\june call\AppData\Local\d3d9caps.dat
[2010/04/20 19:48:38 | 000,048,379 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/20 19:16:23 | 000,048,379 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\QSwitch.txt
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\DSwitch.txt
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\AtStart.txt
[2010/04/17 21:43:21 | 000,119,296 | ---- | C] () -- C:\Users\june call\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/14 12:25:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 20:03:11 | 000,002,415 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6A91BBD8
@Alternate Data Stream - 1187 bytes -> C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml:OECustomProperty

< End of report >

Thanks
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 20th, 2011, 12:24 am

OTL Extras logfile created on: 2/19/2011 10:11:56 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\june call\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.15 Gb Total Space | 77.15 Gb Free Space | 34.89% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: JUNECALL-PC | User Name: june call | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12AC4E08-6A93-47E4-A0F3-96EA45E5EBE8}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F032242-3137-47E0-8E3D-837506F6B856}" = lport=137 | protocol=17 | dir=in | app=system |
"{34F0D597-063A-49BD-B03E-8EC61F0CE5A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FC52ED3-CD50-4912-8168-31C77D2D681E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4272DC9E-9D9C-4532-A0E3-13A5E92064D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5707F73B-86EC-460D-9868-E06490C2CD0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E16E06C-9CCF-4E0C-B750-F854BFCE9ACC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61EC0730-AA7D-47FB-B90E-0A3042E54F8F}" = rport=137 | protocol=17 | dir=out | app=system |
"{6836854D-1598-4A9C-A2C6-E56571582DC2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{821428A9-1358-4E61-B591-568ACB76AB98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8739CA3B-4B4F-458B-A30C-2214BCE58666}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87D239A9-B2A6-4966-A08E-12F4180CFDAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{87F41B21-734E-4923-AF85-E786E3A89951}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB2AF6F3-2A34-4C17-AF97-8EBA42D3A620}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADA741E0-2571-4DAC-8119-BAAE48625765}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF203319-2245-48C0-B6A5-FD7D045FD4E5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B83277CE-3610-4C4A-BD3F-5514996806A4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA6C86BB-F1D6-4288-9BD7-0AF9497412D5}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C27505-70D2-4554-B263-13BCD4586629}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{04C8B575-9377-4E13-9F9B-58AB979B5CB2}" = dir=in | app=c:\windows\srcorewow.exe |
"{0A499D28-8321-4567-BC84-A59009530814}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{0A6A28EF-2EEF-4569-B4BE-187A1EC90A81}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{0BC1EC70-3B0B-42F5-91FE-C78E82CCC390}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0C912212-AE47-40D2-B481-87085F782934}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{0E259913-7AE0-4D80-AE70-554733075062}" = dir=in | app=c:\windows\msieftpwow.exe |
"{0EE2BD90-984A-40C0-8C9D-32805DBDF5A8}" = dir=in | app=c:\windows\mprddmwow.exe |
"{0EE5F92C-C90A-45E9-8DC1-31C55B739DE2}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{0F441F25-C068-46F6-813E-5AC67C3B2851}" = dir=in | app=c:\windows\msieftpwow.exe |
"{104AC3A2-8A6B-407A-A6A4-3EFE429D6FD6}" = dir=in | app=c:\windows\msieftpwow.exe |
"{139F7CAF-B23C-47FC-939F-6EFA30AC2F07}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{157963D2-6306-4D25-9157-8B5626DA4A71}" = dir=in | app=c:\windows\msieftpwow.exe |
"{16EC5AED-5239-48AB-AB96-0227DA30FD92}" = dir=in | app=c:\windows\srcorewow.exe |
"{18B1412B-7081-44C0-80C9-C730A1162FB2}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{1BE4557C-5C45-4096-9C28-C157DF4D8501}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{1C1983FA-1623-44A4-8E1A-0301F545D7C4}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{1D6F5A45-EC2A-44E3-8525-248D54F44CE9}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{1DC630C6-752B-4153-A891-733513AC52EB}" = dir=in | app=c:\windows\vgawow.exe |
"{1EF5A117-05D5-4B7B-8133-3EA13ACFF2BE}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{1FBC009C-7E0D-4EF3-B5EF-F0027FF9CC0D}" = dir=in | app=c:\windows\wups2wow.exe |
"{20320DB3-D273-4150-8567-489068995180}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{2405EC39-19D5-4F8F-914C-C27E2BF7DF6D}" = dir=in | app=c:\windows\msieftpwow.exe |
"{25E85119-0B91-4B1B-B43E-C393F2C87E7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2EA1064A-30A2-4AF2-8425-D6895200E47B}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{2EF57314-23F7-4C88-B1C8-0219CBA9163B}" = dir=in | app=c:\windows\system32\d3d10_1core32.exe |
"{2F1E5AFD-7631-48A6-BE5A-12B918510942}" = dir=in | app=c:\windows\vgawow.exe |
"{309ED182-9114-4797-9695-8FA7B646ED88}" = dir=in | app=c:\windows\sysclasswow.exe |
"{318EB364-A17C-4769-81EE-A3923DC045F9}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{31BCDCB5-7003-4BB3-881F-12C68A9236BC}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{367D93F4-4230-430B-BBD0-C2FE77816C8A}" = dir=in | app=c:\windows\seclogonwow.exe |
"{37E54D71-2E5A-4D7A-906B-F36791E802DA}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{38BC27F5-51EF-4C91-9023-4426A5E0C5C1}" = dir=in | app=c:\windows\wups2wow.exe |
"{39CC8000-B622-4E27-8FE5-4BB18B842642}" = dir=in | app=c:\windows\regapiwow.exe |
"{3A2E5197-B338-489E-927F-0D76726EFA8F}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{3AC402B7-60BD-4C82-AD3D-4F25E1D05401}" = dir=in | app=c:\windows\regapiwow.exe |
"{3AFE3DE2-EA31-4E9F-A4B3-C0ABFE0A5BDF}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{3B09A22F-E7A9-4F15-A8DE-787C635ECF93}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{3B184246-79A3-4757-B189-CFC984762282}" = dir=in | app=c:\windows\msieftpwow.exe |
"{3B2FA866-4202-4DC0-992B-A9BFAAE96D7D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C4E375E-EE25-45BD-981F-F6732E77D238}" = dir=in | app=c:\windows\sysclasswow.exe |
"{3E6D5898-ECA8-4372-B073-A839EDA555EC}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{40CC46A7-0085-496C-80A6-F835B3B66DC7}" = dir=in | app=c:\windows\mprddmwow.exe |
"{4132F99F-B2C1-4B4F-AD60-6C6CD1384943}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{41D98414-4101-47CB-8AE3-9219D5AAE663}" = dir=in | app=c:\windows\sysclasswow.exe |
"{421765E6-4F60-4932-93F6-D9F49EF685ED}" = dir=in | app=c:\windows\compobjwow.exe |
"{43B16BB7-336C-40B9-8FA3-C08682612F22}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{43FCBB5E-BBBA-4E39-9030-821FEC509954}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{44029A2D-FB6B-4CF1-8E17-3BA66E1C785F}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{4521187F-7DF4-4AE3-9B18-7E91F603A908}" = dir=in | app=c:\windows\seclogonwow.exe |
"{456689A9-5ED0-43D9-A3C3-A36A299F21DC}" = dir=in | app=c:\windows\srcorewow.exe |
"{458D3807-FC79-4BE1-83D4-DD9B2BFCF7DD}" = dir=in | app=c:\windows\compobjwow.exe |
"{45D8D91E-61FB-4944-A44E-5D620BD29F55}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{488C171A-F058-4729-9BD8-D304680A1CA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4AAF1E7C-3023-49A8-9A7D-F2B7A4257E76}" = dir=in | app=c:\windows\seclogonwow.exe |
"{4ABA226C-6923-44AC-94F0-0DB97D786FC4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B6E9D1D-870D-449C-9024-1570F8B7EA0B}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{4C6C1365-5829-4B59-8993-1017B2F34306}" = dir=in | app=c:\windows\vgawow.exe |
"{4CA93CF3-B2A1-412A-BAD7-1167D7F579CB}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{4D74088F-0DE7-4542-862C-FC74209F87AB}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{4E3D365D-9393-4963-82C5-B5C30F561A9D}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{513DFA1A-8F14-4F66-B57E-84150D2B4D2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5187AAD1-E527-49DE-8AAE-FD942E2F8514}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{51A5A9D6-2275-49E8-A143-41CC91F7C337}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{51C4283A-B96C-4843-BD15-2A6ED1AAF4A2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{520B4B55-D8EE-4044-8F7C-959E50068F69}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{523B9872-A92A-48FF-97AE-86C6F051CB3B}" = dir=in | app=c:\windows\mprddmwow.exe |
"{527B6BA1-3318-40C7-803C-2F84AB96D1DD}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{52D78B13-4523-479C-8A6A-812E8F757D26}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{5341716E-693F-4372-BF65-99297A6D6789}" = dir=in | app=c:\windows\msieftpwow.exe |
"{53F1BF0E-93F3-4738-890E-C8F7EED6A8C6}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{57970047-010A-46D2-8AB4-D139A1FCCD3F}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{58C17A4C-7BBF-4558-9B4A-619F49D1DEE3}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{59A7FACA-BC5A-499F-9E44-8081569197D4}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{59DD2FF8-15B9-4C63-B9A9-2ADBE942CA8C}" = dir=in | app=c:\windows\srcorewow.exe |
"{5AEEEE88-ADB0-478F-94A4-94BC30D4D78A}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{5B34B3D7-ED46-4CFB-8996-9F8D0ADC9160}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{5EEABA64-8D1A-4532-B886-288EBFB3AD8C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5F8B0846-9C31-4596-A50C-98D60CAC4A6C}" = dir=in | app=c:\windows\wups2wow.exe |
"{60A9B4BF-B3E0-4B00-A381-4D6B81FACB40}" = dir=in | app=c:\windows\msieftpwow.exe |
"{668E7617-18FE-4F3A-BC36-FF63DC2A4F87}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6774E0DD-356D-4EBE-A030-E2DF0632CD34}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{6F062799-F2D1-4AE2-975D-E4D70E54409F}" = dir=in | app=c:\windows\sysclasswow.exe |
"{6FF71CFD-17F2-41BD-BA08-F327843FA896}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{71C9A75C-FCF5-4D7F-A595-338D4D8D8B95}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{72A8D271-F202-478E-B0C6-1E7B2BBECC24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74679611-10F7-4D8B-AE23-87822B990C56}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{74D0C38F-3DB6-4AC0-90F0-01809395287A}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{76A8E8CE-7E15-4E1E-929E-FAAEDC471A4E}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{76CD191A-6AFB-4CD8-AAA5-EA4BC87C2A5D}" = dir=in | app=c:\windows\mprddmwow.exe |
"{77404D28-6984-40CC-9D8C-337F71BFA29C}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{7BC72DD5-1A8D-4698-98C8-6CC095E317B5}" = dir=in | app=c:\windows\regapiwow.exe |
"{7CAD5D90-17AA-4F81-9353-1328652F3AF8}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{7DF1C137-B0B5-4031-BAAA-4558147905E2}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{7F1572E7-6C25-4252-BB7B-B1F03AA22B0A}" = dir=in | app=c:\windows\compobjwow.exe |
"{7FC25279-9F2F-4BF2-8D76-9FF429273F7B}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{811C6086-0748-4DA0-941F-981066BEF0C0}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{83C3D3A2-ADD8-48EC-ADEE-F7C2B4F87630}" = dir=in | app=c:\windows\seclogonwow.exe |
"{857F35EA-62B8-4942-9C33-52061F2BCE2B}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{85A0A3A0-CE53-4A8D-91DD-4FBD9343E6CE}" = dir=in | app=c:\windows\srcorewow.exe |
"{86CD402B-13BB-4756-A05A-6891746FCE53}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{882FD1A1-C791-4A1B-AA7E-2E670CECE59B}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{887A495B-0A3C-4917-BB35-FA571E96D789}" = dir=in | app=c:\windows\seclogonwow.exe |
"{88AF70C9-636C-4FCC-A86D-7048B1C6037C}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{8BB2A29E-5D9A-4997-A4EA-48AEC85EF262}" = dir=in | app=c:\windows\srcorewow.exe |
"{8D08AC0C-5BE5-46B4-8C56-6A1589A19ADA}" = dir=in | app=c:\windows\regapiwow.exe |
"{8DD4F024-09C0-426C-8F91-CB3CF483A34D}" = dir=in | app=c:\windows\msonpmonwow.exe |
"{8F087550-EDA3-4066-9C99-98FAAD64595B}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{9250DD57-DEFA-4FCA-97B2-8139DF7E8230}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{93EC50DB-DDB0-4569-B988-183C04470980}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{94B7EA69-5C3B-41B3-B3D6-46BB78EAE987}" = dir=in | app=c:\windows\msieftpwow.exe |
"{95F55BF1-111E-4281-AE79-E7D54B9448BA}" = dir=in | app=c:\windows\compobjwow.exe |
"{95FD1396-40DA-4DD2-8C16-0DE73B59F2D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9966E41B-3003-45E9-B914-6B21AA541173}" = dir=in | app=c:\windows\xactengine2_3wow.exe |
"{99C7A66D-D16F-46E5-9AD2-EEB2F28C60DB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B024EE8-7A62-47EE-9920-0A3B68EDA4DA}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{9BE823D5-8C52-4764-9FCE-805C1CB05E9A}" = dir=in | app=c:\windows\srcorewow.exe |
"{9C689D7C-7CA5-4D5B-ADF1-80163912E4E1}" = dir=in | app=c:\windows\wups2wow.exe |
"{A0933FA4-41DB-4589-92CB-9ABE2111FBCF}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{A0A2849E-DF35-4A16-872F-2C06C53C382A}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{A11162EA-746F-42A3-8D95-48BF4F6BFA50}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{A3C5B864-F9E8-4C4D-8771-61801AE58C4F}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{A5376145-163A-48C1-9DFB-26638E5F07D5}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{A611A689-BDF0-4B98-B6D0-16F52845FECA}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{A71E194E-2C2F-4647-BCEC-F8C9A9E4930D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AABCA23E-588F-4FCF-8819-3D61CD8CB925}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B2B13276-F8C8-4A10-A1A2-D8BFECBFF5FE}" = dir=in | app=c:\windows\msieftpwow.exe |
"{B34CB9CB-E7E2-4113-8B59-E207C0B205DD}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{B428A244-7BFB-43FC-AB39-6BE24DCAABD5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B7FE0EBC-54D3-4C9A-85E5-EE01D36205B7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B8E5B6FD-FCAD-4276-84F7-D525AB64F68A}" = dir=in | app=c:\windows\srcorewow.exe |
"{B9A9EAEB-3891-4976-80DE-444C71431171}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{B9FD1487-2B2E-4A14-B7E2-69F190AB5FFF}" = dir=in | app=c:\windows\vgawow.exe |
"{BDE91A6D-41B3-4952-91B0-0142A04C68A2}" = dir=in | app=c:\windows\seclogonwow.exe |
"{C10C5E9C-0BFF-42D7-A7E8-B97DADA6FFC2}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{C2EDF4D0-E06C-4437-AE7C-4EA3D9B707D1}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{C49F58D4-64C6-4435-935F-F58078164184}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{C690591E-FA4E-4461-8319-40FFE8C84BAA}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{C764F6E9-F3ED-4A4C-B8E1-94770E09551C}" = dir=in | app=c:\windows\mprddmwow.exe |
"{C98818E7-4AA9-4917-89BB-40FEF1625752}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"{C9CF9F68-0BFF-4199-8058-0C084CCD2EAD}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{CA57F0F3-B0A6-4A31-90E2-64C52BCACD1D}" = dir=in | app=c:\windows\sysclasswow.exe |
"{CAFDCD3A-9905-4755-90C8-65B90C629B8D}" = dir=in | app=c:\windows\msieftpwow.exe |
"{CB16B65B-AF93-43EC-A4B1-A83B906CEBD9}" = dir=in | app=c:\windows\wups2wow.exe |
"{CE13AB48-DAE0-449E-B928-EAEED7E4A084}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{D0CDE5C0-0594-4FAD-BA39-B1D1F557E5BF}" = dir=in | app=c:\windows\system32\d3d10_1core32.exe |
"{D0ECC5AB-7509-46A6-BA7E-9779F7C1DC83}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D360AA77-5A5B-42A8-B5DC-FD615B365340}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{D3F43D71-BF0F-44ED-B946-59020355C43E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D4333C8D-3DEF-4879-8D0B-757DCB728CAC}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{D4D823C0-9B0F-462C-A48E-B454244711F6}" = dir=in | app=c:\windows\nlsdata081awow.exe |
"{D644BDDA-480F-4D9E-A47C-60F5AD1AD600}" = dir=in | app=c:\windows\regapiwow.exe |
"{D753AB0D-07FC-43BB-B70B-75A1413ED51F}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{D974A50D-D8CC-4201-BF71-61B02CBC1D82}" = dir=in | app=c:\windows\nlsdata0416wow.exe |
"{DAD0C5DE-B439-4F86-99D1-95402CE4F25B}" = dir=in | app=c:\windows\seclogonwow.exe |
"{DF0F6B20-A86F-4F79-B83A-C40A29DB85C4}" = dir=in | app=c:\windows\msieftpwow.exe |
"{E0F1B44E-BF8B-4FF8-A3F7-E1478F172D44}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{E22452DD-B3C2-49A6-ADDA-0E1B3EF77E1D}" = dir=in | app=c:\windows\msieftpwow.exe |
"{E22A1CCC-A5FE-4C97-B31C-5198EE36A25E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E34C91F7-1DBD-4458-8D06-5514697013A9}" = dir=in | app=c:\windows\msieftpwow.exe |
"{E3583E0B-ACFC-4F18-865D-206929C2E206}" = dir=in | app=c:\windows\regapiwow.exe |
"{E38C17EA-3E34-4E98-8D28-E3DAA02A961A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3CC642A-4A3E-44D5-BD66-2174141ABBDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3DBD97F-701F-4B52-97BE-6173DF04D841}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E494C045-02AD-4BDD-82CC-CF666E9105E4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E50008C3-9156-49FF-B052-DBB5D152342F}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{E61042C2-E583-4F37-B5B8-ABE2A64B5D97}" = dir=in | app=c:\windows\vgawow.exe |
"{E72AC2E0-B417-4C0E-8144-420DB2216CCA}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{E7413334-3C48-4B11-9F1F-37E025DC1185}" = dir=in | app=c:\windows\srcorewow.exe |
"{E7F3BF62-37ED-4A49-95C0-EF24F96C6921}" = dir=in | app=c:\windows\kbdvntcwow.exe |
"{E80EE85E-4BA8-440B-A676-3A8AA8505D9C}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{EA501A27-C845-4B51-8BDE-DC08CA421532}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{EC6AF26A-31C0-4A4F-B49D-27D8D3CAD48B}" = dir=in | app=c:\windows\system32\d3d10_1core32.exe |
"{EF0890F4-66ED-42B4-B0F2-84073EE33292}" = dir=in | app=c:\windows\sysclasswow.exe |
"{EF1A5699-93EE-4465-9165-A407CE5CEF46}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{F045989D-AB8E-44D2-B70F-A6F6B43E0C19}" = dir=in | app=c:\windows\xpssvcswow.exe |
"{F0AC388D-C969-4E95-A367-4CE3658C6F59}" = dir=in | app=c:\windows\mprddmwow.exe |
"{F320F5ED-DC43-4718-8AB8-1709EFED7D5A}" = dir=in | app=c:\windows\seclogonwow.exe |
"{F3BD0172-250B-42C4-B2AD-697C47098AE3}" = dir=in | app=c:\windows\nvmccsswow.exe |
"{F4CBA6F7-9B0E-4DC0-A398-2F671B4FD5D7}" = dir=in | app=c:\windows\vgawow.exe |
"{F53E3F9C-0499-49FE-9625-9607ED7457EA}" = dir=in | app=c:\windows\compobjwow.exe |
"{F5CBE2AB-1611-4AEA-89D7-9C070619D039}" = dir=in | app=c:\windows\eappgnuiwow.exe |
"{F62693C1-A98E-4BF5-A2EE-83D0742CB45B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA397D45-5B80-4C5C-91E8-CC05B36CF5A1}" = dir=in | app=c:\windows\wups2wow.exe |
"{FA54E464-2700-4098-9B40-FD503701FD64}" = dir=in | app=c:\windows\scardsvrwow.exe |
"{FABA80D2-5776-4838-BD0E-F7EC9455F2B8}" = dir=in | app=c:\windows\seclogonwow.exe |
"{FC2260CF-0FDD-4467-B04F-A2E5439877F6}" = dir=in | app=c:\windows\wlanmsmwow.exe |
"{FF010B41-84CD-4FAF-AF5A-6CDA8772E4B1}" = dir=in | app=c:\windows\compobjwow.exe |
"{FF63F6F2-2A1E-49B6-A8EB-74415CD20267}" = dir=in | app=c:\windows\msieftpwow.exe |
"{FFC58F3D-FDDE-4093-9D59-79B756ED2480}" = dir=in | app=c:\windows\nlslexicons0011wow.exe |
"TCP Query User{2A77BD32-32FF-4F37-A4BD-F951598B2A0C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5400666B-877B-4455-802B-8F166E34798E}C:\users\june call\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\june call\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{876677A2-5C3D-4680-B6AE-7A8EB1D17ABC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7F836027-D964-4C23-A04E-5EAB82FB7F8E}C:\users\june call\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\june call\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{99BCC281-EC5B-42CD-84B1-94D8396432A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AFB9CD84-A735-494A-860E-CC432D1F3C09}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036CB3BC-64EF-107A-AC71-DB7F2BA22350}" = SAT
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD49B81-9B43-4D9D-E3FB-F3C129A4F1BC}" = Market Samurai
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{a71b2005-36ef-4ee5-8059-02deb367cb98}" = EZ Calendar - Nature
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FileZilla Client" = FileZilla Client 3.3.5.1
"FileZilla Server" = FileZilla Server (remove only)
"FLVUnit" = FLVUnit
"Free_TV_Bar_c3 Toolbar" = Free_TV_Bar_c3 Toolbar
"FrostWire" = FrostWire 4.20.6
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ieSpell" = ieSpell
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Konvertor" = Konvertor
"LimeWire" = LimeWire 5.5.8
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"Plaxo" = Plaxo Toolbar for Windows
"PriceGong" = PriceGong 2.1.0
"SAT" = SAT
"Shop to Win 2" = Shop to Win 2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2010 4:40:25 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/21/2010 4:40:25 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18076523

