Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Proc:Click Redirect Virus?


  • Please log in to reply

#1
SisypheanTask

SisypheanTask

    Member

  • Member
  • PipPip
  • 21 posts
I have been experiencing what appears to be a Google Redirect Virus in Firefox 4. I have already attempted the suggested fix for known redirect viruses to no avail.
About 70% of the time, a link clicked from a Google search will result in a pop-up titled "proc:click" with some technical information about the link. If I click the close button or the box is x'd out, Firefox continues loading to what appears to be some search engine semi-related to the search topic with a quick stop at a website called "eqezifebawe.com".
If I navigate back from the website that comes up, I am redirected to a site that says "Welcome to NGINX on EPEL!" with some other info. (I have screenshots of the nginx website and I can obtain one of a proc:click screen)There are no other symptoms besides the Google redirect. This began just after cleaning up the "Win 7 Anti-virus 2011" virus.
It seems that this is fairly new and not well understood as a Google search for "proc:click" comes up with stunningly few results. The results that are pertinent to this have only questions and no answers.


Currently running Emsisoft Online Armor Free. Consistently update and run Malwarebytes Anti-Malware.

----------------------------------------------------------------------------------------
OTL logfile created on: 5/2/2011 5:04:26 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Zeke\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 666.02 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive E: | 165.50 Gb Total Space | 99.54 Gb Free Space | 60.14% Space Free | Partition Type: NTFS
Drive K: | 298.09 Gb Total Space | 104.35 Gb Free Space | 35.01% Space Free | Partition Type: NTFS

Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 16:32:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Downloads\OTL(1).exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAhlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAcat.exe
PRC - [2011/03/29 13:13:16 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/22 13:53:56 | 002,403,024 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/04 02:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 02:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 16:32:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Downloads\OTL(1).exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2010/11/20 08:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2010/11/20 08:19:23 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (MSDTC)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/04 02:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/07 03:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 16:43:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D3908DF-A7A9-4DDC-8168-EDB4692DA3FF}\MpKsl4235fc42.sys -- (MpKsl4235fc42)
DRV - [2011/05/02 15:46:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D3908DF-A7A9-4DDC-8168-EDB4692DA3FF}\MpKsl38c099e9.sys -- (MpKsl38c099e9)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/19 19:17:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/04 02:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/19 05:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/10/11 21:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/03/05 03:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAC607.sys -- (MAC607)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...006&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 E3 5B BC 22 43 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com|http://beta.mapmyrun.com/my_home/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1ebc69c0-92ff-11dc-8314-0800200c9a66}:3.6.1.9
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4
FF - prefs.js..extensions.enabledItems: {3fb63340-652a-11dd-ad8b-0800200c9a66}:3.5.200
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.7
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/05 20:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 19:29:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/06/05 03:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Extensions
[2011/04/30 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions
[2010/12/11 20:47:39 | 000,000,000 | ---D | M] (Gnome Classic) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions\{1ebc69c0-92ff-11dc-8314-0800200c9a66}
[2010/06/05 03:08:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 08:42:52 | 000,000,000 | ---D | M] (AvantGarde Nightlife) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
[2011/03/11 22:20:14 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/12/11 20:49:39 | 000,000,000 | ---D | M] (ArzoFox) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\extensions\[email protected]
[2010/09/20 15:02:08 | 000,001,919 | ---- | M] () -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\searchplugins\bing-zugo.xml
[2011/01/08 19:27:15 | 000,002,523 | ---- | M] () -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\u6lde8p9.default\searchplugins\google-ssl.xml
[2011/05/01 19:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U6LDE8P9.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U6LDE8P9.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/02 16:39:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{555dcad7-ce9b-11de-9333-0016e6598228}\Shell - "" = AutoRun
O33 - MountPoints2\{555dcad7-ce9b-11de-9333-0016e6598228}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 16:38:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/02 16:35:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/01 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\OnlineArmor
[2011/05/01 19:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2011/05/01 19:34:15 | 000,025,192 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2011/05/01 19:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2011/05/01 19:34:14 | 000,029,312 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2011/05/01 19:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/05/01 19:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/01 19:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/01 17:54:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/01 17:53:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/16 16:08:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/04/15 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Documents\Inform
[2011/04/15 20:57:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/04/15 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Inform 7
[2011/04/15 20:52:25 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll

========== Files - Modified Within 30 Days ==========

[2011/05/02 16:50:27 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 16:50:27 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 16:48:03 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 16:48:03 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 16:45:40 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/05/02 16:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 16:43:04 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 16:39:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/01 19:33:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/01 19:32:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/01 17:38:50 | 000,008,670 | -HS- | M] () -- C:\Users\Zeke\AppData\Local\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/05/01 17:38:50 | 000,008,670 | -HS- | M] () -- C:\ProgramData\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/04/16 16:08:33 | 000,356,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 13:02:26 | 000,039,048 | ---- | M] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011/04/06 13:01:32 | 000,029,312 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2011/04/06 13:01:30 | 000,205,864 | ---- | M] () -- C:\Windows\System32\drivers\OADriver.sys
[2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

========== Files Created - No Company Name ==========

[2011/05/01 19:34:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011/05/01 19:34:14 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2011/05/01 19:32:54 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/01 19:29:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 17:19:23 | 000,008,670 | -HS- | C] () -- C:\Users\Zeke\AppData\Local\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/05/01 17:19:23 | 000,008,670 | -HS- | C] () -- C:\ProgramData\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/04/15 20:54:01 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/04/15 20:51:46 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/04/15 20:51:33 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/02/03 14:16:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\Xbox.sys
[2011/02/03 14:16:36 | 000,022,144 | ---- | C] () -- C:\Windows\System32\drivers\MAC607.sys
[2011/02/03 14:15:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll
[2011/02/03 14:15:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\iFT8D91.dll
[2011/01/26 10:26:55 | 000,007,603 | ---- | C] () -- C:\Users\Zeke\AppData\Local\Resmon.ResmonCfg
[2010/12/05 20:29:57 | 000,208,061 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/12/05 20:29:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/10/30 21:00:00 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/10/30 21:00:00 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/08/30 18:30:59 | 000,000,059 | ---- | C] () -- C:\Windows\Lunarmedia Clock B..ini
[2010/08/14 21:39:49 | 000,000,600 | ---- | C] () -- C:\Users\Zeke\AppData\Local\PUTTY.RND
[2010/08/04 02:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/06/16 14:22:58 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/06/07 10:25:33 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/06/07 10:16:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/05 03:13:17 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/06/05 03:00:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/15 16:19:53 | 000,000,020 | ---- | C] () -- C:\Windows\entpack.ini
[2009/11/07 18:47:01 | 000,528,744 | ---- | C] () -- C:\Windows\System32\OGAVerify.exe
[2009/09/01 14:49:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/24 15:53:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 13:44:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll.bak
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,356,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2010/06/05 03:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Auslogics
[2010/06/05 03:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/19 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 03:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Pro
[2010/08/23 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\fltk.org
[2010/12/30 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\GARMIN
[2011/02/02 14:25:29 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\IObit
[2011/03/29 17:39:27 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Loonies
[2011/05/01 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\OnlineArmor
[2010/06/05 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\OpenOffice.org
[2010/12/09 11:17:25 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Stellarium
[2011/05/02 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\uTorrent
[2011/05/02 16:45:40 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/12/13 13:49:34 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
----------------------------------------------------------------------------------------
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP