Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirection Virus

Unread postby Raskolnikov » August 12th, 2011, 2:05 pm

Hello and thanks for bothering to read this,

My computer was (very) recently flooded with viruses. I managed to delete the one causing the blue screen of death after every five minutes of it running and after that proceeded to do two quick scans with Malwarebytes, on the second scan nothing was found, so I moved on to a full scan. Still nothing found, and I re-installed my free antivirus software (Avira Antivirus).

After that I thought I was out of the woods but I seem to have caught and kept a redirection virus.
Basically every now and then when I click a link after doing a search with google (or bing, or anything else) I get redirected to a relatively random website. After installing the newest versions of Internet Explorer and Firefox I noticed it doesn't go through with redirecting me, instead it stays a blank page and I can find "http://www.goingonearth.com/search.php?q=[Myqueryhere]"

EDIT: I'm replacing both files as I've read a couple other forum posts and realized that I ought to get rid of P2P programs, nothing else should be different though I'm saving the old ones to a .txt just in case.
Oh, and Avira meanwhile caught a...uhm..."TR/DROPPER.Gen Trojan" which is now in quarantine. Don't know if that would help. Anyways, here are the files.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Zoe at 20:02:16 on 2011-08-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.845 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Zoe at 11:18:55 on 2011-08-13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1049 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\TEMP\vbsqrj\setup.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\zoe\appdata\roaming\appconf32.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [EADM] "c:\program files\electronic arts\eadm\EADMUI.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\zoe\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\zoe\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to iPod Converter - c:\users\zoe\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\zoe\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\icq7.4\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{F1A27822-154A-4D21-B718-C2E49DC76360} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\zoe\appdata\roaming\mozilla\firefox\profiles\gr2jcjly.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=gr ... =616163&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\zoe\appdata\roaming\mozilla\firefox\profiles\gr2jcjly.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\zoe\appdata\roaming\mozilla\firefox\profiles\gr2jcjly.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\zoe\appdata\roaming\mozilla\firefox\profiles\gr2jcjly.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
FF - component: c:\users\zoe\appdata\roaming\mozilla\firefox\profiles\gr2jcjly.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-5 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-4 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-12 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-12 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-12 66616]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-17 21992]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2011-2-2 247096]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-2-1 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-5 6789120]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-5 235520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-10 20704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
S2 AMService;AMService;c:\windows\temp\vbsqrj\setup.exe run --> c:\windows\temp\vbsqrj\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-12 22712]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-12 366640]
.
=============== Created Last 30 ================
.
2011-08-13 01:53:37 -------- d-----w- C:\xmldm
2011-08-13 01:53:37 -------- d-----w- C:\kock
2011-08-12 23:06:30 211920 ----a-w- c:\users\zoe\appdata\roaming\AcroIEHelpe.dll
2011-08-12 23:06:14 -------- d-----w- c:\users\zoe\appdata\roaming\5021
2011-08-12 23:06:02 112 ----a-w- c:\users\zoe\appdata\roaming\srvblck2.tmp
2011-08-12 23:05:59 -------- d-----w- c:\users\zoe\appdata\roaming\UAs
2011-08-12 23:05:56 -------- d-----w- c:\users\zoe\appdata\roaming\xmldm
2011-08-12 23:05:56 -------- d-----w- c:\users\zoe\appdata\roaming\kock
2011-08-12 22:00:19 -------- d-----w- c:\users\zoe\appdata\local\{D0FDE71E-F17B-4E93-8D3A-692D862102E0}
2011-08-12 22:00:07 -------- d-----w- c:\users\zoe\appdata\local\{838A7887-7C37-4EC3-973E-C569C9B68A14}
2011-08-12 16:45:46 388096 ----a-r- c:\users\zoe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-12 16:45:46 -------- d-----w- c:\program files\HighjackThis
2011-08-12 16:16:05 -------- d-----w- c:\users\zoe\appdata\roaming\Avira
2011-08-12 16:14:47 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-12 16:09:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-12 16:09:24 -------- d-----w- c:\programdata\Avira
2011-08-12 16:09:24 -------- d-----w- c:\program files\Avira
2011-08-12 16:05:09 -------- d-----w- C:\!KillBox
2011-08-12 16:01:35 -------- d-----w- c:\program files\CCleaner
2011-08-12 14:15:05 -------- d-----w- c:\windows\system32\appmgmt
2011-08-12 09:59:37 -------- d-----w- c:\users\zoe\appdata\local\{F7527933-EA43-4E1D-A1D8-750CFC65D73B}
2011-08-12 09:59:25 -------- d-----w- c:\users\zoe\appdata\local\{A54E48CC-9131-4667-AA2A-6D27B6592C0F}
2011-08-12 09:07:16 -------- d-----w- c:\users\zoe\appdata\roaming\Malwarebytes
2011-08-12 09:07:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 09:07:07 -------- d-----w- c:\programdata\Malwarebytes
2011-08-12 09:07:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 09:07:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-12 08:41:18 0 ----a-w- c:\users\zoe\appdata\local\Tzufoxegiri.bin
2011-08-12 08:41:15 -------- d-----w- c:\users\zoe\appdata\local\{CA836C4E-F418-4389-959F-DB48B24638C3}
2011-08-12 08:39:40 65536 --sha-r- c:\windows\system32\unimdmu.dll
2011-08-12 08:39:40 65536 --sha-r- c:\windows\system32\netutilsg.dll
2011-08-12 08:39:39 65536 --sha-r- c:\windows\system32\avifilev.dll
2011-08-11 22:02:51 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bca4fb95-a0ea-479a-8590-67cbb6462c0c}\mpengine.dll
2011-08-11 21:58:52 -------- d-----w- c:\users\zoe\appdata\local\{EF3FD35F-E8AA-49CD-9F95-96C9E2131F13}
2011-08-11 21:57:19 -------- d-----w- c:\users\zoe\appdata\local\{BFEF1610-C05A-419E-B3CE-1EA2192BB68D}
2011-08-10 21:18:38 -------- d-----w- c:\users\zoe\appdata\local\{18BFDD37-775A-415D-B518-41905519CF6B}
2011-08-10 21:18:27 -------- d-----w- c:\users\zoe\appdata\local\{2DF35316-4233-4520-AC37-63E980DA2369}
2011-08-10 09:18:01 -------- d-----w- c:\users\zoe\appdata\local\{DE9CE08F-E292-41CA-BB34-62B4909D0D66}
2011-08-10 09:17:49 -------- d-----w- c:\users\zoe\appdata\local\{356568C4-2BC5-4F3F-ABED-B011AB1F4EA8}
2011-08-09 12:15:04 -------- d-----w- c:\users\zoe\appdata\local\{01A4559B-DE5E-4BA3-AAC8-6B724CAA0BF8}
2011-08-09 12:14:52 -------- d-----w- c:\users\zoe\appdata\local\{1979C396-32BF-4B22-ADB6-67A020204D13}