Error - 8/21/2010 4:40:25 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18076523

Error - 8/21/2010 4:40:26 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/21/2010 4:40:26 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18077521

Error - 8/21/2010 4:40:26 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18077521

Error - 8/21/2010 4:40:27 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/21/2010 4:40:27 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18078519

Error - 8/21/2010 4:40:27 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18078519

Error - 8/21/2010 4:40:28 AM | Computer Name = junecall-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 5/22/2010 9:53:03 PM | Computer Name = junecall-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 2/16/2011 8:53:45 PM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/16/2011 9:02:36 PM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/18/2011 11:19:37 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/18/2011 11:20:57 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/18/2011 11:26:16 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/18/2011 11:34:57 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/18/2011 11:49:39 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/18/2011 11:51:05 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/18/2011 11:51:12 AM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/18/2011 6:40:54 PM | Computer Name = junecall-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Thanks
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 20th, 2011, 8:51 am

stingerbud,
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
    FF - prefs.js..extensions.enabledItems: {bdd75058-3707-433a-9f45-166942f61d1e}:1.0
    [2010/05/24 22:58:18 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
    File not found (No name found) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQ834HWX.DEFAULT\EXTENSIONS\{BDD75058-3707-433A-9F45-166942F61D1E}
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
    [2011/01/31 19:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2011/01/28 19:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2011/01/30 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2011/01/30 09:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
    [2011/01/23 16:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\FLVUnit
    [2011/01/28 19:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2011/02/18 09:49:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6A91BBD8
    @Alternate Data Stream - 1187 bytes -> C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml:OECustomProperty
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03C27505-70D2-4554-B263-13BCD4586629}" =-
    "{04C8B575-9377-4E13-9F9B-58AB979B5CB2}" =-
    "{0A499D28-8321-4567-BC84-A59009530814}" =-
    "{0A6A28EF-2EEF-4569-B4BE-187A1EC90A81}" =-
    "{0C912212-AE47-40D2-B481-87085F782934}" =-
    "{0E259913-7AE0-4D80-AE70-554733075062}" =-
    "{0EE2BD90-984A-40C0-8C9D-32805DBDF5A8}" =-
    "{0EE5F92C-C90A-45E9-8DC1-31C55B739DE2}" =-
    "{0F441F25-C068-46F6-813E-5AC67C3B2851}" =-
    "{104AC3A2-8A6B-407A-A6A4-3EFE429D6FD6}" =-
    "{139F7CAF-B23C-47FC-939F-6EFA30AC2F07}" =-
    "{157963D2-6306-4D25-9157-8B5626DA4A71}" =-
    "{16EC5AED-5239-48AB-AB96-0227DA30FD92}" =-
    "{18B1412B-7081-44C0-80C9-C730A1162FB2}" =-
    "{1BE4557C-5C45-4096-9C28-C157DF4D8501}" =-
    "{1C1983FA-1623-44A4-8E1A-0301F545D7C4}" =-
    "{1D6F5A45-EC2A-44E3-8525-248D54F44CE9}" =-
    "{1DC630C6-752B-4153-A891-733513AC52EB}" =-
    "{1EF5A117-05D5-4B7B-8133-3EA13ACFF2BE}" =-
    "{1FBC009C-7E0D-4EF3-B5EF-F0027FF9CC0D}" =-
    "{20320DB3-D273-4150-8567-489068995180}" =-
    "{2405EC39-19D5-4F8F-914C-C27E2BF7DF6D}" =-
    "{2EA1064A-30A2-4AF2-8425-D6895200E47B}" =-
    "{2F1E5AFD-7631-48A6-BE5A-12B918510942}" =-
    "{309ED182-9114-4797-9695-8FA7B646ED88}" =-
    "{318EB364-A17C-4769-81EE-A3923DC045F9}" =-
    "{31BCDCB5-7003-4BB3-881F-12C68A9236BC}" =-
    "{367D93F4-4230-430B-BBD0-C2FE77816C8A}" =-
    "{37E54D71-2E5A-4D7A-906B-F36791E802DA}" =-
    "{38BC27F5-51EF-4C91-9023-4426A5E0C5C1}" =-
    "{39CC8000-B622-4E27-8FE5-4BB18B842642}" =-
    "{3A2E5197-B338-489E-927F-0D76726EFA8F}" =-
    "{3AC402B7-60BD-4C82-AD3D-4F25E1D05401}" =-
    "{3AFE3DE2-EA31-4E9F-A4B3-C0ABFE0A5BDF}" =-
    "{3B09A22F-E7A9-4F15-A8DE-787C635ECF93}" =-
    "{3B184246-79A3-4757-B189-CFC984762282}" =-
    "{3C4E375E-EE25-45BD-981F-F6732E77D238}" =-
    "{3E6D5898-ECA8-4372-B073-A839EDA555EC}" =-
    "{40CC46A7-0085-496C-80A6-F835B3B66DC7}" =-
    "{4132F99F-B2C1-4B4F-AD60-6C6CD1384943}" =-
    "{41D98414-4101-47CB-8AE3-9219D5AAE663}" =-
    "{421765E6-4F60-4932-93F6-D9F49EF685ED}" =-
    "{43B16BB7-336C-40B9-8FA3-C08682612F22}" =-
    "{44029A2D-FB6B-4CF1-8E17-3BA66E1C785F}" =-
    "{4521187F-7DF4-4AE3-9B18-7E91F603A908}" =-
    "{456689A9-5ED0-43D9-A3C3-A36A299F21DC}" =-
    "{458D3807-FC79-4BE1-83D4-DD9B2BFCF7DD}" =-
    "{45D8D91E-61FB-4944-A44E-5D620BD29F55}" =-
    "{4AAF1E7C-3023-49A8-9A7D-F2B7A4257E76}" =-
    "{4B6E9D1D-870D-449C-9024-1570F8B7EA0B}" =-
    "{4C6C1365-5829-4B59-8993-1017B2F34306}" =-
    "{4CA93CF3-B2A1-412A-BAD7-1167D7F579CB}" =-
    "{4D74088F-0DE7-4542-862C-FC74209F87AB}" =-
    "{4E3D365D-9393-4963-82C5-B5C30F561A9D}" =-
    "{5187AAD1-E527-49DE-8AAE-FD942E2F8514}" =-
    "{51A5A9D6-2275-49E8-A143-41CC91F7C337}" =-
    "{520B4B55-D8EE-4044-8F7C-959E50068F69}" =-
    "{523B9872-A92A-48FF-97AE-86C6F051CB3B}" =-
    "{527B6BA1-3318-40C7-803C-2F84AB96D1DD}" =-
    "{52D78B13-4523-479C-8A6A-812E8F757D26}" =-
    "{5341716E-693F-4372-BF65-99297A6D6789}" =-
    "{53F1BF0E-93F3-4738-890E-C8F7EED6A8C6}" =-
    "{57970047-010A-46D2-8AB4-D139A1FCCD3F}" =-
    "{58C17A4C-7BBF-4558-9B4A-619F49D1DEE3}" =-
    "{59A7FACA-BC5A-499F-9E44-8081569197D4}" =-
    "{59DD2FF8-15B9-4C63-B9A9-2ADBE942CA8C}" =-
    "{5AEEEE88-ADB0-478F-94A4-94BC30D4D78A}" =-
    "{5B34B3D7-ED46-4CFB-8996-9F8D0ADC9160}" =-
    "{5F8B0846-9C31-4596-A50C-98D60CAC4A6C}" =-
    "{60A9B4BF-B3E0-4B00-A381-4D6B81FACB40}" =-
    "{6774E0DD-356D-4EBE-A030-E2DF0632CD34}" =-
    "{6F062799-F2D1-4AE2-975D-E4D70E54409F}" =-
    "{6FF71CFD-17F2-41BD-BA08-F327843FA896}" =-
    "{71C9A75C-FCF5-4D7F-A595-338D4D8D8B95}" =-
    "{74679611-10F7-4D8B-AE23-87822B990C56}" =-
    "{74D0C38F-3DB6-4AC0-90F0-01809395287A}" =-
    "{76A8E8CE-7E15-4E1E-929E-FAAEDC471A4E}" =-
    "{76CD191A-6AFB-4CD8-AAA5-EA4BC87C2A5D}" =-
    "{77404D28-6984-40CC-9D8C-337F71BFA29C}" =-
    "{7BC72DD5-1A8D-4698-98C8-6CC095E317B5}" =-
    "{7CAD5D90-17AA-4F81-9353-1328652F3AF8}" =-
    "{7DF1C137-B0B5-4031-BAAA-4558147905E2}" =-
    "{7F1572E7-6C25-4252-BB7B-B1F03AA22B0A}" =-
    "{7FC25279-9F2F-4BF2-8D76-9FF429273F7B}" =-
    "{811C6086-0748-4DA0-941F-981066BEF0C0}" =-
    "{83C3D3A2-ADD8-48EC-ADEE-F7C2B4F87630}" =-
    "{857F35EA-62B8-4942-9C33-52061F2BCE2B}" =-
    "{85A0A3A0-CE53-4A8D-91DD-4FBD9343E6CE}" =-
    "{86CD402B-13BB-4756-A05A-6891746FCE53}" =-
    "{882FD1A1-C791-4A1B-AA7E-2E670CECE59B}" =-
    "{887A495B-0A3C-4917-BB35-FA571E96D789}" =-
    "{88AF70C9-636C-4FCC-A86D-7048B1C6037C}" =-
    "{8BB2A29E-5D9A-4997-A4EA-48AEC85EF262}" =-
    "{8D08AC0C-5BE5-46B4-8C56-6A1589A19ADA}" =-
    "{8DD4F024-09C0-426C-8F91-CB3CF483A34D}" =-
    "{8F087550-EDA3-4066-9C99-98FAAD64595B}" =-
    "{9250DD57-DEFA-4FCA-97B2-8139DF7E8230}" =-
    "{93EC50DB-DDB0-4569-B988-183C04470980}" =-
    "{94B7EA69-5C3B-41B3-B3D6-46BB78EAE987}" =-
    "{95F55BF1-111E-4281-AE79-E7D54B9448BA}" =-
    "{9966E41B-3003-45E9-B914-6B21AA541173}" =-
    "{9B024EE8-7A62-47EE-9920-0A3B68EDA4DA}" =-
    "{9BE823D5-8C52-4764-9FCE-805C1CB05E9A}" =-
    "{9C689D7C-7CA5-4D5B-ADF1-80163912E4E1}" =-
    "{A0933FA4-41DB-4589-92CB-9ABE2111FBCF}" =-
    "{A0A2849E-DF35-4A16-872F-2C06C53C382A}" =-
    "{A11162EA-746F-42A3-8D95-48BF4F6BFA50}" =-
    "{A3C5B864-F9E8-4C4D-8771-61801AE58C4F}" =-
    "{A5376145-163A-48C1-9DFB-26638E5F07D5}" =-
    "{A611A689-BDF0-4B98-B6D0-16F52845FECA}" =-
    "{B2B13276-F8C8-4A10-A1A2-D8BFECBFF5FE}" =-
    "{B34CB9CB-E7E2-4113-8B59-E207C0B205DD}" =-
    "{B8E5B6FD-FCAD-4276-84F7-D525AB64F68A}" =-
    "{B9A9EAEB-3891-4976-80DE-444C71431171}" =-
    "{B9FD1487-2B2E-4A14-B7E2-69F190AB5FFF}" =-
    "{BDE91A6D-41B3-4952-91B0-0142A04C68A2}" =-
    "{C10C5E9C-0BFF-42D7-A7E8-B97DADA6FFC2}" =-
    "{C2EDF4D0-E06C-4437-AE7C-4EA3D9B707D1}" =-
    "{C49F58D4-64C6-4435-935F-F58078164184}" =-
    "{C690591E-FA4E-4461-8319-40FFE8C84BAA}" =-
    "{C764F6E9-F3ED-4A4C-B8E1-94770E09551C}" =-
    "{C98818E7-4AA9-4917-89BB-40FEF1625752}" =-
    "{C9CF9F68-0BFF-4199-8058-0C084CCD2EAD}" =-
    "{CA57F0F3-B0A6-4A31-90E2-64C52BCACD1D}" =-
    "{CAFDCD3A-9905-4755-90C8-65B90C629B8D}" =-
    "{CB16B65B-AF93-43EC-A4B1-A83B906CEBD9}" =-
    "{CE13AB48-DAE0-449E-B928-EAEED7E4A084}" =-
    "{D360AA77-5A5B-42A8-B5DC-FD615B365340}" =-
    "{D4333C8D-3DEF-4879-8D0B-757DCB728CAC}" =-
    "{D4D823C0-9B0F-462C-A48E-B454244711F6}" =-
    "{D644BDDA-480F-4D9E-A47C-60F5AD1AD600}" =-
    "{D753AB0D-07FC-43BB-B70B-75A1413ED51F}" =-
    "{D974A50D-D8CC-4201-BF71-61B02CBC1D82}" =-
    "{DAD0C5DE-B439-4F86-99D1-95402CE4F25B}" =-
    "{DF0F6B20-A86F-4F79-B83A-C40A29DB85C4}" =-
    "{E0F1B44E-BF8B-4FF8-A3F7-E1478F172D44}" =-
    "{E22452DD-B3C2-49A6-ADDA-0E1B3EF77E1D}" =-
    "{E34C91F7-1DBD-4458-8D06-5514697013A9}" =-
    "{E3583E0B-ACFC-4F18-865D-206929C2E206}" =-
    "{E50008C3-9156-49FF-B052-DBB5D152342F}" =-
    "{E61042C2-E583-4F37-B5B8-ABE2A64B5D97}" =-
    "{E72AC2E0-B417-4C0E-8144-420DB2216CCA}" =-
    "{E7413334-3C48-4B11-9F1F-37E025DC1185}" =-
    "{E7F3BF62-37ED-4A49-95C0-EF24F96C6921}" =-
    "{E80EE85E-4BA8-440B-A676-3A8AA8505D9C}" =-
    "{EA501A27-C845-4B51-8BDE-DC08CA421532}" =-
    "{EF0890F4-66ED-42B4-B0F2-84073EE33292}" =-
    "{EF1A5699-93EE-4465-9165-A407CE5CEF46}" =-
    "{F045989D-AB8E-44D2-B70F-A6F6B43E0C19}" =-
    "{F0AC388D-C969-4E95-A367-4CE3658C6F59}" =-
    "{F320F5ED-DC43-4718-8AB8-1709EFED7D5A}" =-
    "{F3BD0172-250B-42C4-B2AD-697C47098AE3}" =-
    "{F4CBA6F7-9B0E-4DC0-A398-2F671B4FD5D7}" =-
    "{F53E3F9C-0499-49FE-9625-9607ED7457EA}" =-
    "{F5CBE2AB-1611-4AEA-89D7-9C070619D039}" =-
    "{FA397D45-5B80-4C5C-91E8-CC05B36CF5A1}" =-
    "{FA54E464-2700-4098-9B40-FD503701FD64}" =-
    "{FABA80D2-5776-4838-BD0E-F7EC9455F2B8}" =-
    "{FC2260CF-0FDD-4467-B04F-A2E5439877F6}" =-
    "{FF010B41-84CD-4FAF-AF5A-6CDA8772E4B1}" =-
    "{FF63F6F2-2A1E-49B6-A8EB-74415CD20267}" =-
    "{FFC58F3D-FDDE-4093-9D59-79B756ED2480}" =-
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for the OTL log and the log from CKScanner.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 20th, 2011, 12:52 pm

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


OTL logfile created on: 2/20/2011 10:44:48 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\june call\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.15 Gb Total Space | 77.79 Gb Free Space | 35.18% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: JUNECALL-PC | User Name: june call | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/10/17 13:38:52 | 001,259,008 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
PRC - [2010/10/17 13:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/29 20:41:50 | 000,043,912 | ---- | M] (Cisco WebEx LLC) -- C:\WINDOWS\System32\atashost.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/18 08:58:00 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/20 20:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe


========== Modules (SafeList) ==========

MOD - [2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/30 20:44:21 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)
SRV - [2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/17 13:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/29 20:41:50 | 000,043,912 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/20 21:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/11/20 21:07:08 | 000,125,440 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/24 05:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/20 21:02:48 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/11/20 20:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/11/20 20:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 11:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 12:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 12:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/28 01:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 14:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/01 07:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 07:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 16:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 15:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5C 95 80 03 A6 20 28 4D 98 70 93 9E CD DD 4B 13 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/26 20:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/08 13:23:51 | 000,000,000 | ---D | M]

[2011/01/26 20:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Extensions
[2010/04/18 23:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/16 19:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions
[2011/01/26 20:40:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\june call\AppData\Roaming\Mozilla\Firefox\Profiles\xq834hwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/26 20:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/06/15 19:58:59 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQ834HWX.DEFAULT\EXTENSIONS\{BDD75058-3707-433A-9F45-166942F61D1E}

O1 HOSTS File: ([2011/02/18 09:34:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (947bcb7a) - {0C015699-7DB8-6942-80C6-C5057CA00DE7} - C:\ProgramData\AUDIOKSE32.dll (Borland Software Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mozysupport.webex.com/client/T2 ... atgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\june call\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\june call\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 19:48:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 10:34:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/19 22:11:02 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
[2011/02/18 09:51:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/02/18 09:49:35 | 000,246,784 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\AUDIOKSE32.dll
[2011/02/18 09:40:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/18 09:24:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/16 18:52:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/16 18:52:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/16 18:52:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/16 18:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/16 18:51:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Avira
[2011/02/15 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/15 22:08:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/15 22:08:06 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/15 22:08:06 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/15 22:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/15 22:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/12 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/12 22:47:12 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/11 09:20:51 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\WinRAR
[2011/02/01 20:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/02/01 20:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla Server
[2011/02/01 20:22:04 | 000,000,000 | ---D | C] -- C:\public_html
[2011/01/31 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PageBreeze
[2011/01/31 19:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageBreeze
[2011/01/31 19:14:09 | 000,089,600 | ---- | C] (AY Software Corporation) -- C:\Windows\System32\Leocx32.ocx
[2011/01/31 19:14:09 | 000,084,992 | ---- | C] (AY Software Corporation) -- C:\Windows\System32\Ledit32.dll
[2011/01/31 19:14:08 | 001,245,184 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatCert.dll
[2011/01/31 19:14:08 | 001,105,920 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatFtp2.dll
[2011/01/31 19:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\PageBreeze
[2011/01/30 22:26:31 | 000,000,000 | ---D | C] -- C:\Users\june call\Documents\OneNote Notebooks
[2011/01/30 22:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/30 22:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/30 21:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/01/30 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/01/30 20:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/01/30 20:50:23 | 000,000,000 | ---D | C] -- C:\Users\june call\Desktop\Adobe CS5
[2011/01/30 20:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/01/29 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\FileZilla
[2011/01/29 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/01/29 16:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/01/29 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Local\Microsoft Help
[2011/01/29 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAT
[2011/01/26 20:37:54 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Local\Mozilla
[2011/01/26 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/24 21:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/24 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/24 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/23 16:43:36 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVUnit
[2011/01/21 18:23:34 | 000,000,000 | ---D | C] -- C:\Users\june call\Desktop\keep
[2011/01/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Printer Info Cache
[2011/01/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\june call\AppData\Roaming\Image Zone Express
[1 C:\Users\june call\Desktop\*.tmp files -> C:\Users\june call\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/20 10:42:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/20 10:40:03 | 000,048,379 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/20 10:40:03 | 000,048,379 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/20 10:39:49 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 10:39:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 10:39:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 10:39:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/20 10:38:48 | 3152,863,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 10:35:47 | 000,003,143 | ---- | M] () -- C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml
[2011/02/20 10:22:35 | 000,453,632 | ---- | M] () -- C:\Users\june call\Desktop\CKScanner.exe
[2011/02/19 22:11:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\june call\Desktop\OTL.exe
[2011/02/18 16:56:17 | 000,127,440 | ---- | M] () -- C:\Users\june call\Desktop\newset log.rtf
[2011/02/18 16:38:34 | 000,000,104 | ---- | M] () -- C:\Windows\System32\514231384
[2011/02/18 16:34:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\343072851
[2011/02/18 11:41:41 | 000,002,123 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011/02/18 10:42:54 | 000,000,148 | -HS- | M] () -- C:\ProgramData\878234495
[2011/02/18 10:21:48 | 000,001,353 | ---- | M] () -- C:\Users\june call\Desktop\Update and Scan with Antivir.rtf
[2011/02/18 09:49:35 | 000,246,784 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\AUDIOKSE32.dll
[2011/02/18 09:34:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/18 09:26:59 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2011/02/18 08:03:27 | 000,000,246 | ---- | M] () -- C:\Users\june call\Desktop\business.url
[2011/02/17 22:41:28 | 000,000,175 | ---- | M] () -- C:\ProgramData\34889c28
[2011/02/16 18:49:23 | 004,270,215 | R--- | M] () -- C:\Users\june call\Desktop\zzz.exe
[2011/02/16 18:35:53 | 000,721,199 | ---- | M] () -- C:\Users\june call\Desktop\rkill.exe
[2011/02/15 23:10:35 | 000,000,235 | ---- | M] () -- C:\Users\june call\Desktop\Yahoo! Answers - Home.url
[2011/02/15 22:00:05 | 049,788,256 | ---- | M] () -- C:\Users\june call\Desktop\avira_antivir_personal_en.exe
[2011/02/15 21:45:39 | 000,005,768 | ---- | M] () -- C:\Users\june call\Documents\uninstall_list
[2011/02/15 21:31:52 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjune call.job
[2011/02/15 21:07:40 | 000,005,480 | ---- | M] () -- C:\Users\june call\Documents\infected.rtf
[2011/02/13 20:52:47 | 000,001,852 | ---- | M] () -- C:\Users\june call\Documents\action plan.rtf
[2011/02/13 19:13:32 | 000,000,344 | ---- | M] () -- C:\Users\june call\Desktop\Mass Money Makers.url
[2011/02/13 14:14:36 | 000,004,444 | ---- | M] () -- C:\Windows\mozy.blk
[2011/02/13 14:14:36 | 000,000,610 | ---- | M] () -- C:\Windows\mozy.flt
[2011/02/13 03:32:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 03:32:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/13 03:24:21 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/12 23:05:43 | 000,000,287 | ---- | M] () -- C:\Users\june call\Desktop\MalWare Removal • Login.url
[2011/02/12 22:47:12 | 000,001,956 | ---- | M] () -- C:\Users\june call\Desktop\HiJackThis.lnk
[2011/02/11 22:45:17 | 000,000,212 | ---- | M] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In (2).url
[2011/02/11 22:45:10 | 000,000,266 | ---- | M] () -- C:\Users\june call\Desktop\WordPress.com — Get a Free Blog Here.url
[2011/02/11 22:44:18 | 000,000,208 | ---- | M] () -- C:\Users\june call\Desktop\Alexa the Web Information Company.url
[2011/02/11 21:39:31 | 000,000,232 | ---- | M] () -- C:\Users\june call\Desktop\FileZilla - The free FTP solution.url
[2011/02/11 21:35:59 | 000,000,212 | ---- | M] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In.url
[2011/02/11 21:35:10 | 000,000,306 | ---- | M] () -- C:\Users\june call\Desktop\Home Quantcast.url
[2011/02/11 21:34:44 | 000,000,205 | ---- | M] () -- C:\Users\june call\Desktop\KompoZer - Easy web authoring.url
[2011/02/11 21:08:13 | 000,000,613 | ---- | M] () -- C:\Users\june call\Documents\tv hoplink.rtf
[2011/02/11 20:28:58 | 000,001,164 | ---- | M] () -- C:\Users\june call\Documents\clickbank pass.rtf
[2011/02/11 14:51:54 | 000,000,583 | ---- | M] () -- C:\Users\june call\Desktop\Google (2).url
[2011/02/11 11:20:49 | 000,001,019 | ---- | M] () -- C:\Users\june call\Documents\word notes.rtf
[2011/02/07 07:08:43 | 000,000,619 | ---- | M] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform (2).url
[2011/02/07 07:08:24 | 000,000,619 | ---- | M] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform.url
[2011/02/07 06:59:06 | 000,000,234 | ---- | M] () -- C:\Users\june call\Documents\watchpccontentontv.com
[2011/02/07 06:15:06 | 000,000,294 | ---- | M] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host (2).url
[2011/02/07 06:00:11 | 000,000,668 | ---- | M] () -- C:\Users\june call\Desktop\iContact Login - iContact (2).url
[2011/02/06 21:53:13 | 000,000,261 | ---- | M] () -- C:\Users\june call\Desktop\Reset Password - iContact.url
[2011/02/06 14:54:39 | 000,010,246 | ---- | M] () -- C:\Users\june call\Documents\hoplink.docx
[2011/02/06 11:45:24 | 000,000,343 | ---- | M] () -- C:\Users\june call\Desktop\iContact Email Marketing Simplified.url
[2011/02/06 11:43:26 | 000,014,213 | ---- | M] () -- C:\Users\june call\Documents\word list.rtf
[2011/02/05 18:34:46 | 000,013,031 | ---- | M] () -- C:\Users\june call\Documents\internet tv on tv.docx
[2011/02/05 18:11:47 | 000,012,549 | ---- | M] () -- C:\Users\june call\Documents\internet tv to tv.docx
[2011/02/05 15:20:58 | 000,000,913 | ---- | M] () -- C:\Users\june call\Desktop\Google.url
[2011/02/05 15:06:03 | 000,000,214 | ---- | M] () -- C:\Users\june call\Desktop\Compete Compete.url
[2011/02/05 14:45:26 | 000,000,242 | ---- | M] () -- C:\Users\june call\Desktop\- ClickBank.url
[2011/02/01 20:55:06 | 000,000,220 | ---- | M] () -- C:\Users\june call\Desktop\Cheap Domain Names Registration, Domain Transfer, Free SSL Certificates, Free DNS, Privacy Protection • Namecheap.com.url
[2011/02/01 20:39:28 | 000,001,868 | ---- | M] () -- C:\Users\june call\Desktop\FileZilla Server Interface.lnk
[2011/02/01 16:08:03 | 000,011,372 | ---- | M] () -- C:\Users\june call\Documents\So you want to turn your computer into a TV set.docx
[2011/02/01 15:46:46 | 000,122,436 | ---- | M] () -- C:\Users\june call\Documents\keywordtpc.rtf
[2011/02/01 15:36:06 | 000,000,232 | ---- | M] () -- C:\Users\june call\Desktop\Keyword Analysis Tool - Market Samurai.url
[2011/02/01 13:55:20 | 000,000,344 | ---- | M] () -- C:\Users\june call\Desktop\Mass Money Makers (2).url
[2011/01/31 19:38:47 | 000,000,730 | ---- | M] () -- C:\Windows\pagebreeze.ini
[2011/01/31 19:14:15 | 000,000,044 | ---- | M] () -- C:\Windows\formbreeze.ini
[2011/01/31 06:16:15 | 000,020,480 | ---- | M] () -- C:\Users\june call\Documents\Sandy Morain bio.wps
[2011/01/31 06:16:15 | 000,002,000 | ---- | M] () -- C:\Users\june call\AppData\Roaming\wklnhst.dat
[2011/01/31 06:14:09 | 000,017,408 | ---- | M] () -- C:\Users\june call\Documents\guest for pillar of community.wps
[2011/01/30 23:28:02 | 000,030,720 | ---- | M] () -- C:\Users\june call\Documents\cable.msam
[2011/01/30 23:16:36 | 000,000,318 | ---- | M] () -- C:\Users\june call\Desktop\untitled.html
[2011/01/30 22:26:30 | 000,001,111 | ---- | M] () -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/01/30 22:15:45 | 000,001,735 | ---- | M] () -- C:\Users\june call\Desktop\Free Dolphin Screensaver.lnk
[2011/01/30 20:37:49 | 000,000,250 | ---- | M] () -- C:\Users\june call\Desktop\Web design software, HTML editor Adobe Dreamweaver CS5.url
[2011/01/30 18:26:38 | 000,000,666 | ---- | M] () -- C:\Users\june call\Desktop\iContact Login - iContact.url
[2011/01/30 11:38:30 | 000,001,659 | ---- | M] () -- C:\Users\june call\Documents\wordlisttv.rtf
[2011/01/30 10:11:58 | 000,000,158 | ---- | M] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host.url
[2011/01/30 09:10:15 | 000,000,252 | ---- | M] () -- C:\Users\june call\Desktop\Market Samurai.url
[2011/01/29 23:32:55 | 000,032,269 | ---- | M] () -- C:\Users\june call\Documents\satellite cable digital tv on your pc.docx
[2011/01/29 22:45:59 | 000,017,488 | ---- | M] () -- C:\Users\june call\Documents\Document.rtf
[2011/01/29 21:19:55 | 000,000,217 | ---- | M] () -- C:\Users\june call\Desktop\Email Marketing - iContact.url
[2011/01/29 14:23:14 | 000,095,285 | ---- | M] () -- C:\Users\june call\Documents\keyword_ideas_20110129_1220145(1).xlsx
[2011/01/28 23:57:56 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (3).url
[2011/01/28 23:51:27 | 000,000,150 | ---- | M] () -- C:\Users\june call\Desktop\GIMP - The GNU Image Manipulation Program.url
[2011/01/28 23:19:28 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (2).url
[2011/01/28 22:09:55 | 000,000,965 | ---- | M] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool.url
[2011/01/28 20:31:30 | 000,027,857 | ---- | M] () -- C:\Users\june call\Desktop\MassMoneyEMails.pdf
[2011/01/26 20:37:56 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/01/26 20:37:30 | 000,001,748 | ---- | M] () -- C:\Users\june call\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/26 17:50:18 | 000,018,432 | ---- | M] () -- C:\Users\june call\Documents\JUNE MEDICINE 1 26 11.wps
[2011/01/24 12:45:35 | 000,016,384 | ---- | M] () -- C:\Users\june call\Documents\june life insurance information.wps
[2011/01/23 16:43:36 | 000,000,788 | ---- | M] () -- C:\Users\june call\Desktop\FLVUnit.lnk
[2011/01/23 09:23:14 | 000,119,296 | ---- | M] () -- C:\Users\june call\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 08:49:28 | 000,000,165 | ---- | M] () -- C:\ProgramData\sl1438210541
[2011/01/22 16:12:02 | 000,000,178 | ---- | M] () -- C:\Users\june call\Desktop\101 Ways To Make Money - Learn How To Make Money Online.url
[2011/01/22 12:06:48 | 000,000,277 | ---- | M] () -- C:\Users\june call\Desktop\Primerica Business Opportunity.url
[2011/01/22 12:05:06 | 000,000,403 | ---- | M] () -- C:\Users\june call\Desktop\Primerica Business Opportunity - Part-Time Opportunity.url
[2011/01/22 11:13:52 | 000,010,516 | ---- | M] () -- C:\Users\june call\Desktop\Make Money Online (Without Spending a Dime).url
[2011/01/22 10:16:56 | 000,001,619 | ---- | M] () -- C:\Users\june call\Desktop\make money internet - How-To Videos & Articles « Wonder How To.url
[2011/01/21 18:05:05 | 000,009,175 | ---- | M] () -- C:\Users\june call\Desktop\wonderhowto.url
[1 C:\Users\june call\Desktop\*.tmp files -> C:\Users\june call\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/20 10:22:31 | 000,453,632 | ---- | C] () -- C:\Users\june call\Desktop\CKScanner.exe
[2011/02/18 09:55:37 | 000,001,353 | ---- | C] () -- C:\Users\june call\Desktop\Update and Scan with Antivir.rtf
[2011/02/18 09:41:59 | 000,127,440 | ---- | C] () -- C:\Users\june call\Desktop\newset log.rtf
[2011/02/18 09:26:59 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2011/02/18 08:03:27 | 000,000,246 | ---- | C] () -- C:\Users\june call\Desktop\business.url
[2011/02/16 18:52:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/16 18:52:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/16 18:52:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/16 18:52:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/16 18:52:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/16 18:49:04 | 004,270,215 | R--- | C] () -- C:\Users\june call\Desktop\zzz.exe
[2011/02/16 18:35:52 | 000,721,199 | ---- | C] () -- C:\Users\june call\Desktop\rkill.exe
[2011/02/15 21:59:57 | 049,788,256 | ---- | C] () -- C:\Users\june call\Desktop\avira_antivir_personal_en.exe
[2011/02/15 21:45:32 | 000,005,768 | ---- | C] () -- C:\Users\june call\Documents\uninstall_list
[2011/02/15 21:07:40 | 000,005,480 | ---- | C] () -- C:\Users\june call\Documents\infected.rtf
[2011/02/13 20:52:47 | 000,001,852 | ---- | C] () -- C:\Users\june call\Documents\action plan.rtf
[2011/02/12 23:05:43 | 000,000,287 | ---- | C] () -- C:\Users\june call\Desktop\MalWare Removal • Login.url
[2011/02/12 22:47:12 | 000,001,956 | ---- | C] () -- C:\Users\june call\Desktop\HiJackThis.lnk
[2011/02/11 20:33:08 | 000,000,613 | ---- | C] () -- C:\Users\june call\Documents\tv hoplink.rtf
[2011/02/11 20:28:12 | 000,001,164 | ---- | C] () -- C:\Users\june call\Documents\clickbank pass.rtf
[2011/02/11 17:08:43 | 000,000,212 | ---- | C] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In (2).url
[2011/02/11 17:08:39 | 000,000,212 | ---- | C] () -- C:\Users\june call\Desktop\watch pc content on tv › Log In.url
[2011/02/11 10:49:33 | 000,001,019 | ---- | C] () -- C:\Users\june call\Documents\word notes.rtf
[2011/02/07 06:59:06 | 000,000,234 | ---- | C] () -- C:\Users\june call\Documents\watchpccontentontv.com
[2011/02/07 05:51:16 | 000,000,266 | ---- | C] () -- C:\Users\june call\Desktop\WordPress.com — Get a Free Blog Here.url
[2011/02/06 21:51:31 | 000,000,619 | ---- | C] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform (2).url
[2011/02/06 14:54:39 | 000,010,246 | ---- | C] () -- C:\Users\june call\Documents\hoplink.docx
[2011/02/05 18:34:45 | 000,013,031 | ---- | C] () -- C:\Users\june call\Documents\internet tv on tv.docx
[2011/02/05 18:11:47 | 000,012,549 | ---- | C] () -- C:\Users\june call\Documents\internet tv to tv.docx
[2011/02/05 08:44:27 | 000,000,232 | ---- | C] () -- C:\Users\june call\Desktop\FileZilla - The free FTP solution.url
[2011/02/01 20:39:28 | 000,001,868 | ---- | C] () -- C:\Users\june call\Desktop\FileZilla Server Interface.lnk
[2011/02/01 16:08:01 | 000,011,372 | ---- | C] () -- C:\Users\june call\Documents\So you want to turn your computer into a TV set.docx
[2011/02/01 15:46:46 | 000,122,436 | ---- | C] () -- C:\Users\june call\Documents\keywordtpc.rtf
[2011/01/31 19:14:15 | 000,000,730 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2011/01/31 19:14:15 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
[2011/01/31 06:14:09 | 000,017,408 | ---- | C] () -- C:\Users\june call\Documents\guest for pillar of community.wps
[2011/01/30 23:16:36 | 000,000,318 | ---- | C] () -- C:\Users\june call\Desktop\untitled.html
[2011/01/30 22:26:30 | 000,001,111 | ---- | C] () -- C:\Users\june call\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/01/30 22:15:45 | 000,001,735 | ---- | C] () -- C:\Users\june call\Desktop\Free Dolphin Screensaver.lnk
[2011/01/30 21:01:54 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
[2011/01/30 20:58:14 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/01/30 20:58:00 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/01/30 20:57:41 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/01/30 20:55:47 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/01/30 18:22:52 | 000,000,261 | ---- | C] () -- C:\Users\june call\Desktop\Reset Password - iContact.url
[2011/01/30 18:17:57 | 000,000,668 | ---- | C] () -- C:\Users\june call\Desktop\iContact Login - iContact (2).url
[2011/01/30 18:17:39 | 000,000,666 | ---- | C] () -- C:\Users\june call\Desktop\iContact Login - iContact.url
[2011/01/30 18:17:28 | 000,000,343 | ---- | C] () -- C:\Users\june call\Desktop\iContact Email Marketing Simplified.url
[2011/01/30 11:38:30 | 000,001,659 | ---- | C] () -- C:\Users\june call\Documents\wordlisttv.rtf
[2011/01/30 10:47:52 | 000,000,583 | ---- | C] () -- C:\Users\june call\Desktop\Google (2).url
[2011/01/30 10:06:25 | 000,030,720 | ---- | C] () -- C:\Users\june call\Documents\cable.msam
[2011/01/30 09:14:09 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/01/30 09:10:15 | 000,000,252 | ---- | C] () -- C:\Users\june call\Desktop\Market Samurai.url
[2011/01/29 23:32:54 | 000,032,269 | ---- | C] () -- C:\Users\june call\Documents\satellite cable digital tv on your pc.docx
[2011/01/29 22:46:48 | 000,014,213 | ---- | C] () -- C:\Users\june call\Documents\word list.rtf
[2011/01/29 22:45:58 | 000,017,488 | ---- | C] () -- C:\Users\june call\Documents\Document.rtf
[2011/01/29 21:18:15 | 000,000,294 | ---- | C] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host (2).url
[2011/01/29 16:18:57 | 000,000,232 | ---- | C] () -- C:\Users\june call\Desktop\Keyword Analysis Tool - Market Samurai.url
[2011/01/29 14:23:12 | 000,095,285 | ---- | C] () -- C:\Users\june call\Documents\keyword_ideas_20110129_1220145(1).xlsx
[2011/01/29 13:36:39 | 000,000,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAT.lnk
[2011/01/29 12:28:07 | 000,000,913 | ---- | C] () -- C:\Users\june call\Desktop\Google.url
[2011/01/29 00:05:19 | 000,003,143 | ---- | C] () -- C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml
[2011/01/28 23:58:57 | 000,000,235 | ---- | C] () -- C:\Users\june call\Desktop\Yahoo! Answers - Home.url
[2011/01/28 23:58:38 | 000,000,217 | ---- | C] () -- C:\Users\june call\Desktop\Email Marketing - iContact.url
[2011/01/28 23:58:14 | 000,000,619 | ---- | C] () -- C:\Users\june call\Desktop\WordPress › Blog Tool and Publishing Platform.url
[2011/01/28 23:57:56 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (3).url
[2011/01/28 23:57:38 | 000,000,158 | ---- | C] () -- C:\Users\june call\Desktop\Web Hosting Professional Web Hosting from Just Host.url
[2011/01/28 23:57:22 | 000,000,220 | ---- | C] () -- C:\Users\june call\Desktop\Cheap Domain Names Registration, Domain Transfer, Free SSL Certificates, Free DNS, Privacy Protection • Namecheap.com.url
[2011/01/28 23:56:56 | 000,000,306 | ---- | C] () -- C:\Users\june call\Desktop\Home Quantcast.url
[2011/01/28 23:54:14 | 000,000,208 | ---- | C] () -- C:\Users\june call\Desktop\Alexa the Web Information Company.url
[2011/01/28 23:53:58 | 000,000,214 | ---- | C] () -- C:\Users\june call\Desktop\Compete Compete.url
[2011/01/28 23:52:58 | 000,000,205 | ---- | C] () -- C:\Users\june call\Desktop\KompoZer - Easy web authoring.url
[2011/01/28 23:52:09 | 000,000,250 | ---- | C] () -- C:\Users\june call\Desktop\Web design software, HTML editor Adobe Dreamweaver CS5.url
[2011/01/28 23:51:27 | 000,000,150 | ---- | C] () -- C:\Users\june call\Desktop\GIMP - The GNU Image Manipulation Program.url
[2011/01/28 23:24:09 | 000,000,344 | ---- | C] () -- C:\Users\june call\Desktop\Mass Money Makers (2).url
[2011/01/28 23:24:04 | 000,000,344 | ---- | C] () -- C:\Users\june call\Desktop\Mass Money Makers.url
[2011/01/28 23:19:28 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool (2).url
[2011/01/28 22:09:55 | 000,000,965 | ---- | C] () -- C:\Users\june call\Desktop\Google AdWords Keyword Tool.url
[2011/01/28 20:31:30 | 000,027,857 | ---- | C] () -- C:\Users\june call\Desktop\MassMoneyEMails.pdf
[2011/01/27 15:58:08 | 000,020,480 | ---- | C] () -- C:\Users\june call\Documents\Sandy Morain bio.wps
[2011/01/26 20:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/26 20:37:30 | 000,001,748 | ---- | C] () -- C:\Users\june call\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 16:43:36 | 000,000,788 | ---- | C] () -- C:\Users\june call\Desktop\FLVUnit.lnk
[2011/01/23 08:56:24 | 000,002,123 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011/01/23 08:49:28 | 000,000,165 | ---- | C] () -- C:\ProgramData\sl1438210541
[2011/01/23 08:48:48 | 000,000,104 | ---- | C] () -- C:\Windows\System32\514231384
[2011/01/23 08:40:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/01/22 23:08:28 | 000,000,242 | ---- | C] () -- C:\Users\june call\Desktop\- ClickBank.url
[2011/01/22 16:12:02 | 000,000,178 | ---- | C] () -- C:\Users\june call\Desktop\101 Ways To Make Money - Learn How To Make Money Online.url
[2011/01/22 12:06:48 | 000,000,277 | ---- | C] () -- C:\Users\june call\Desktop\Primerica Business Opportunity.url
[2011/01/22 12:05:06 | 000,000,403 | ---- | C] () -- C:\Users\june call\Desktop\Primerica Business Opportunity - Part-Time Opportunity.url
[2011/01/22 10:43:23 | 000,010,516 | ---- | C] () -- C:\Users\june call\Desktop\Make Money Online (Without Spending a Dime).url
[2011/01/21 19:48:10 | 000,001,619 | ---- | C] () -- C:\Users\june call\Desktop\make money internet - How-To Videos & Articles « Wonder How To.url
[2010/11/14 20:53:01 | 000,000,006 | ---- | C] () -- C:\Users\june call\AppData\Roaming\start
[2010/11/14 20:16:10 | 000,000,175 | ---- | C] () -- C:\ProgramData\34889c28
[2010/11/13 15:46:38 | 000,000,148 | -HS- | C] () -- C:\ProgramData\878234495
[2010/11/13 15:46:37 | 000,001,185 | ---- | C] () -- C:\ProgramData\343072851
[2010/07/22 16:09:26 | 000,000,120 | ---- | C] () -- C:\Users\june call\AppData\Local\Owatusezejo.dat
[2010/07/22 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\Omadegefi.bin
[2010/06/19 15:42:46 | 000,026,760 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2010/05/11 11:51:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/10 18:25:58 | 000,002,000 | ---- | C] () -- C:\Users\june call\AppData\Roaming\wklnhst.dat
[2010/04/25 19:52:06 | 000,000,680 | ---- | C] () -- C:\Users\june call\AppData\Local\d3d9caps.dat
[2010/04/20 19:48:38 | 000,048,379 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/20 19:16:23 | 000,048,379 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\QSwitch.txt
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\DSwitch.txt
[2010/04/17 23:37:02 | 000,000,000 | ---- | C] () -- C:\Users\june call\AppData\Local\AtStart.txt
[2010/04/17 21:43:21 | 000,119,296 | ---- | C] () -- C:\Users\june call\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/14 12:25:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 20:03:11 | 000,002,415 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/07/22 16:38:12 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\10C347C7DECC6D9AC868A193E3C030AA
[2010/06/19 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\Bytemobile
[2010/06/15 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/02/11 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\FileZilla
[2011/02/18 19:19:21 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\FrostWire
[2010/11/05 15:23:39 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\ieSpell
[2011/01/21 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\Image Zone Express
[2011/01/23 09:39:53 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\LimeWire
[2010/08/29 21:11:57 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\MSNInstaller
[2010/06/29 10:19:51 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\PlayFirst
[2011/01/21 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\Printer Info Cache
[2010/06/19 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\Sierra Wireless
[2010/05/10 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\Template
[2010/04/28 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\WeatherBug
[2010/06/29 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\WildTangent
[2011/02/20 10:37:37 | 000,032,648 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/16 03:24:53 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{95651EAF-5A5D-4E59-AC85-8EC1E203124A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1187 bytes -> C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml:OECustomProperty

< End of report >


thamks
james
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 21st, 2011, 6:54 am

stingerbud,
If you visit marketing sites often, be aware that they DO NOT value your privacy, and will track you all over the place.
Their business is gathering info without permission and selling it to others.

The P2P programs (Frostwire, Limewire) are likely the reason your computer became seriously infected.
Not sure if we got it all yet. You were very close to having to reformat the drive and reinstall windows

----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5C 95 80 03 A6 20 28 4D 98 70 93 9E CD DD 4B 13 [binary data]
    FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
    FF - prefs.js..extensions.enabledItems: {bdd75058-3707-433a-9f45-166942f61d1e}:1.0
    @Alternate Data Stream - 1187 bytes -> C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml:OECustomProperty
    [2011/02/18 19:19:21 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\FrostWire
    [2011/01/23 09:39:53 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\LimeWire
    [2010/04/28 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\june call\AppData\Roaming\WeatherBug
    File not found (No name found) -- C:\USERS\JUNE CALL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQ834HWX.DEFAULT\EXTENSIONS\{BDD75058-3707-433A-9F45-166942F61D1E}
    File not found (No name found) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
    
    :Files
    C:\Program Files\Frostwire
    C:\Program Files\Limewire
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    
    :filefind
    C:\windows\system32\*wow.exe
    C:\windows\*wow.exe
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

----------------------------------------------------------------------------------
I don't know whether you have Malwarebytes on your machine already. If not, here are the instructions to download it.
If you already have it, just do an update from the Update tab, and run it. Then post the log per instructions.
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 21st, 2011, 10:13 pm

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 removed from extensions.enabledItems
Prefs.js: {bdd75058-3707-433a-9f45-166942f61d1e}:1.0 removed from extensions.enabledItems
ADS C:\Users\june call\Desktop\Welcome To Mass Money Makers (save this email).eml:OECustomProperty deleted successfully.
C:\Users\june call\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\june call\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\june call\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\june call\AppData\Roaming\WeatherBug folder moved successfully.
========== FILES ==========
C:\Program Files\FrostWire\plugins folder moved successfully.
C:\Program Files\FrostWire folder moved successfully.
C:\Program Files\LimeWire\root\magnet10 folder moved successfully.
C:\Program Files\LimeWire\root folder moved successfully.
C:\Program Files\LimeWire\lib\avg folder moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire\.NetworkShare folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: june call
->Temp folder emptied: 442477 bytes
->Temporary Internet Files folder emptied: 49883557 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11590 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 539195 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02212011_193402

Files\Folders moved on Reboot...
C:\Users\june call\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\june call\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XG6YTSC\viewtopic[1].htm moved successfully.
C:\Users\june call\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Windows\temp\wbxtra_02202011_103922.wbt moved successfully.

Registry entries deleted on Reboot...

SystemLook 04.09.10 by jpshortstuff
Log created at 19:43 on 21/02/2011 by june call
Administrator - Elevation successful

========== filefind ==========

Searching for "C:\windows\system32\*wow.exe"
No files found.

Searching for "C:\windows\*wow.exe"
No files found.

-= EOF =-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5835

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2/21/2011 8:02:27 PM
mbam-log-2011-02-21 (20-02-27).txt

Scan type: Quick scan
Objects scanned: 172784
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\audiokse32.dll (Trojan.Tracur.S) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0C015699-7DB8-6942-80C6-C5057CA00DE7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C015699-7DB8-6942-80C6-C5057CA00DE7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C015699-7DB8-6942-80C6-C5057CA00DE7} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\1446706248 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\audiokse32.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\A83B.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\486.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\5EE3.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\61F8.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\D32F.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\E16E.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\E3AB.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321073c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321073o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321073p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321073s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321122c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321122o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321122p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\02000000c4ae6f321122s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\02000000c4ae6f321122c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\02000000c4ae6f321122o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\02000000c4ae6f321122p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\02000000c4ae6f321122s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.


Thanks
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 22nd, 2011, 7:40 am

stingerbud,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved in the main directory of C:
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
-----------------------------------------------
Update, Scan with Antivir
Right click Avira Antivir Red umbrella icon in the system tray, choose Start Antivir and have it Update. Then Run a Full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware