Google Redirect and lots of other issues

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Google Redirect and lots of other issues

#1 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 19 January 2010 - 11:44 PM

I few weeks ago i got hit Google results being redirected to directdr.com. Now the problem seems to have escallated .then today I got hit today with a fake antivirus warning. My Mozilla home page seemed to have changed and now i'm having issues closing my Safari windows. now my paste function seems to have been disabled so i'm not able to post my log files. please help.

#2 emeraldnzl

Group: GeekU Moderator
Posts: 14,623
Joined: 19-November 07

Posted 20 January 2010 - 12:33 AM

Hello thatbklyngirl,

Welcome to Geekstogo.

Quite a bit to do in this post but if you just take it step by step you should be fine. Let me know if you run into problems anywhere.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Step 2

Download Kenco.exe to your desktop

Close all windows and run the program
It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

Step 3

Please download GooredFix and save it to your Desktop.

Double-click Goored.exe to run it.
It will automatically remove any infection it finds.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Moving on

With these ones if your paste function won't work do this:

Try copying and pasting this way:

Highlight the text and then copy (Ctrl +C) and paste (Ctrl +V). If you can't use your mouse to highlight use Ctrl +A.

If you are still having difficulties come back and tell me.

Now

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post
Exehelper log
Kenco log
GooredFix.txt
MBAM log
the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

#3 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 03:05 PM

okay i will sart

#4 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 03:16 PM

exeHelper by Raktor
Build 20091220
Run at 16:10:22 on 01/20/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091220
Run at 16:14:32 on 01/20/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#5 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 03:20 PM

thanks for your help.

Kenco by jpshortstuff (31.12.09.1)
Log created at 16:18 on 20/01/2010 (Emmy Lou)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
AppleSoftwareUpdate.job -> [16:19 07/11/2009] 284 bytes

-=E.O.F=-

#6 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 03:22 PM

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:22 on 20/01/2010 (Emmy Lou)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:24 05/10/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [04:00 26/10/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [12:34 18/12/2009]

C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\
requestpolicy@requestpolicy.com [16:14 28/11/2009]
twitternotifier@naan.net [12:10 23/12/2009]
{3205B348-523A-4fac-9BC4-9939CBF583B0} [16:58 10/01/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [16:14 28/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [12:34 18/12/2009]

-=E.O.F=-

#7 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 03:43 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3604
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/20/2010 4:41:52 PM
mbam-log-2010-01-20 (16-41-52).txt

Scan type: Quick Scan
Objects scanned: 129081
Time elapsed: 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 04:29 PM

OTL logfile created on: 1/20/2010 5:03:31 PM - Run 3
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Emmy Lou\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.04 Gb Total Space | 28.95 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Drive D: | 98.00 Gb Total Space | 97.89 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMMYNYC
Current User Name: Emmy Lou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Emmy Lou\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfNavi.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Emmy Lou\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...N&bmod=SMSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gmail.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/18 07:34:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 11:33:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/31 11:38:09 | 00,000,000 | ---D | M]

[2009/10/05 10:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Extensions
[2009/10/05 10:27:59 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/10 11:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions
[2010/01/10 11:58:50 | 00,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2009/11/28 11:14:03 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/28 11:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\requestpolicy@requestpolicy.com
[2009/12/23 07:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\twitternotifier@naan.net
[2010/01/20 16:05:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 10:23:34 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/25 23:00:19 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/12/18 07:34:43 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/08 10:23:28 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 10:23:28 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/18 07:34:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 19:47:38 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/08 10:23:31 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/11/07 11:22:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/07 11:22:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/07 11:22:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/07 11:22:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/07 11:22:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/07 11:22:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/07 11:22:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/31 08:51:57 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/31 08:51:57 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/31 08:51:57 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/31 08:51:57 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/31 08:51:57 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/31 08:51:57 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/31 08:51:57 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2001/08/23 10:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Emmy Lou\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.9.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {685f7e63-6c55-415e-9bfc-9ca5f11fdf09} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emmy Lou\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009/04/01 20:55:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 16:30:50 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emmy Lou\Desktop\OTL.exe
[2010/01/20 16:22:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\Desktop\GooredFix Backups
[2010/01/20 16:17:43 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Emmy Lou\Desktop\GooredFix.exe
[2010/01/20 16:17:20 | 00,044,567 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Emmy Lou\Desktop\Kenco.exe
[2010/01/20 13:38:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\Application Data\Facebook
[2010/01/19 23:47:14 | 00,000,000 | ---D | C] -- C:\WAB
[2010/01/19 23:47:14 | 00,000,000 | ---D | C] -- C:\Address book
[2010/01/19 20:30:16 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/19 19:35:23 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/01/19 19:28:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/19 19:27:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/19 19:24:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2010/01/19 19:19:37 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emmy Lou\Desktop\TFC.exe
[2010/01/19 17:30:57 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emmy Lou\Desktop\mbam-setup.exe
[2010/01/14 10:06:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/11 13:44:38 | 00,121,344 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l083.dll
[2010/01/11 13:43:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/01/11 13:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/01/11 13:42:12 | 00,021,568 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2010/01/11 13:42:09 | 00,016,496 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2010/01/11 13:42:05 | 00,049,920 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2010/01/11 13:42:03 | 00,271,704 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/01/11 13:42:00 | 00,598,016 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_d02a.dll
[2010/01/11 13:42:00 | 00,372,736 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/01/11 13:42:00 | 00,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_d02a.dll
[2010/01/11 13:41:59 | 00,737,280 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_d02a.dll
[2010/01/11 13:41:40 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/01/11 13:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2010/01/11 10:46:11 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/01/10 16:12:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\Application Data\Apple Computer
[2010/01/10 16:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/01/10 16:07:28 | 29,635,880 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2010/01/07 00:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\Application Data\WinRAR
[2010/01/07 00:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/12/31 19:35:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2009/12/31 11:39:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\Application Data\DivX
[2009/12/31 11:38:06 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/12/31 11:38:06 | 00,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/12/31 11:38:06 | 00,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/12/31 11:38:06 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/12/31 11:38:06 | 00,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/12/31 11:38:06 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/12/31 11:38:06 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/12/31 11:38:06 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/12/31 11:38:06 | 00,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/12/31 11:38:06 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/12/31 11:38:06 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/12/31 11:38:06 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/12/31 11:38:06 | 00,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/12/31 11:38:06 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/12/31 11:38:06 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/12/31 11:37:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/12/31 11:37:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Emmy Lou\My Documents\My Videos
[2009/12/31 11:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/12/31 10:07:46 | 23,804,080 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Emmy Lou\My Documents\DivXInstaller.exe
[2009/12/29 10:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Emmy Lou\My Documents\2010 Summer Sizzle
[2009/12/25 11:46:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Emmy Lou\My Documents\Christmas MZX
[2009/12/25 10:04:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/29 21:54:48 | 01,992,792 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\TrendMicroDownloaderTIS.exe
[2009/11/29 20:56:57 | 92,704,656 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\TIS_17_5_en-US_32-bit.exe
[2009/11/29 19:11:41 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/11/29 16:24:57 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup226.exe
[2009/11/29 12:27:00 | 09,429,952 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.1.exe
[2009/11/10 10:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/10 10:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/11/07 11:13:59 | 32,441,648 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/10/30 20:14:25 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/10/30 19:50:24 | 01,848,336 | ---- | C] (Trend Micro) -- C:\Program Files\HousecallLauncher.exe
[2009/10/30 19:45:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThisInstaller.exe
[2009/10/26 00:40:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2009/10/25 22:57:31 | 02,025,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/10/05 10:17:24 | 08,067,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.3.exe
[2009/04/01 20:58:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/01 20:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/01 20:58:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/01 20:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/20 14:57:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 14:57:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 14:57:39 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 13:02:05 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/20 03:11:22 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Emmy Lou\NTUSER.DAT
[2010/01/20 03:11:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Emmy Lou\ntuser.ini
[2010/01/20 00:04:39 | 00,000,476 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\rkill.reg
[2010/01/20 00:04:38 | 00,236,544 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\pev.exe
[2010/01/19 20:17:37 | 06,477,342 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\kampeansamV1.pdf
[2010/01/19 19:35:43 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/01/19 19:31:11 | 00,293,376 | ---- | M] () -- C:\Program Files\ghip9enn.exe
[2010/01/19 19:27:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\NTREGOPT.lnk
[2010/01/19 19:24:34 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2010/01/19 19:19:28 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emmy Lou\Desktop\TFC.exe
[2010/01/19 19:08:48 | 06,477,342 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Untitled-2.pdf
[2010/01/19 19:07:50 | 00,172,267 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\WEBONLYKAMPE.png
[2010/01/19 18:47:58 | 06,420,814 | -H-- | M] () -- C:\Documents and Settings\Emmy Lou\Local Settings\Application Data\IconCache.db
[2010/01/19 17:43:53 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 17:30:52 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emmy Lou\Desktop\mbam-setup.exe
[2010/01/19 17:25:06 | 00,012,314 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/19 17:22:37 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\rkill.com
[2010/01/19 12:14:42 | 00,086,496 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-FLYER FINAL.jpg
[2010/01/19 02:05:19 | 00,081,959 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-ANSAM-flyer.jpg
[2010/01/18 18:51:37 | 00,070,241 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\halle.jpg
[2010/01/18 18:50:01 | 00,075,622 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\halle-berry-3.jpg
[2010/01/18 16:50:21 | 00,544,069 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-FLYER.jpg
[2010/01/18 14:58:37 | 00,103,661 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-ANSAM-LOGO.jpg
[2010/01/17 21:22:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/17 17:02:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 11:02:30 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emmy Lou\Desktop\OTL.exe
[2010/01/14 10:44:28 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Kampe.doc
[2010/01/13 03:05:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 18:06:05 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Bills Paid this week.xls
[2010/01/11 14:05:25 | 00,130,300 | ---- | M] () -- C:\WINDOWS\hpoins37.dat
[2010/01/11 13:40:01 | 00,257,962 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\PO Box Form To Print.pdf
[2010/01/11 10:57:17 | 37,134,592 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\DJ_AIO_05_F4400_NonNet_Basic_Win_enu_130_162.exe
[2010/01/11 10:37:20 | 00,129,582 | ---- | M] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/01/10 16:13:19 | 00,016,332 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 16:08:27 | 29,635,880 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2010/01/10 12:47:12 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 23:54:57 | 00,007,553 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\small1.jpg
[2010/01/08 14:28:05 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Emmy Lou\Desktop\GooredFix.exe
[2010/01/08 10:04:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 01:30:11 | 00,016,504 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/04 13:56:26 | 00,170,921 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Elouis chosen_intake_form-101308.pdf
[2010/01/03 20:15:39 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Wedding Guest.xls
[2010/01/03 20:14:52 | 00,002,694 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\Mailling Address.odb
[2010/01/03 01:09:55 | 01,312,979 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\bookmarks01032010.html
[2010/01/02 21:38:45 | 00,079,656 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\gala.pdf
[2010/01/02 21:08:58 | 00,869,439 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\NHHRCompRmUpgradeExpDec2010-1.pdf
[2009/12/31 11:38:11 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/31 11:37:58 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/31 11:37:14 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\DivX Movies.lnk
[2009/12/31 10:25:57 | 00,044,567 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Emmy Lou\Desktop\Kenco.exe
[2009/12/31 09:55:42 | 23,804,080 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Emmy Lou\My Documents\DivXInstaller.exe
[2009/12/31 09:47:52 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part6.rar
[2009/12/31 09:47:43 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part7.rar
[2009/12/31 09:47:23 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part5.rar
[2009/12/31 09:44:43 | 33,074,720 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part8.rar
[2009/12/31 09:41:46 | 67,860,8896 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\crush grove 2-mija.avi
[2009/12/31 09:37:57 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part4.rar
[2009/12/31 09:29:54 | 73,336,6272 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\crush grove 1-mija.avi
[2009/12/31 09:28:50 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part3.rar
[2009/12/31 09:20:35 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part2.rar
[2009/12/31 09:19:46 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part1.rar
[2009/12/25 08:28:09 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Emmy Lou\Desktop\Windows Media Player.lnk
[2009/12/22 12:40:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010/01/20 16:13:51 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\exeHelper.com
[2010/01/20 16:08:38 | 00,000,414 | ---- | C] () -- C:\Program Files\exehelperlog.txt
[2010/01/20 16:08:33 | 00,290,816 | ---- | C] () -- C:\Program Files\exeHelper.com
[2010/01/20 15:52:25 | 00,056,578 | ---- | C] () -- C:\Program Files\OTLrev.Txt
[2010/01/20 00:04:39 | 00,000,476 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\rkill.reg
[2010/01/20 00:04:38 | 00,236,544 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\pev.exe
[2010/01/19 21:09:30 | 00,036,754 | ---- | C] () -- C:\Program Files\Extras.Txt
[2010/01/19 21:09:05 | 00,058,730 | ---- | C] () -- C:\Program Files\OTL.Txt
[2010/01/19 20:18:05 | 06,477,342 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\kampeansamV1.pdf
[2010/01/19 19:31:16 | 00,293,376 | ---- | C] () -- C:\Program Files\ghip9enn.exe
[2010/01/19 19:27:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\NTREGOPT.lnk
[2010/01/19 19:08:47 | 06,477,342 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Untitled-2.pdf
[2010/01/19 19:08:25 | 00,172,267 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\WEBONLYKAMPE.png
[2010/01/19 17:25:06 | 00,012,314 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/19 17:22:58 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\rkill.com
[2010/01/19 12:13:17 | 00,086,496 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-FLYER FINAL.jpg
[2010/01/19 02:05:18 | 00,081,959 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-ANSAM-flyer.jpg
[2010/01/18 18:51:36 | 00,070,241 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\halle.jpg
[2010/01/18 18:50:00 | 00,075,622 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\halle-berry-3.jpg
[2010/01/18 16:50:29 | 00,544,069 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-FLYER.jpg
[2010/01/18 14:58:50 | 00,103,661 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\KAMPE-ANSAM-LOGO.jpg
[2010/01/14 09:44:01 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Kampe.doc
[2010/01/11 17:40:51 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Bills Paid this week.xls
[2010/01/11 13:40:01 | 00,257,962 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\PO Box Form To Print.pdf
[2010/01/11 13:19:44 | 00,129,582 | ---- | C] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/01/11 13:19:44 | 00,000,565 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/01/11 10:50:57 | 37,134,592 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\DJ_AIO_05_F4400_NonNet_Basic_Win_enu_130_162.exe
[2010/01/11 10:37:18 | 00,001,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/11 10:37:17 | 00,130,300 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/11 10:37:17 | 00,000,565 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/01/10 16:13:19 | 00,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 16:12:26 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/09 23:54:57 | 00,007,553 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\small1.jpg
[2010/01/04 13:56:26 | 00,170,921 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Elouis chosen_intake_form-101308.pdf
[2010/01/03 17:59:46 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Wedding Guest.xls
[2010/01/03 09:22:16 | 00,002,694 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\Mailling Address.odb
[2010/01/03 01:09:51 | 01,312,979 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\bookmarks01032010.html
[2010/01/02 21:38:45 | 00,079,656 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\gala.pdf
[2010/01/02 21:08:58 | 00,869,439 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\NHHRCompRmUpgradeExpDec2010-1.pdf
[2009/12/31 11:38:11 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/31 11:37:58 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/31 11:37:13 | 00,001,478 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Desktop\DivX Movies.lnk
[2009/12/31 11:36:11 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 10:07:48 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part1.rar
[2009/12/31 10:07:41 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part6.rar
[2009/12/31 10:07:35 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part7.rar
[2009/12/31 10:07:29 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part5.rar
[2009/12/31 10:07:27 | 33,074,720 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part8.rar
[2009/12/31 10:06:57 | 67,860,8896 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\crush grove 2-mija.avi
[2009/12/31 10:05:30 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part4.rar
[2009/12/31 10:05:00 | 73,336,6272 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\crush grove 1-mija.avi
[2009/12/31 10:04:55 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part3.rar
[2009/12/31 10:04:50 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\My Documents\The.Barack.Obama.Story.YES.WE.CAN.2008.BlackVinta.part2.rar
[2009/12/18 07:18:50 | 15,748,4384 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/29 11:56:36 | 00,144,648 | ---- | C] () -- C:\Program Files\SupportBridge.remoteassist.ca.com.443.supportbridge.$.exe
[2009/11/28 10:20:13 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\JDHawk_KBD.ini
[2009/10/30 19:50:52 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Emmy Lou\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:25:50 | 00,000,326 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/25 18:15:41 | 00,339,257 | ---- | C] () -- C:\Program Files\CleanUp452.exe
[2009/10/05 09:26:34 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Emmy Lou_KBD.ini
[2009/05/18 11:47:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/01 21:07:34 | 00,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/04/01 21:07:28 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/04/01 21:07:28 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/04/01 21:07:26 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/04/01 21:07:25 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/04/01 21:07:25 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/04/01 21:07:25 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/04/01 21:07:25 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/04/01 21:07:25 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/04/01 21:07:25 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/04/01 21:07:25 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/04/01 21:07:25 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/04/01 21:07:25 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/04/01 21:07:25 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/04/01 21:07:25 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/04/01 21:07:25 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/04/01 21:07:25 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/04/01 21:07:25 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/04/01 21:07:25 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/04/01 21:07:25 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/04/01 21:05:17 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/04/01 21:05:17 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/04/01 21:02:02 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/01 20:59:34 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/04/01 19:35:06 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/09/17 13:20:08 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/11/28 11:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/11/29 20:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/10/30 19:49:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2009/04/01 21:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2010/01/20 13:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\Facebook
[2009/12/18 07:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Emmy Lou\Application Data\OpenOffice.org

========== Purity Check ==========

< End of report >

#9 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 20 January 2010 - 06:51 PM

OLT did not generate a 2nd log called extra

#10 emeraldnzl

Group: GeekU Moderator
Posts: 14,623
Joined: 19-November 07

Posted 20 January 2010 - 09:30 PM

Hello thatbklyngirl,

Quote

OLT did not generate a 2nd log called extra

Unless told otherwise it will only generate an Extras log on the first run. That one was the 3rd.

Now

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix if they are still on your machine.

Download a new version of ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without asupervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#11 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 21 January 2010 - 09:31 AM

ComboFix 10-01-20.05 - Emmy Lou 01/21/2010 10:17:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.687 [GMT -5:00]
Running from: c:\documents and settings\Emmy Lou\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hosts
c:\program files\Java\jre6\bin\jucheck.exe
c:\recycler\S-1-5-21-789336058-1532298954-527237240-1003
c:\windows\msetup
c:\windows\msetup\MSetup.exe
c:\windows\system32\18467.exe
c:\windows\system32\service
c:\windows\system32\service\31122009_TIS17_SfFniAU.log

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 21:08 . 2009-12-20 01:56 290816 ----a-w- c:\program files\exeHelper.com
2010-01-20 18:38 . 2010-01-20 18:38 50354 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Facebook\uninstall.exe
2010-01-20 18:38 . 2010-01-20 18:38 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\Facebook
2010-01-20 05:38 . 2010-01-20 05:38 -------- d-----w- c:\documents and settings\JDHawk\Local Settings\Application Data\Mozilla
2010-01-20 04:47 . 2010-01-20 04:47 -------- d-----w- C:\WAB
2010-01-20 04:47 . 2010-01-20 04:47 -------- d-----w- C:\Address book
2010-01-20 01:30 . 2010-01-20 01:30 -------- d-----w- C:\_OTL
2010-01-20 00:35 . 2010-01-20 00:35 547328 ----a-w- c:\program files\OTL.exe
2010-01-20 00:31 . 2010-01-20 00:31 293376 ----a-w- c:\program files\ghip9enn.exe
2010-01-20 00:27 . 2010-01-20 00:27 -------- d-----w- c:\program files\ERUNT
2010-01-20 00:24 . 2010-01-20 00:24 791393 ----a-w- c:\program files\erunt_setup.exe
2010-01-18 19:26 . 2010-01-18 19:26 593920 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll
2010-01-18 19:26 . 2010-01-18 19:26 319488 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-01-18 01:07 . 2010-01-20 05:39 -------- d-sh--w- c:\documents and settings\JDHawk\PrivacIE
2010-01-18 01:06 . 2010-01-18 23:39 -------- d-sh--w- c:\documents and settings\JDHawk\IETldCache
2010-01-11 18:44 . 2008-10-06 20:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2010-01-11 18:44 . 2008-10-06 20:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\program files\Common Files\HP
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-11 18:42 . 2008-10-29 00:31 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-01-11 18:42 . 2008-10-29 00:31 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-01-11 18:42 . 2008-10-29 00:31 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-01-11 18:42 . 2008-10-30 08:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-01-11 18:42 . 2008-10-30 08:37 598016 ----a-w- c:\windows\system32\hpost_d02a.dll
2010-01-11 18:42 . 2008-10-30 08:37 307200 ----a-w- c:\windows\system32\hposc_d02a.dll
2010-01-11 18:42 . 2008-10-29 00:31 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-01-11 18:41 . 2008-10-30 08:37 737280 ----a-w- c:\windows\system32\hposwia_d02a.dll
2010-01-11 18:41 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-11 18:41 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-11 18:38 . 2010-01-11 18:42 -------- d-----w- c:\program files\HP
2010-01-11 15:46 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-11 15:46 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-11 15:37 . 2010-01-11 19:05 130300 ----a-w- c:\windows\hpoins37.dat
2010-01-11 15:37 . 2009-07-09 04:17 565 ------w- c:\windows\hpomdl37.dat
2010-01-10 21:13 . 2010-01-10 21:13 16332 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-10 21:12 . 2010-01-10 21:12 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\Apple Computer
2010-01-10 21:12 . 2010-01-10 21:12 -------- d-----w- c:\program files\Safari
2010-01-10 21:07 . 2010-01-10 21:08 29635880 ----a-w- c:\program files\SafariSetup.exe
2009-12-31 16:39 . 2009-12-31 16:39 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\DivX
2009-12-31 16:37 . 2009-12-31 16:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-31 16:37 . 2009-12-31 16:38 -------- d-----w- c:\program files\DivX
2009-12-25 17:03 . 2010-01-10 02:51 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-12-25 15:04 . 2010-01-10 02:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-25 15:04 . 2009-12-25 15:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-23 12:10 . 2009-08-25 06:30 13312 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 21:25 . 2009-11-30 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 21:24 . 2009-12-07 15:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 21:17 . 2010-01-20 20:52 56578 ----a-w- c:\program files\OTLrev.Txt
2010-01-20 21:08 . 2010-01-20 21:08 414 ----a-w- c:\program files\exehelperlog.txt
2010-01-20 06:22 . 2010-01-20 02:09 58730 ----a-w- c:\program files\OTL.Txt
2010-01-20 04:48 . 2010-01-20 02:09 36754 ----a-w- c:\program files\Extras.Txt
2010-01-18 02:22 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-14 15:42 . 2009-12-18 12:40 1 ----a-w- c:\documents and settings\Emmy Lou\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-14 06:28 . 2009-10-26 04:02 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\Skype
2010-01-14 05:04 . 2009-10-26 04:03 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\skypePM
2010-01-07 21:07 . 2009-11-30 19:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-30 19:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 06:30 . 2009-11-28 15:03 16504 ----a-w- c:\documents and settings\Emmy Lou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 12:39 . 2009-12-18 12:39 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\OpenOffice.org
2009-12-18 12:35 . 2009-12-18 12:35 -------- d-----w- c:\program files\JRE
2009-12-18 12:35 . 2009-12-18 12:35 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-18 12:34 . 2009-12-18 12:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-18 12:34 . 2009-04-02 01:59 -------- d-----w- c:\program files\Java
2009-12-18 12:29 . 2009-12-18 12:18 157484384 ----a-w- c:\program files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Emmy Lou\Application Data\Facebook\npfbplugin_1_0_0.dll
2009-12-03 23:20 . 2009-12-03 23:20 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-03 23:19 . 2009-12-03 23:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-03 23:19 . 2009-12-03 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-03 23:10 . 2009-12-03 23:10 117760 ----a-w- c:\documents and settings\Emmy Lou\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-03 23:09 . 2009-12-03 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-03 23:07 . 2009-12-03 23:07 -------- d-----w- c:\documents and settings\Emmy Lou\Application Data\SUPERAntiSpyware.com
2009-12-03 23:07 . 2009-12-03 23:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 15:29 . 2009-11-30 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-11-30 15:11 . 2009-10-31 00:46 -------- d-----w- c:\program files\Trend Micro
2009-11-30 15:05 . 2009-11-30 15:05 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-11-30 15:05 . 2009-11-30 15:05 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-30 15:05 . 2009-11-30 15:05 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-30 15:05 . 2009-11-30 15:11 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-30 15:05 . 2009-11-30 15:11 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-30 15:05 . 2009-11-30 15:11 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-30 15:05 . 2009-11-30 15:05 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-30 15:05 . 2009-11-30 15:05 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-30 14:47 . 2009-11-30 14:47 -------- d-----w- c:\program files\ShowMyPCService
2009-11-30 02:56 . 2009-11-30 02:56 -------- d-----w- c:\program files\TrendMicroDownloaderTIS
2009-11-30 02:54 . 2009-11-30 02:54 1992792 ----a-w- c:\program files\TrendMicroDownloaderTIS.exe
2009-11-30 02:08 . 2009-10-26 05:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 02:07 . 2009-10-26 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 02:02 . 2009-11-30 02:02 -------- d-----w- c:\program files\TIS_17_5_en-US_32-bit
2009-11-30 01:59 . 2009-11-30 01:56 92704656 ----a-w- c:\program files\TIS_17_5_en-US_32-bit.exe
2009-11-30 01:16 . 2009-11-29 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-11-30 00:38 . 2009-11-30 00:09 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2009-11-30 00:11 . 2009-11-30 00:11 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-11-30 00:09 . 2009-11-30 00:09 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2009-11-29 21:47 . 2009-11-29 21:47 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 21:26 . 2009-11-29 21:26 -------- d-----w- c:\program files\CCleaner
2009-11-29 21:24 . 2009-11-29 21:24 3326576 ----a-w- c:\program files\ccsetup226.exe
2009-11-29 17:27 . 2009-11-29 17:27 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe
2009-11-29 16:56 . 2009-11-29 16:56 144648 ----a-w- c:\program files\SupportBridge.remoteassist.ca.com.443.supportbridge.$.exe
2009-11-29 13:25 . 2009-11-29 13:24 149629032 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\D1762E8080D804DC06E5D45074F16408.exe
2009-11-28 16:56 . 2009-11-28 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-11-28 15:45 . 2009-11-28 15:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-28 15:20 . 2009-11-28 15:20 -------- d-----w- c:\documents and settings\JDHawk\Application Data\Malwarebytes
2009-11-28 14:55 . 2009-04-02 02:05 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2009-04-02 00:34 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2009-12-31 16:38 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-12-31 16:38 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-12-31 16:38 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-12-31 16:38 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-12-31 16:38 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-31 16:38 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 16:14 . 2009-11-07 16:13 32441648 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-11-06 02:16 . 2009-11-06 02:16 73728 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-05 22:51 . 2009-11-29 23:52 422912 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client.dll
2009-11-05 22:51 . 2009-11-29 23:52 29696 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client_rc.dll
2009-11-05 22:50 . 2009-11-29 23:52 359424 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.ART.Client.dll
2009-11-05 22:50 . 2009-11-29 23:52 18432 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.ART.Client_rc.dll
2009-11-05 22:47 . 2009-11-29 22:01 546816 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client.dll
2009-11-05 22:47 . 2009-11-29 22:01 22016 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client_rc.dll
2009-11-05 22:47 . 2009-11-29 21:29 70920 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer_rc.dll
2009-11-05 22:46 . 2009-11-29 21:29 627464 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer.exe
2009-11-05 22:46 . 2009-11-29 21:29 603400 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Controller.exe
2009-11-05 22:46 . 2009-11-29 21:29 357640 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2009-11-05 22:46 . 2009-11-29 21:29 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2009-10-31 01:14 . 2009-10-31 01:14 4045528 ----a-w- c:\program files\mbam-setup.exe
2009-10-31 00:50 . 2009-10-31 00:50 1848336 ----a-w- c:\program files\HousecallLauncher.exe
2009-10-31 00:45 . 2009-10-31 00:45 812344 ----a-w- c:\program files\HijackThisInstaller.exe
2009-10-29 07:45 . 2009-04-02 00:34 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 05:40 . 2009-10-26 05:40 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-10-26 04:03 . 2009-10-26 04:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-26 03:57 . 2009-10-26 03:57 2025768 ----a-w- c:\program files\SkypeSetup.exe
2009-10-25 23:15 . 2009-10-25 23:15 339257 ----a-w- c:\program files\CleanUp452.exe
2009-10-05 15:17 . 2009-10-05 15:17 8067224 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-11-30 1020248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-18 149280]

c:\documents and settings\Emmy Lou\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SamsungWInClon]
c:\program files\Samsung\Samsung Recovery Solution III\WCScheduler [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-02 02:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-28 18:34 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [4/1/2009 8:59 PM 4300]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/30/2009 10:05 AM 36368]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/30/2009 10:05 AM 339984]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [11/30/2009 10:11 AM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/30/2009 10:11 AM 689416]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [4/1/2009 9:03 PM 238464]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/30/2009 10:11 AM 50704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - component: c:\documents and settings\Emmy Lou\Application Data\Mozilla\Firefox\Profiles\qvrgxeqz.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Emmy Lou\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SharedTaskScheduler-{685f7e63-6c55-415e-9bfc-9ca5f11fdf09} - (no file)
SafeBoot-MCODS
MSConfigStartUp-gshhqued - c:\documents and settings\Emmy Lou\Local Settings\Application Data\ctyipg\rvprsysguard.exe
MSConfigStartUp-movuvodit - c:\windows\system32\majudusu.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 10:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2010-01-21 10:28:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 15:28

Pre-Run: 30,763,986,944 bytes free
Post-Run: 30,739,496,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 155CD12E934998E7C0B0CA4476393045

#12 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 21 January 2010 - 09:54 AM

links are still being redirected

#13 emeraldnzl

Group: GeekU Moderator
Posts: 14,623
Joined: 19-November 07

Posted 21 January 2010 - 01:44 PM

Hello thatbklyngirl,

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

C:\Program Files\ghip9enn.exe

Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#14 thatbklyngirl

Group: Member
Posts: 14
Joined: 19-January 10

Posted 22 January 2010 - 09:39 AM

thank you

VirSCAN.org Scanned Report :
Scanned time : 2010/01/15 09:51:20 (EST)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name : u36wc6qm.exe
File Size : 293376 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
Online report : http://virscan.org/report/483e3bc3f7510333...e0ce0be309.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100115223500 2010-01-15 40.13 -
AhnLab V3 2010.01.15.00 2010.01.15 2010-01-15 40.13 -
AntiVir 8.2.1.142 7.10.2.197 2010-01-15 0.48 -
Antiy 2.0.18 20100112.3695772 2010-01-12 0.02 -
Arcavir 2009 201001150101 2010-01-15 0.24 -
Authentium 5.1.1 201001151138 2010-01-15 3.03 -
AVAST! 4.7.4 100115-0 2010-01-15 0.08 -
AVG 8.5.288 270.14.142/2623 2010-01-15 2.01 -
BitDefender 7.81008.4857325 7.29893 2010-01-15 4.28 -
CA (VET) 35.1.0 7237 2010-01-14 40.12 -
ClamAV 0.95.2 10301 2010-01-15 0.18 -
Comodo 3.13.579 3409 2010-01-15 40.12 -
CP Secure 1.3.0.5 2010.01.14 2010-01-14 0.18 -
Dr.Web 4.44.0.9170 2010.01.15 2010-01-15 8.74 -
F-Prot 4.4.4.56 20100114 2010-01-14 3.10 -
F-Secure 7.02.73807 2010.01.15.08 2010-01-15 0.55 -
Fortinet 11.375- 11.375 2010-01-15 40.13 -
GData 19.9979/19.677 20100115 2010-01-15 40.12 -
ViRobot 20100115 2010.01.15 2010-01-15 40.13 -
Ikarus T3.1.01.80 2010.01.15.74968 2010-01-15 6.79 -
JiangMin 13.0.900 2010.01.13 2010-01-13 40.13 -
Kaspersky 5.5.10 2010.01.15 2010-01-15 0.32 -
KingSoft 2009.2.5.15 2010.1.15.18 2010-01-15 40.13 -
McAfee 5.3.00 5861 2010-01-14 4.22 -
Microsoft 1.5302 2010.01.14 2010-01-14 40.13 -
Norman 6.01.09 6.01.00 2010-01-14 2.01 -
Panda 9.05.01 2010.01.15 2010-01-15 40.14 -
Trend Micro 9.120-1004 6.770.02 2010-01-15 0.10 -
Quick Heal 10.00 2010.01.15 2010-01-15 40.13 -
Rising 20.0 22.30.04.04 2010-01-15 40.13 -
Sophos 3.03.0 4.49 2010-01-15 3.22 -
Sunbelt 3.9.2390.2 5618 2010-01-14 40.12 -
Symantec 1.3.0.24 20100112.005 2010-01-12 0.00 -
nProtect 20100115.01 6886403 2010-01-15 40.13 -
The Hacker 6.5.0.4 v00151 2010-01-15 40.13 -
VBA32 3.12.12.1 20100114.2333 2010-01-14 2.93 Win32 Shadow Driver Install (suspicious)
VirusBuster 4.5.11.10 10.119.4/2025813 2010-01-15 3.78 -

#15 emeraldnzl

Group: GeekU Moderator
Posts: 14,623
Joined: 19-November 07

Posted 22 January 2010 - 01:34 PM

Hello thatbklyngirl,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

http://www.geekstogo.com/forum/Google-Redi...92#entry1742592
KillAll::

Collect::
c:\program files\ghip9enn.exe

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Google Redirect and lots of other issues - Geeks to Go Forums