2011-08-09 00:14:21 -------- d-----w- c:\users\zoe\appdata\local\{56834C27-0ABD-4971-9575-81CC47587D39}
2011-08-09 00:12:54 -------- d-----w- c:\users\zoe\appdata\local\{65329A6D-D549-4C35-A6D9-F3E57D5522D2}
2011-08-05 10:16:26 -------- d-----w- c:\users\zoe\appdata\local\{1FB02B90-0164-4554-A73D-6AE05FB209BD}
2011-08-05 10:16:15 -------- d-----w- c:\users\zoe\appdata\local\{FA963413-E2D8-4B66-8846-C7E26BB85FE1}
2011-08-05 08:48:41 -------- d-----w- c:\programdata\Media Center Programs
2011-08-04 22:15:47 -------- d-----w- c:\users\zoe\appdata\local\{5E55A6E5-8880-48C8-8A75-97C050EBB2C5}
2011-08-04 10:15:20 -------- d-----w- c:\users\zoe\appdata\local\{86F1C275-61EF-4447-98F5-AC6738F99585}
2011-08-03 22:14:51 -------- d-----w- c:\users\zoe\appdata\local\{15B469A3-F451-41D2-B57C-B224BB29AF12}
2011-08-03 22:14:39 -------- d-----w- c:\users\zoe\appdata\local\{FCD7B2D2-6102-49E2-87C0-21AFCF0F9B98}
2011-08-03 10:13:52 -------- d-----w- c:\users\zoe\appdata\local\{8E0688BA-D3E7-402E-AF71-F8081F25781D}
2011-08-02 22:12:10 -------- d-----w- c:\users\zoe\appdata\local\{B1AF41D6-4E05-4ADF-8AB0-C6350DFA07D4}
2011-08-01 20:16:32 -------- d-----w- c:\users\zoe\appdata\local\{58523C80-D950-4F51-9F66-7F4F7E712F42}
2011-08-01 16:45:03 -------- d-----w- c:\users\zoe\appdata\roaming\WB Games
2011-08-01 15:43:20 -------- d-----w- c:\program files\WB Games
2011-08-01 08:16:07 -------- d-----w- c:\users\zoe\appdata\local\{05EECF92-55D1-4E54-AEFA-46059EAC2585}
2011-07-31 20:15:42 -------- d-----w- c:\users\zoe\appdata\local\{C8448456-5E24-413C-A567-21014ECCD874}
2011-07-30 14:54:32 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-30 14:54:32 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-30 14:54:32 225280 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2011-07-30 14:54:32 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-07-30 14:54:32 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-30 08:14:54 -------- d-----w- c:\users\zoe\appdata\local\{D97D916A-53F2-4893-8E8E-612049C0A303}
2011-07-29 20:14:30 -------- d-----w- c:\users\zoe\appdata\local\{CCB7E820-643C-42A4-AE14-EA4A78EBB17B}
2011-07-29 08:12:42 -------- d-----w- c:\users\zoe\appdata\local\{104EF150-E5FF-482D-B241-494165759062}
2011-07-28 11:09:37 7552 ----a-w- c:\windows\system32\drivers\enodpl.sys
2011-07-28 11:09:37 6659 ----a-w- c:\windows\system32\TANDPL.VXD
2011-07-28 11:09:37 6532 ----a-w- c:\windows\system32\ENODPL.VXD
2011-07-28 11:09:37 4736 ----a-w- c:\windows\system32\drivers\tandpl.sys
2011-07-28 11:06:27 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-07-28 11:06:27 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-07-28 11:06:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-07-28 11:06:27 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-07-28 11:06:27 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-07-28 11:06:20 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-07-28 11:06:19 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-07-27 08:58:36 -------- d-----w- c:\users\zoe\appdata\local\{EC169B0B-B9C9-4833-8AA0-882B24F7D11B}
2011-07-26 11:11:47 -------- d-----w- c:\program files\SQUARE ENIX - Eidos Interactive
2011-07-26 07:56:46 -------- d-----w- c:\users\zoe\appdata\local\{E98E9CD3-ACFD-4686-82D1-EE28D3A52540}
2011-07-25 17:34:24 -------- d-----w- c:\program files\Activision
2011-07-25 17:32:10 -------- d-sh--w- c:\windows\ftpcache
2011-07-25 10:34:20 -------- d-----w- c:\users\zoe\appdata\local\{A0133E41-DA00-46C0-A52C-1E14D8C2F1B7}
2011-07-24 19:30:16 -------- d-----w- c:\users\zoe\appdata\local\{434804DF-6580-45AE-B40B-0702B2EC2257}
2011-07-24 06:22:22 -------- d-----w- c:\users\zoe\appdata\local\{367CB68F-395C-45B2-B9A7-81E34CCA7DE3}
2011-07-23 10:25:22 -------- d-----w- c:\program files\KONAMI
2011-07-23 02:39:35 -------- d-----w- c:\users\zoe\appdata\local\{96ECE04B-9CB0-4D6E-BDED-B00DC3628211}
2011-07-22 14:39:10 -------- d-----w- c:\users\zoe\appdata\local\{DEC66BFD-0A12-4D44-B6E2-1707C2CE8866}
2011-07-21 14:37:07 -------- d-----w- c:\users\zoe\appdata\local\{F0402290-8AAF-4EE3-B1EC-98C97BEB9046}
2011-07-21 14:29:01 -------- d-----w- c:\windows\en
2011-07-21 14:28:36 -------- d-----w- c:\windows\de
2011-07-21 14:27:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-21 14:25:44 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-07-21 14:22:51 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-07-21 14:22:51 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-07-21 14:22:04 94040 ----a-w- c:\program files\common files\windows live\.cache\8ffd5d061cc47b105\DSETUP.dll
2011-07-21 14:22:04 525656 ----a-w- c:\program files\common files\windows live\.cache\8ffd5d061cc47b105\DXSETUP.exe
2011-07-21 14:22:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\8ffd5d061cc47b105\dsetup32.dll
2011-07-21 14:21:59 94040 ----a-w- c:\program files\common files\windows live\.cache\8c7959391cc47b104\DSETUP.dll
2011-07-21 14:21:59 525656 ----a-w- c:\program files\common files\windows live\.cache\8c7959391cc47b104\DXSETUP.exe
2011-07-21 14:21:59 1691480 ----a-w- c:\program files\common files\windows live\.cache\8c7959391cc47b104\dsetup32.dll
2011-07-21 14:19:46 -------- d-----w- c:\users\zoe\appdata\local\{E6B97B04-6F2E-4983-BAC1-0D250047934A}
2011-07-20 21:52:09 -------- d-----w- c:\users\zoe\appdata\local\{CA9A386F-B4A9-47B5-A723-07C0622FDB0B}
2011-07-19 15:03:58 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-07-19 08:59:12 -------- d-----w- c:\users\zoe\appdata\local\Criterion Games
2011-07-19 08:57:18 11848 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-07-19 08:56:58 -------- d-----w- c:\users\zoe\appdata\local\Downloaded Installations
2011-07-19 07:40:03 -------- d-----w- c:\program files\Team17
2011-07-18 09:18:44 -------- d-----w- c:\users\zoe\appdata\local\{8874EA0C-A7B7-4522-8A4A-9AE2EB436410}
2011-07-17 20:31:05 -------- d-----w- c:\users\zoe\appdata\local\{8886B1B2-EF9A-4B2A-916F-0897A2621A5E}
2011-07-16 19:58:59 -------- d-----w- c:\users\zoe\appdata\local\{E5AD17D5-FBF7-4538-A175-CA00DF58FFAF}
2011-07-15 22:57:14 -------- d-----w- c:\users\zoe\appdata\local\{ED3B9CF7-F615-48FF-BF97-27853FCCE16E}
2011-07-15 10:56:49 -------- d-----w- c:\users\zoe\appdata\local\{1ECBA6FF-7862-4629-96EA-559E9EA2E153}
2011-07-14 22:56:25 -------- d-----w- c:\users\zoe\appdata\local\{E3CCAF43-FF36-4161-A23C-180AF6D74E48}
2011-07-14 20:47:46 -------- d-----w- C:\Downloads
2011-07-14 10:54:43 -------- d-----w- c:\users\zoe\appdata\local\{266CEF0F-2C1E-4035-8048-E7CE2A39659C}
.
==================== Find3M ====================
.
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-07 12:19:11 21219639 ----a-w- C:\windows.7.codec.pack.v3.1.0.setup.exe
2011-07-07 11:09:20 1582304 ----a-w- C:\rcsetup140_slim.exe
2011-07-07 11:05:32 642712 ----a-w- C:\gfwlivesetup.exe
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-22 13:28:50 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-22 13:28:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-04-16 14:26:25 925184 ----a-w- c:\program files\AppWorldInstaller-de.msi
2011-04-08 13:43:48 168166968 ----a-w- c:\program files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
.
============= FINISH: 11:19:44.81 ===============

Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2011 11:09:17 PM
System Uptime: 8/12/2011 8:52:56 PM (15 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7388
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 55.238 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 8/10/2011 2:27:13 PM - Removed XIII
RP185: 8/12/2011 12:02:03 AM - Windows Update
RP186: 8/12/2011 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AMD Drag and Drop Transcoding
AMD Fuel
ANNO 1404
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio Elements 10.0.9
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Burnout(TM) Paradise The Ultimate Box
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDisplayEx 1.8
Conduit Engine
Connect
CPUID CPU-Z 1.57.1
D3DX10
Dead Space™ 2
Die Sims™ 3
Die Sims™ 3 Erstelle einen Sim
DivX-Setup
Dragon Age II
DVDVideoSoftTB Toolbar
EA Download Manager
Fallout 3
Free Audio CD Burner version 1.4.7
Free YouTube to iPod Converter version 3.9.32.324
Free YouTube to MP3 Converter version 3.9.35.324
Google Chrome
Google Update Helper
Harry Potter II
HiJackThis
ICQ Toolbar
ICQ7.4
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Just Cause 2
kuler
LEGO® Harry Potter™: Years 1-4
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Home and Student 2010 - Deutsch
Microsoft Office Klick-und-Los 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 5.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
OpenOffice.org 3.3
Paint.NET v3.5.8
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Prototype(TM)
QuickTime
Roxio Media Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype Toolbars
Skype™ 5.3
SPORE™
SPORE™ Galaktische Abenteuer
Suite Shared Configuration CS4
The Lord of the Rings FREE Trial
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 World Adventures
Tom Clancy's H.A.W.X
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.6
Windows 7 Codec Pack 3.1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR
WMV9/VC-1 Video Playback
Worms Reloaded
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
.
==== End Of File ===========================
Raskolnikov
Active Member
 
Posts: 5
Joined: August 12th, 2011, 1:43 pm
Advertisement
Register to Remove

Re: Redirection Virus

Unread postby Alander » August 14th, 2011, 2:34 pm

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Redirection Virus

Unread postby Raskolnikov » August 14th, 2011, 3:43 pm

Thanks for replying Alander, do take your time reviewing the mass of information I seem to have given you. My problem seems relatively minor anyways so I'm in no great hurry.

Just a question though, is there going to be a moderator or admin posting a "This is A-OK" message after each of your instructions or will your message just be..halted or something until someone gives it a green light?
Raskolnikov
Active Member
 
Posts: 5
Joined: August 12th, 2011, 1:43 pm

Re: Redirection Virus

Unread postby Alander » August 19th, 2011, 1:27 am

Hi, Sorry for the delay..

To answer your question, a teacher will approve my post before I post anything to you.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please tell me if this computer is used for business or connects to a business network. I need to know so I can provide the proper instructions.

Step 1
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3
WVCheck
Please go to WVCheck.exe. Save it to your Desktop.
  1. Double click WVCheck.exe, to run the process.
  2. Read the comments on the screen... then press Enter.
    The scan can take a while depending on the size of your hard drive.
  3. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  4. Please copy and paste the contents of the Notepad file in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. CKFiles.txt
  3. OTL.txt and Extras.txt
  4. WVCheck Report
  5. How is the computer behaving?
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Redirection Virus

Unread postby Raskolnikov » August 19th, 2011, 3:51 am

Oh, okay. Thanks for clearing this up for me. And this is just a home computer, the most business it sees is eBay.

Just a problem though, Avira Guard randomly detected viruses and I ended up performing scans. I left everything in the quarantine, but should I still do as instructed? I ask because you say not to make any changes and I'm not sure if..that means changes between when I sent the DDS log and now or between the moment I start following the steps and when I'm done.

Also I now have zero symptoms of any virus. Well, if you exclude Avira randomly catching things.
Raskolnikov
Active Member
 
Posts: 5
Joined: August 12th, 2011, 1:43 pm

Re: Redirection Virus

Unread postby Alander » August 19th, 2011, 4:35 pm

Yes, please proceed as per normal, but do not do anything else from this point of time
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Redirection Virus

Unread postby Raskolnikov » August 19th, 2011, 7:48 pm

Alright, following the steps now.

Okay, I get an error whenever I use WVCheck.exe, I'm posting the contents of WVCheck_error.txt at the end of this post.

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.WGAPRW
----- EOF -----


OTL logfile created on: 8/20/2011 1:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Zoe\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.49% Memory free
4.00 Gb Paging File | 2.53 Gb Available in Paging File | 63.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 57.89 Gb Free Space | 24.86% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 1.05 Gb Free Space | 0.35% Space Free | Partition Type: NTFS

Computer Name: ZOESPC | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Zoe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Users\Zoe\AppData\Roaming\5021\components\AcroFF5.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()


========== Win32 Services (SafeList) ==========

SRV - (BITCOMET_HELPER_SERVICE) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVUVC) Logitech HD Webcam C510(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 3A 6D 96 94 C1 CB 01 [binary data]
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856298439-158120997-17277159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.28
FF - prefs.js..extensions.enabledItems: {CA836C4E-F418-4389-959F-DB48B24638C3}:1.9.1
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/01 16:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/01 16:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CA836C4E-F418-4389-959F-DB48B24638C3}: C:\Users\Zoe\AppData\Local\{CA836C4E-F418-4389-959F-DB48B24638C3} [2011/08/12 10:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Zoe\AppData\Roaming\5021 [2011/08/13 01:06:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/12 19:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/12 18:48:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 20:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/02/07 18:43:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Zoe\AppData\Roaming\5021 [2011/08/13 01:06:28 | 000,000,000 | ---D | M]

[2011/02/01 11:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoe\AppData\Roaming\mozilla\Extensions
[2011/02/01 11:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/12 11:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions
[2011/02/02 00:03:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/04/19 21:14:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/04/26 15:08:22 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/04/19 20:32:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/14 22:47:38 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/04/19 21:14:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Zoe\AppData\Roaming\mozilla\Firefox\Profiles\gr2jcjly.default\extensions\engine@conduit.com
[2011/02/04 17:16:38 | 000,001,832 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\bing.xml
[2011/03/24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\conduit.xml
[2011/08/17 17:04:39 | 000,000,950 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\icqplugin-1.xml
[2011/04/26 23:05:49 | 000,000,950 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\icqplugin-2.xml
[2011/07/14 22:47:49 | 000,000,950 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\icqplugin-3.xml
[2011/04/08 15:28:34 | 000,001,056 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\gr2jcjly.default\searchplugins\icqplugin.xml
[2011/08/12 19:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/06/17 09:59:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/08 15:46:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/12 10:41:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ZOE\APPDATA\LOCAL\{CA836C4E-F418-4389-959F-DB48B24638C3}
[2011/08/13 01:06:28 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ZOE\APPDATA\ROAMING\5021
[2011/07/08 09:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/15 14:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/04/08 15:46:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-856298439-158120997-17277159-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-856298439-158120997-17277159-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-856298439-158120997-17277159-1000..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKU\S-1-5-21-856298439-158120997-17277159-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Zoe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zoe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\oeenpc\setup.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\TEMP\oeenpc\setup.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8a8a8e89-41bc-11e0-b53a-001d9249ca10}\Shell - "" = AutoRun
O33 - MountPoints2\{8a8a8e89-41bc-11e0-b53a-001d9249ca10}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{cc4677e7-b11e-11e0-825e-001d9249ca10}\Shell - "" = AutoRun
O33 - MountPoints2\{cc4677e7-b11e-11e0-825e-001d9249ca10}\Shell\AutoRun\command - "" = K:\suppress_explorer.exe
O33 - MountPoints2\{cc4677eb-b11e-11e0-825e-001d9249ca10}\Shell - "" = AutoRun
O33 - MountPoints2\{cc4677eb-b11e-11e0-825e-001d9249ca10}\Shell\AutoRun\command - "" = M:\suppress_explorer.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 01:33:45 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2011/08/20 00:27:31 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{BB117829-4772-495F-A680-74254EB1104A}
[2011/08/20 00:27:20 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{6E3A9CDF-A5C6-4B07-A958-272B06ED9863}
[2011/08/19 10:38:45 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{C8DBCED5-4471-4C2D-AD22-60C911BA548D}
[2011/08/19 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{CBAF00F2-D1CF-42C6-B1AD-505B628421B4}
[2011/08/18 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{FB8E4B7D-3A31-402C-B0DA-47202D6BE630}
[2011/08/18 22:37:53 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{1C41F66C-B06A-401D-8463-1630A8241CD6}
[2011/08/18 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{4DB93A45-8429-4B82-969A-7DD33A18AA77}
[2011/08/17 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{411F15AB-70C9-42A5-BFD4-8A134B4CDD5D}
[2011/08/17 22:36:43 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{ECA23AB5-77D9-458B-B4A6-FB522B9FE8EE}
[2011/08/17 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{82E91DF4-518F-4BE9-9B22-78A6E812FFE0}
[2011/08/17 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{B7C7AFD5-51C7-4100-A584-3465BD419031}
[2011/08/16 17:05:42 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{97349252-E3F9-40BF-80DF-5F49EC49C19A}
[2011/08/16 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{3C8D03AB-00BA-4AF8-9B3F-71D0A5E26B2D}
[2011/08/16 05:05:03 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{A4DEE799-5A56-4B36-98EC-83C319F56A9A}
[2011/08/16 05:04:51 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{3B163A0B-6CB1-45D2-A828-672AFC92204E}
[2011/08/15 17:10:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/15 17:09:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/15 17:07:36 | 000,000,000 | ---D | C] -- C:\kock
[2011/08/15 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{7F6AA6D0-9EED-4589-A402-1E3B09C000BD}
[2011/08/15 17:02:07 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{1EC84D9C-1406-4D4C-811A-BB45E01C2F6C}
[2011/08/14 17:00:06 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{7B970549-DB9C-4E72-A409-69206F33516E}
[2011/08/14 16:58:36 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{2909303E-906E-4B7E-A535-FBAFD6A0D956}
[2011/08/14 00:01:21 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{648674F8-D412-4896-A577-437849D987A3}
[2011/08/14 00:01:10 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{4050A017-7103-4FBA-9FCB-4400013F150F}
[2011/08/13 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{0AB97694-61C0-45BD-861B-E5F16BF1ACFF}
[2011/08/13 03:53:37 | 000,000,000 | ---D | C] -- C:\xmldm
[2011/08/13 01:06:14 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\5021
[2011/08/13 01:05:59 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\UAs
[2011/08/13 01:05:56 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\xmldm
[2011/08/13 01:05:56 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\kock
[2011/08/13 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{D0FDE71E-F17B-4E93-8D3A-692D862102E0}
[2011/08/13 00:00:07 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{838A7887-7C37-4EC3-973E-C569C9B68A14}
[2011/08/12 19:38:23 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Zoe\Desktop\dds.com
[2011/08/12 19:20:32 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Zoe\Desktop\tdsskiller.exe
[2011/08/12 18:48:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/12 18:48:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/12 18:48:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/12 18:48:06 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/12 18:48:06 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/12 18:48:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/12 18:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/12 18:48:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/12 18:48:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/12 18:48:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/12 18:48:06 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/12 18:48:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/12 18:48:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/12 18:48:06 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/12 18:48:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/12 18:48:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/12 18:48:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/12 18:48:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/12 18:48:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/12 18:48:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/12 18:48:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/12 18:48:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/12 18:48:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/12 18:48:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/12 18:48:05 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/12 18:48:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/12 18:48:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/12 18:48:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/12 18:48:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/12 18:48:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/12 18:48:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/12 18:48:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/12 18:48:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/12 18:48:05 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/12 18:48:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/12 18:48:05 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/12 18:48:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/12 18:45:46 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/12 18:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\HighjackThis
[2011/08/12 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Avira
[2011/08/12 18:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/12 18:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/12 18:09:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/12 18:09:24 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/12 18:09:24 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/12 18:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/12 18:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/12 18:05:09 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/08/12 18:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/12 16:15:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/12 12:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/12 11:59:37 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{F7527933-EA43-4E1D-A1D8-750CFC65D73B}
[2011/08/12 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{A54E48CC-9131-4667-AA2A-6D27B6592C0F}
[2011/08/12 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\Malwarebytes
[2011/08/12 11:07:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/12 11:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/12 11:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/12 11:07:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/12 11:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/12 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011/08/12 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{CA836C4E-F418-4389-959F-DB48B24638C3}
[2011/08/12 00:05:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/12 00:05:59 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/12 00:05:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/12 00:05:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/12 00:05:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/12 00:05:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/12 00:05:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/12 00:05:52 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/12 00:05:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/12 00:05:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/12 00:05:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/12 00:05:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/12 00:05:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/12 00:05:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/12 00:05:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/12 00:05:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/12 00:05:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/12 00:05:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/12 00:05:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/12 00:05:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/12 00:05:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/12 00:05:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/12 00:05:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/12 00:05:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/12 00:05:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 23:58:52 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{EF3FD35F-E8AA-49CD-9F95-96C9E2131F13}
[2011/08/11 23:57:19 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{BFEF1610-C05A-419E-B3CE-1EA2192BB68D}
[2011/08/10 23:18:38 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{18BFDD37-775A-415D-B518-41905519CF6B}
[2011/08/10 23:18:27 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{2DF35316-4233-4520-AC37-63E980DA2369}
[2011/08/10 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{DE9CE08F-E292-41CA-BB34-62B4909D0D66}
[2011/08/10 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{356568C4-2BC5-4F3F-ABED-B011AB1F4EA8}
[2011/08/09 14:15:04 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{01A4559B-DE5E-4BA3-AAC8-6B724CAA0BF8}
[2011/08/09 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{1979C396-32BF-4B22-ADB6-67A020204D13}
[2011/08/09 02:14:21 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{56834C27-0ABD-4971-9575-81CC47587D39}
[2011/08/09 02:12:54 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{65329A6D-D549-4C35-A6D9-F3E57D5522D2}
[2011/08/05 12:16:26 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{1FB02B90-0164-4554-A73D-6AE05FB209BD}
[2011/08/05 12:16:15 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{FA963413-E2D8-4B66-8846-C7E26BB85FE1}
[2011/08/05 10:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/08/05 00:15:47 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{5E55A6E5-8880-48C8-8A75-97C050EBB2C5}
[2011/08/04 12:15:20 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{86F1C275-61EF-4447-98F5-AC6738F99585}
[2011/08/04 00:14:51 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{15B469A3-F451-41D2-B57C-B224BB29AF12}
[2011/08/04 00:14:39 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{FCD7B2D2-6102-49E2-87C0-21AFCF0F9B98}
[2011/08/03 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{8E0688BA-D3E7-402E-AF71-F8081F25781D}
[2011/08/03 00:12:10 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{B1AF41D6-4E05-4ADF-8AB0-C6350DFA07D4}
[2011/08/01 22:16:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{58523C80-D950-4F51-9F66-7F4F7E712F42}
[2011/08/01 18:45:03 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Roaming\WB Games
[2011/08/01 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/08/01 10:16:07 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{05EECF92-55D1-4E54-AEFA-46059EAC2585}
[2011/07/31 22:15:42 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{C8448456-5E24-413C-A567-21014ECCD874}
[2011/07/30 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\Harry Potter II
[2011/07/30 16:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{D97D916A-53F2-4893-8E8E-612049C0A303}
[2011/07/29 22:14:30 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{CCB7E820-643C-42A4-AE14-EA4A78EBB17B}
[2011/07/29 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{104EF150-E5FF-482D-B241-494165759062}
[2011/07/28 13:15:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/07/27 20:21:13 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\Harry Potter and the Prisoner of Azkaban
[2011/07/27 17:51:49 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\EA Games Saves
[2011/07/27 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{EC169B0B-B9C9-4833-8AA0-882B24F7D11B}
[2011/07/26 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\Square Enix
[2011/07/26 13:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX - Eidos Interactive
[2011/07/26 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\SQUARE ENIX - Eidos Interactive
[2011/07/26 09:56:46 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{E98E9CD3-ACFD-4686-82D1-EE28D3A52540}
[2011/07/25 20:27:11 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\Prototype
[2011/07/25 19:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/07/25 19:32:10 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/07/25 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{A0133E41-DA00-46C0-A52C-1E14D8C2F1B7}
[2011/07/24 21:53:32 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Documents\My Received Files
[2011/07/24 21:30:16 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{434804DF-6580-45AE-B40B-0702B2EC2257}
[2011/07/24 08:22:22 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{367CB68F-395C-45B2-B9A7-81E34CCA7DE3}
[2011/07/23 12:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI
[2011/07/23 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011/07/23 04:39:35 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{96ECE04B-9CB0-4D6E-BDED-B00DC3628211}
[2011/07/22 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{DEC66BFD-0A12-4D44-B6E2-1707C2CE8866}
[2011/07/21 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{F0402290-8AAF-4EE3-B1EC-98C97BEB9046}
[2011/07/21 16:29:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/21 16:28:36 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/07/21 16:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/07/21 16:19:46 | 000,000,000 | ---D | C] -- C:\Users\Zoe\AppData\Local\{E6B97B04-6F2E-4983-BAC1-0D250047934A}
[2011/07/21 14:26:51 | 000,000,000 | ---D | C] -- C:\Users\Zoe\Desktop\StalkingInes
[1 C:\Users\Zoe\AppData\Roaming\*.tmp files -> C:\Users\Zoe\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/20 01:33:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Zoe\Desktop\OTL.exe
[2011/08/20 01:04:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 00:34:10 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 00:34:10 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 00:31:06 | 004,736,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/20 00:31:06 | 001,507,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/20 00:31:06 | 000,303,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/20 00:31:06 | 000,035,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/20 00:26:21 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 00:26:19 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\edonf.job
[2011/08/20 00:26:19 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\OEWB.job
[2011/08/20 00:26:19 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\zmrb.job
[2011/08/20 00:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/20 00:26:10 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 09:39:40 | 000,459,264 | ---- | M] () -- C:\Users\Zoe\Desktop\CKScanner.exe
[2011/08/17 21:08:35 | 000,000,186 | ---- | M] () -- C:\Users\Zoe\AppData\Roaming\urhtps.dat
[2011/08/17 21:05:23 | 018,820,757 | ---- | M] () -- C:\Users\Zoe\Desktop\must havev.rar
[2011/08/16 03:18:37 | 002,307,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/15 19:57:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/15 17:29:19 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/08/12 19:38:24 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Zoe\Desktop\dds.com
[2011/08/12 19:30:41 | 000,259,674 | ---- | M] () -- C:\Users\Public\Documents\cc_20110812_193028.reg
[2011/08/12 19:20:34 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zoe\Desktop\tdsskiller.exe
[2011/08/12 19:17:24 | 000,000,795 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2011/08/12 19:13:58 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/12 19:08:44 | 000,001,399 | ---- | M] () -- C:\Users\Zoe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/12 18:48:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/12 18:48:06 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/12 18:48:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/12 18:48:06 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/12 18:48:06 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/12 18:48:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/12 18:48:06 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/12 18:48:06 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/12 18:48:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/12 18:48:06 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/12 18:48:06 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/12 18:48:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/12 18:48:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/12 18:48:06 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/12 18:48:06 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/12 18:48:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/12 18:48:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/12 18:48:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/12 18:48:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/12 18:48:06 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/12 18:48:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/12 18:48:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/12 18:48:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/12 18:48:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/12 18:48:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/12 18:48:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/12 18:48:05 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/12 18:48:05 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/12 18:48:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/12 18:48:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/12 18:48:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/12 18:48:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/12 18:48:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/12 18:48:05 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/12 18:48:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/12 18:48:05 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/12 18:48:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/12 18:48:05 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/12 18:45:46 | 000,002,979 | ---- | M] () -- C:\Users\Zoe\Desktop\HiJackThis.lnk
[2011/08/12 18:09:34 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/12 16:06:49 | 000,000,454 | ---- | M] () -- C:\Windows\System32\test
[2011/08/12 12:45:24 | 000,000,120 | ---- | M] () -- C:\Users\Zoe\AppData\Local\Nbeyahexofipu.dat
[2011/08/12 11:07:07 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 10:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Zoe\AppData\Local\Tzufoxegiri.bin
[2011/07/30 02:19:51 | 000,055,203 | ---- | M] () -- C:\Users\Zoe\Desktop\Gutscheine.jpg
[2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Users\Zoe\AppData\Roaming\*.tmp files -> C:\Users\Zoe\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 09:39:39 | 000,459,264 | ---- | C] () -- C:\Users\Zoe\Desktop\CKScanner.exe
[2011/08/17 21:05:20 | 018,820,757 | ---- | C] () -- C:\Users\Zoe\Desktop\must havev.rar
[2011/08/15 17:09:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/14 19:15:31 | 000,000,186 | ---- | C] () -- C:\Users\Zoe\AppData\Roaming\urhtps.dat
[2011/08/12 19:30:34 | 000,259,674 | ---- | C] () -- C:\Users\Public\Documents\cc_20110812_193028.reg
[2011/08/12 19:13:58 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/12 19:13:58 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/12 18:48:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/12 18:45:46 | 000,002,979 | ---- | C] () -- C:\Users\Zoe\Desktop\HiJackThis.lnk
[2011/08/12 18:09:34 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/12 11:07:07 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 10:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Zoe\AppData\Local\Tzufoxegiri.bin
[2011/08/12 10:41:17 | 000,000,120 | ---- | C] () -- C:\Users\Zoe\AppData\Local\Nbeyahexofipu.dat
[2011/08/12 10:39:40 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\edonf.job
[2011/08/12 10:39:40 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\OEWB.job
[2011/08/12 10:39:40 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\zmrb.job
[2011/07/30 02:19:49 | 000,055,203 | ---- | C] () -- C:\Users\Zoe\Desktop\Gutscheine.jpg
[2011/07/28 13:09:37 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2011/07/28 13:09:37 | 000,006,659 | ---- | C] () -- C:\Windows\System32\TANDPL.VXD
[2011/07/28 13:09:37 | 000,006,532 | ---- | C] () -- C:\Windows\System32\ENODPL.VXD
[2011/07/28 13:09:37 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2011/07/21 16:28:21 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/07/21 16:28:02 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/07 17:04:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/07 17:03:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/22 15:28:49 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/05/22 15:28:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/05/03 00:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2011/05/03 00:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011/05/02 22:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/05/02 22:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011/05/02 22:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/16 16:26:22 | 000,925,184 | ---- | C] () -- C:\Program Files\AppWorldInstaller-de.msi
[2011/04/16 14:52:27 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2011/04/10 15:31:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/08 15:41:35 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/18 23:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/03/18 23:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011/03/18 23:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011/03/18 23:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011/03/18 23:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011/03/18 23:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011/03/18 23:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/03/03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/03/03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/03/03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/03/03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011/03/03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/03/03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/03/03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 21:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/01 23:08:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/01 11:39:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/01 08:56:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/01 00:26:30 | 004,736,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/02/01 00:26:30 | 001,507,914 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/02/01 00:26:30 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/02/01 00:26:30 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/08/18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2009/10/31 12:08:11 | 000,123,840 | RHS- | C] () -- C:\Users\Zoe\AppData\Roaming\prapproxy32.exe
[2009/10/31 12:08:11 | 000,113,600 | RHS- | C] () -- C:\Users\Zoe\AppData\Roaming\prapproxy32.dll
[2009/08/11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/11 23:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\System32\ac3filter_intl.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 002,307,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,303,676 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,035,734 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/09 03:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/09 17:23:13 | 000,047,664 | RHS- | C] () -- C:\Users\Zoe\AppData\Roaming\appconf32.exe
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/03/04 06:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\System32\OptimFROG.dll

< End of report >



OTL Extras logfile created on: 8/20/2011 1:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Zoe\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.49% Memory free
4.00 Gb Paging File | 2.53 Gb Available in Paging File | 63.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 57.89 Gb Free Space | 24.86% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 1.05 Gb Free Space | 0.35% Space Free | Partition Type: NTFS

Computer Name: ZOESPC | User Name: Zoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-856298439-158120997-17277159-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB1AEE0-0B27-F3C8-0582-67976480E480}" = AMD Fuel
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D54D8DF-25CF-9752-787E-BF8D560B009B}" = AMD Drag and Drop Transcoding
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer
"{63CEA395-22F6-A2FC-9290-B4103E0B628F}" = WMV9/VC-1 Video Playback
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die Sims™ 3 Erstelle einen Sim
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Years 1-4
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DB837331-6864-4B66-7248-4CB823DB4222}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.32.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.6
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Worms Reloaded_is1" = Worms Reloaded

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Traceback (most recent call last):
File "<string>", line 367, in <module>
File "<string>", line 236, in main
File "<string>", line 358, in checkHostsFile
IOError: [Errno 2] No such file or directory: 'C:\\Windows\\system32\\drivers\\etc\\hosts'
Raskolnikov
Active Member
 
Posts: 5
Joined: August 12th, 2011, 1:43 pm

Re: Redirection Virus

Unread postby Alander » August 21st, 2011, 12:01 pm

Step 1.
Create a System Restore Point (Vista - W7)
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.

Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
SystemLook
Please download SystemLook.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :dir 
    c:\users\zoe\appdata\local\{D0FDE71E-F17B-4E93-8D3A-692D862102E0}
    c:\users\zoe\appdata\local\{838A7887-7C37-4EC3-973E-C569C9B68A14}
    c:\program files\HighjackThis
    C:\!KillBox
    c:\users\zoe\appdata\local\{F7527933-EA43-4E1D-A1D8-750CFC65D73B}
    c:\users\zoe\appdata\local\{A54E48CC-9131-4667-AA2A-6D27B6592C0F}
    c:\users\zoe\appdata\local\{CA836C4E-F418-4389-959F-DB48B24638C3}
    c:\users\zoe\appdata\local\{EF3FD35F-E8AA-49CD-9F95-96C9E2131F13}
    c:\users\zoe\appdata\local\{BFEF1610-C05A-419E-B3CE-1EA2192BB68D}
    c:\users\zoe\appdata\local\{18BFDD37-775A-415D-B518-41905519CF6B}
    c:\users\zoe\appdata\local\{2DF35316-4233-4520-AC37-63E980DA2369}
    c:\users\zoe\appdata\local\{DE9CE08F-E292-41CA-BB34-62B4909D0D66}
    c:\users\zoe\appdata\local\{356568C4-2BC5-4F3F-ABED-B011AB1F4EA8}
    c:\users\zoe\appdata\local\{01A4559B-DE5E-4BA3-AAC8-6B724CAA0BF8}
    c:\users\zoe\appdata\local\{1979C396-32BF-4B22-ADB6-67A020204D13}
    c:\users\zoe\appdata\local\{56834C27-0ABD-4971-9575-81CC47587D39}
    c:\users\zoe\appdata\local\{65329A6D-D549-4C35-A6D9-F3E57D5522D2}
    c:\users\zoe\appdata\local\{1FB02B90-0164-4554-A73D-6AE05FB209BD}
    c:\users\zoe\appdata\local\{FA963413-E2D8-4B66-8846-C7E26BB85FE1}
    c:\users\zoe\appdata\local\{5E55A6E5-8880-48C8-8A75-97C050EBB2C5}
    c:\users\zoe\appdata\local\{86F1C275-61EF-4447-98F5-AC6738F99585}
    c:\users\zoe\appdata\local\{15B469A3-F451-41D2-B57C-B224BB29AF12}
    c:\users\zoe\appdata\local\{FCD7B2D2-6102-49E2-87C0-21AFCF0F9B98}
    c:\users\zoe\appdata\local\{8E0688BA-D3E7-402E-AF71-F8081F25781D}
    c:\users\zoe\appdata\local\{B1AF41D6-4E05-4ADF-8AB0-C6350DFA07D4}
    c:\users\zoe\appdata\local\{58523C80-D950-4F51-9F66-7F4F7E712F42}
    c:\users\zoe\appdata\local\{05EECF92-55D1-4E54-AEFA-46059EAC2585}
    c:\users\zoe\appdata\local\{C8448456-5E24-413C-A567-21014ECCD874}
    c:\users\zoe\appdata\local\{D97D916A-53F2-4893-8E8E-612049C0A303}
    c:\users\zoe\appdata\local\{CCB7E820-643C-42A4-AE14-EA4A78EBB17B}
    c:\users\zoe\appdata\local\{104EF150-E5FF-482D-B241-494165759062}
    c:\users\zoe\appdata\local\{EC169B0B-B9C9-4833-8AA0-882B24F7D11B}
    c:\users\zoe\appdata\local\{E98E9CD3-ACFD-4686-82D1-EE28D3A52540}
    c:\users\zoe\appdata\local\{A0133E41-DA00-46C0-A52C-1E14D8C2F1B7}
    c:\users\zoe\appdata\local\{434804DF-6580-45AE-B40B-0702B2EC2257}
    c:\users\zoe\appdata\local\{367CB68F-395C-45B2-B9A7-81E34CCA7DE3}
    c:\users\zoe\appdata\local\{96ECE04B-9CB0-4D6E-BDED-B00DC3628211}
    c:\users\zoe\appdata\local\{DEC66BFD-0A12-4D44-B6E2-1707C2CE8866}
    c:\users\zoe\appdata\local\{F0402290-8AAF-4EE3-B1EC-98C97BEB9046}
    c:\users\zoe\appdata\local\{8874EA0C-A7B7-4522-8A4A-9AE2EB436410}
    c:\users\zoe\appdata\local\{8886B1B2-EF9A-4B2A-916F-0897A2621A5E}
    c:\users\zoe\appdata\local\{E5AD17D5-FBF7-4538-A175-CA00DF58FFAF}
    c:\users\zoe\appdata\local\{ED3B9CF7-F615-48FF-BF97-27853FCCE16E}
    c:\users\zoe\appdata\local\{1ECBA6FF-7862-4629-96EA-559E9EA2E153}
    c:\users\zoe\appdata\local\{E3CCAF43-FF36-4161-A23C-180AF6D74E48}
    c:\users\zoe\appdata\local\{266CEF0F-2C1E-4035-8048-E7CE2A39659C}
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. System look log (note that this log might be too long to fit into a post you can split the results into multiple post if it happens)
  3. MGA Diagnostic Tool Log
  4. How is the computer behaving?
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Redirection Virus

Unread postby Raskolnikov » August 22nd, 2011, 1:53 am

Thanks, the system restore function worked after I turned the..system protection or whatever on for the C: drive.

Here's what I got from Systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:41 on 22/08/2011 by Zoe
Administrator - Elevation successful

========== dir ==========

c:\users\zoe\appdata\local\{D0FDE71E-F17B-4E93-8D3A-692D862102E0} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{838A7887-7C37-4EC3-973E-C569C9B68A14} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\program files\HighjackThis - Parameters: "(none)"

---Files---
None found.

---Folders---
Trend Micro d------ [16:45 12/08/2011]

C:\!KillBox - Parameters: "(none)"

---Files---
None found.

---Folders---
Logs dr----- [16:05 12/08/2011]

c:\users\zoe\appdata\local\{F7527933-EA43-4E1D-A1D8-750CFC65D73B} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{A54E48CC-9131-4667-AA2A-6D27B6592C0F} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{CA836C4E-F418-4389-959F-DB48B24638C3} - Parameters: "(none)"

---Files---
chrome.manifest --a---- 122 bytes [08:41 12/08/2011] [08:41 12/08/2011]
install.rdf --a---- 764 bytes [08:41 12/08/2011] [08:41 12/08/2011]

---Folders---
chrome d------ [08:41 12/08/2011]

c:\users\zoe\appdata\local\{EF3FD35F-E8AA-49CD-9F95-96C9E2131F13} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{BFEF1610-C05A-419E-B3CE-1EA2192BB68D} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{18BFDD37-775A-415D-B518-41905519CF6B} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{2DF35316-4233-4520-AC37-63E980DA2369} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{DE9CE08F-E292-41CA-BB34-62B4909D0D66} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{356568C4-2BC5-4F3F-ABED-B011AB1F4EA8} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{01A4559B-DE5E-4BA3-AAC8-6B724CAA0BF8} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{1979C396-32BF-4B22-ADB6-67A020204D13} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{56834C27-0ABD-4971-9575-81CC47587D39} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{65329A6D-D549-4C35-A6D9-F3E57D5522D2} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{1FB02B90-0164-4554-A73D-6AE05FB209BD} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{FA963413-E2D8-4B66-8846-C7E26BB85FE1} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{5E55A6E5-8880-48C8-8A75-97C050EBB2C5} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{86F1C275-61EF-4447-98F5-AC6738F99585} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{15B469A3-F451-41D2-B57C-B224BB29AF12} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{FCD7B2D2-6102-49E2-87C0-21AFCF0F9B98} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{8E0688BA-D3E7-402E-AF71-F8081F25781D} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{B1AF41D6-4E05-4ADF-8AB0-C6350DFA07D4} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{58523C80-D950-4F51-9F66-7F4F7E712F42} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{05EECF92-55D1-4E54-AEFA-46059EAC2585} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{C8448456-5E24-413C-A567-21014ECCD874} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{D97D916A-53F2-4893-8E8E-612049C0A303} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{CCB7E820-643C-42A4-AE14-EA4A78EBB17B} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{104EF150-E5FF-482D-B241-494165759062} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{EC169B0B-B9C9-4833-8AA0-882B24F7D11B} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{E98E9CD3-ACFD-4686-82D1-EE28D3A52540} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{A0133E41-DA00-46C0-A52C-1E14D8C2F1B7} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{434804DF-6580-45AE-B40B-0702B2EC2257} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{367CB68F-395C-45B2-B9A7-81E34CCA7DE3} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{96ECE04B-9CB0-4D6E-BDED-B00DC3628211} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{DEC66BFD-0A12-4D44-B6E2-1707C2CE8866} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{F0402290-8AAF-4EE3-B1EC-98C97BEB9046} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{8874EA0C-A7B7-4522-8A4A-9AE2EB436410} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{8886B1B2-EF9A-4B2A-916F-0897A2621A5E} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{E5AD17D5-FBF7-4538-A175-CA00DF58FFAF} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{ED3B9CF7-F615-48FF-BF97-27853FCCE16E} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{1ECBA6FF-7862-4629-96EA-559E9EA2E153} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{E3CCAF43-FF36-4161-A23C-180AF6D74E48} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

c:\users\zoe\appdata\local\{266CEF0F-2C1E-4035-8048-E7CE2A39659C} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-

And here's the MGA Diagnostic Tool log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {FE0904FF-CFC2-4741-A59E-54F0EE64A897}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FE0904FF-CFC2-4741-A59E-54F0EE64A897}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-856298439-158120997-17277159</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7388</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.6</Version><SMBIOSVersion major="2" minor="5"/><Date>20080423000000.000000+000</Date></BIOS><HWID>092A3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mitteleuropäische Zeit(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Softwarelizenzierungsdienst-Version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Beschreibung: Windows Operating System - Windows(R) 7, OEM_SLP channel
Aktivierungs-ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 00426-00178-926-600006-02-1033-7600.0000-0312011
Installations-ID: 022251578845912845454256485704866396360205076630863265
Prozessorzertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=88338
Computerzertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=88339
Lizenz-URL verwenden: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key-Zertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=88340
Teil-Product Key: HYRR2
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 4
Vertrauenswürdige Zeit: 8/22/2011 7:44:50 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQADAAAAAQABAAEAJJRsUUwYkKa4kRYO+kfu5lqqd/Ya7IJ0nw0oTcj0

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 042308 APIC0834
FACP 042308 FACP0834
HPET 042308 OEMHPET
MCFG 042308 OEMMCFG
OEMB 042308 OEMB0834
SSDT A M I POWERNOW
SLIC _ASUS_ Notebook

The computer has been behaving normally, Avira didn't even mention a virus lately, although during start-up I often get a message from it saying that "The Profile could not be loaded". Also my internet connection has been rather odd, one day it started bugging and since then it doesn't work unless I restart it with the internet cable unplugged. I then need to wait until it's done starting up and when I plug it back in it works perfectly normally.
Raskolnikov
Active Member
 
Posts: 5
Joined: August 12th, 2011, 1:43 pm

Re: Redirection Virus

Unread postby Wingman » August 22nd, 2011, 5:40 pm

Cracked or Illegal Software

It has been determined that your version of Windows is not legal. Using an illegal version of Windows prevents you from obtaining the proper updates to help keep your system secure and helps to spread of malware. It is highly unlikely that any other reputable malware removal site will offer you assistance until you remove the illegal software and install a legal version of Windows.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware