Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PHP:Redirector-P [Trj]


  • This topic is locked This topic is locked

#1
Junius

Junius

    Member

  • Member
  • PipPip
  • 34 posts
Malware

1. PHP:Redirector-P [Trj]
2. VBS:Malaware-gen
3. Win32:Malaware-gen
4. Win32:Adware-gen[Adw]

Over the past few weeks the above malware have been repeatedly
showing up on my computer. I keep moving them to Avast! Virus Chest,
but they reappear the next time I run full system and/or boot-time
scans.

Avast! Scans (Full System Scans and Boot-Time Scans):

PHP:REdirector-P [Trj] infected C: Drive *Documents* files on the
following dates. All were moved to Avast! Virus Chest.

May 15 (8:22 AM 4 files), (7:45 AM 4 files),


PHP:Redirector-P [Trj] infected *C:\Windows\Temp* files on the
following dates. All were moved to Avast! Virus Chest.

May 17 (1:54 PM 1 file), May 20 (11:10 PM 1 file), May 22 (10:00 AM 1 file) and
(6:37 PM 1 file), May 23 (3:28 AM 1 file), May 24 (5:12 PM 1 file),
May 29 (8:34 AM 1 file),

VBS:Malware-gen infected C: Drive *Documents* files on the following
dates. All moved to Avast! Virus Chest.

July 14, 2010 (3:43 AM 2 file), May 15, 2011 (8:25 AM 1 file),

Win32:Malware-gen infected C: Drive *Documents* files on the following
dates. All moved to Avast! Virus Chest.

August 23, 2010 (1:40 AM 1 file), July 14, 2010 (9:37 AM 1 file),
May 15, 2011 (8:25 AM 1 file),


PHP:Redirector-P [Trj] infected L: Drive (external back up drive) on the
following dates. All moved to Avast! Virus Chest.

May 15, 2011 (8:58 AM), May 16, 2011 (2:08 PM), May 17, 2011 (3:05 PM)
May 20, 2011 (11:28 PM), May 22, 2011 (11:49 AM and 8:38 PM), May 23, 2011 (4:55 AM),
May 24, 2011 (5:47 PM),

Win32:Malware-gen infected L: Drive (external back up drive) on the
following dates. All moved to Avast! Virus Chest.

June 5, 2011 (3:50 AM),

Wen32:Malware-gen [Adw] infected C: Drive *Documents* files on the
following dates. All moved to Avast! Virus Chest.

July 14, 2010 (9:37 AM),


Any assistance you can provide to permanently remove this malware from my computer will be greatly appreciated.

Thank you in advance for your assistance.

Bob

---------
OTL Logs

OTL logfile created on: 6/6/2011 5:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.60 Gb Available Physical Memory | 77.65% Memory free
11.86 Gb Paging File | 9.54 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.56 Gb Total Space | 516.01 Gb Free Space | 88.27% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 1.64 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
Drive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 930.86 Gb Total Space | 415.60 Gb Free Space | 44.65% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 17:28:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Downloads\OTL.exe
PRC - [2011/05/08 11:18:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/15 15:39:40 | 000,681,880 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/07 15:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 17:28:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Downloads\OTL.exe
MOD - [2011/01/20 08:03:06 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/16 17:36:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/04 11:17:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/29 13:16:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/11 10:19:18 | 000,084,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 05:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/08 11:18:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/08 11:18:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/01 21:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/04 16:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions
[2011/03/22 22:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/07 13:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 00:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 22:47:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 09:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/22 22:34:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/08 11:18:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 11:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/05 11:25:57 | 000,434,874 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14964 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 12:55:11 | 000,000,038 | -H-- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f37c4733-8ace-11df-b6f6-4061869b0cec}\Shell - "" = AutoRun
O33 - MountPoints2\{f37c4733-8ace-11df-b6f6-4061869b0cec}\Shell\AutoRun\command - "" = K:\HPLauncher.exe -- [2009/05/18 12:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 12:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPSS
[2011/05/22 12:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSS
[2011/05/21 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\{28AD7A85-BB99-4F42-BAEF-F63516DC033F}
[2011/05/19 13:47:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Face Book Campaigns - Paul Ponna
[2011/05/16 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2011/05/16 23:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/16 21:42:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Quicken
[2011/05/16 21:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
[2011/05/16 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2011/05/16 21:39:31 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2011/05/16 21:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2010
[2011/05/16 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/05/16 21:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2011/05/16 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Intuit
[2011/05/16 21:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/05/16 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Adobe
[2011/05/16 17:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2011/05/16 17:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011/05/16 17:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2011/05/16 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/05/16 17:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/05/16 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/14 06:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/05/08 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Invoices
[2011/05/07 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Ads Project Wonderful

========== Files - Modified Within 30 Days ==========

[2011/06/06 17:10:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 17:10:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 16:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 16:04:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 20:52:23 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 20:51:51 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 11:25:57 | 000,434,874 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/05 03:55:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/05 03:55:26 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/05 03:55:26 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/01 10:54:58 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/01 10:54:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/05/29 13:13:05 | 000,434,670 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110605-112557.backup
[2011/05/28 13:50:21 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2011/05/23 04:57:34 | 000,000,175 | ---- | M] () -- C:\ProgramData\LockFilePath.ini
[2011/05/22 12:38:33 | 000,001,881 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/05/19 13:20:11 | 000,434,608 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110529-131305.backup
[2011/05/16 21:39:28 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Home & Business 2010.lnk
[2011/05/16 21:39:28 | 000,000,357 | ---- | M] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2011/05/16 21:39:21 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/05/16 21:17:55 | 000,350,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/16 21:05:46 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2011/05/15 09:56:07 | 000,434,100 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110519-132011.backup
[2011/05/14 06:42:50 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/05/08 11:18:30 | 000,002,054 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 08:41:06 | 000,433,994 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110515-095607.backup

========== Files Created - No Company Name ==========

[2011/05/23 04:57:34 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2011/05/22 12:38:33 | 000,001,881 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/05/16 21:39:28 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2010.lnk
[2011/05/16 21:39:28 | 000,000,357 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2011/05/16 21:38:53 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/16 21:05:46 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 21:05:46 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2011/05/14 06:42:50 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/05/08 11:18:10 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/07/15 22:02:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/07/11 13:30:04 | 000,037,780 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpBOB AT ROUND TOP, OAHU, HI.JPG
[2010/06/29 13:16:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/29 13:16:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/06/29 13:16:19 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2010/06/29 13:16:19 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2010/06/29 13:16:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2010/06/29 13:16:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2010/06/29 13:16:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2010/06/29 13:16:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2010/06/29 13:16:19 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2010/06/29 13:16:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2010/06/29 13:16:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2010/06/29 13:16:19 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/21 12:23:15 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CoreFTP
[2010/07/09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\iWin
[2010/12/21 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\JonathanLeger.com
[2010/09/06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\KompoZer
[2011/05/16 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2010/07/07 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Notepad++
[2010/07/07 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/07/03 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PictureMover
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Thunderbird
[2010/07/11 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangentv1001
[2010/07/08 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WinBatch
[2011/05/31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 00:08:49 | 000,031,914 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 6/6/2011 5:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.60 Gb Available Physical Memory | 77.65% Memory free
11.86 Gb Paging File | 9.54 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.56 Gb Total Space | 516.01 Gb Free Space | 88.27% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 1.64 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
Drive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 930.86 Gb Total Space | 415.60 Gb Free Space | 44.65% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036CB3BC-64EF-107A-AC71-DB7F2BA22350}" = SAT
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08A91C9F-2BA3-4288-95DA-2FE397165981}" = Website Legal Forms Generator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Host OpenAL" = Host OpenAL
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstantArticleWizard" = InstantArticleWizard
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Notepad++" = Notepad++
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem80" = Adobe Premiere Elements 8.0
"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates
"SAT" = SAT
"Traffic Hybrid Software_is1" = Traffic Hybrid Software v2.01
"WaveStudio 7" = Creative WaveStudio 7
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2011 9:08:25 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 9:08:25 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 9:08:34 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 9:08:34 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 9:08:34 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 9:08:35 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2011 3:15:14 PM | Computer Name = Bob-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/23/2011 2:16:26 PM | Computer Name = Bob-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/24/2011 2:08:35 PM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: HPSSBackupMonitor.exe, version: 1.0.2.36,
time stamp: 0x4d05b9ab Faulting module name: HPSSBackupMonitor.exe, version: 1.0.2.36,
time stamp: 0x4d05b9ab Exception code: 0xc0000094 Fault offset: 0x0002f66b Faulting
process id: 0xf9c Faulting application start time: 0x01cc1930256a0ca5 Faulting application
path: C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
Faulting
module path: C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
Report
Id: d73e406b-8630-11e0-935b-4061869b0cec

Error - 5/25/2011 7:08:08 AM | Computer Name = Bob-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 1/15/2011 11:41:29 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011115094118.xml
File not created by asset agent

Error - 1/22/2011 11:01:57 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011122090147.xml
File not created by asset agent

Error - 2/5/2011 11:49:19 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021105094911.xml
File not created by asset agent

Error - 2/26/2011 11:18:04 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021126091747.xml
File not created by asset agent

Error - 3/19/2011 10:37:31 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 3/19/2011 10:37:44 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031119093733.xml
File not created by asset agent

Error - 3/26/2011 10:04:14 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031126090404.xml
File not created by asset agent

Error - 4/2/2011 10:39:32 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041102093921.xml
File not created by asset agent

Error - 4/9/2011 10:40:44 PM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041109094034.xml
File not created by asset agent

Error - 5/21/2011 9:07:37 AM | Computer Name = Bob-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051121080728.xml
File not created by asset agent

[ System Events ]
Error - 3/27/2011 9:08:44 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 3/29/2011 4:00:51 AM | Computer Name = Bob-PC | Source = DCOM | ID = 10010
Description =

Error - 3/30/2011 8:29:55 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error - 3/30/2011 12:05:27 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 4/1/2011 1:35:01 AM | Computer Name = Bob-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/1/2011 1:35:02 AM | Computer Name = Bob-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/1/2011 1:35:02 AM | Computer Name = Bob-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/1/2011 1:35:03 AM | Computer Name = Bob-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/1/2011 1:35:03 AM | Computer Name = Bob-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/4/2011 2:22:43 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.


< End of report >
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Hello Junius, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.
  • Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Sorry for the delay.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Next,

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Users\Bob\AppData\Local\{28AD7A85-BB99-4F42-BAEF-F63516DC033F}
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#3
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello Mitch8,

Thank you for your response. I'll work on this and post the results by tomorrow evening.

Have a great day.
  • 0

#4
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello Mitch8,

1. Ran OTL here is the results:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 112888145 bytes
->Temporary Internet Files folder emptied: 78197446 bytes
->Java cache emptied: 92554684 bytes
->FireFox cache emptied: 1017648766 bytes
->Flash cache emptied: 204869 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9952026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 109824975 bytes

Total Files Cleaned = 1,356.00 mb


[EMPTYFLASH]

User: All Users

User: Bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06142011_132353

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYICSXRR\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYICSXRR\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\background_banner_green_50_v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\background_button_green_full[2].png moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\list-item-plus[2].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



2. Ran MBAM here are the results:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 112888145 bytes
->Temporary Internet Files folder emptied: 78197446 bytes
->Java cache emptied: 92554684 bytes
->FireFox cache emptied: 1017648766 bytes
->Flash cache emptied: 204869 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9952026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 109824975 bytes

Total Files Cleaned = 1,356.00 mb


[EMPTYFLASH]

User: All Users

User: Bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06142011_132353

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYICSXRR\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYICSXRR\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\background_banner_green_50_v45[1].jpg moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\background_button_green_full[2].png moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJYY8W6X\list-item-plus[2].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


3. Ran SystemLook here are the results:


SystemLook 04.09.10 by jpshortstuff
Log created at 14:04 on 14/06/2011 by Bob
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\Bob\AppData\Local\{28AD7A85-BB99-4F42-BAEF-F63516DC033F} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-
  • 0

#5
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Did Avast stop finding malware?

It looks like you posted the OTL log twice, can you post the MBAM log here? You can find the log again opening up MBAM and going to the logs tab.

How is your computer running?
  • 0

#6
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello,

I ran Avast *full scan* hard drives C: and L: - No Threat Found.

Then I ran Avast *boot-time scan* - It found *one* infected *documents* file on Drive L (external back up drive). I moved it to the *virus chest*. It was: PHP:Redirector-P (Tjr)

Here is the MBAM Log (sorry I didn't include before - thought I did - LOL):

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6858

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/14/2011 1:56:31 PM
mbam-log-2011-06-14 (13-56-31).txt

Scan type: Quick scan
Objects scanned: 162947
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------

My computer is running fine.

I'll run Avast *full scan* of local hard drives C: and L: and *boot-time* scan again, then post here later the results.

Edited by Junius, 14 June 2011 - 06:23 PM.

  • 0

#7
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello Mitch8,

I ran Avast scan again: *full scan* of all local hard drives C: and L: (external back up drive), results:

Threat Detected.
File Name: C:\Windows\Temp\unp246045113.tmp
Severity: High
Status: Threat: PHP:Redirector-P [Trj]
Action: Move to Chest
Result: Action successful

I'm going to re-run Avast *boot-time scan* of drives C: and L:

I'll post results here once scan is finished.
  • 0

#8
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello again,

I ran Avast again, *boot-time scan* all local drives, results are:

Found an infected file on L: drive (external back up drive).

Name:

C\Users\Bob\Documents\Joel Comm Free Bonuses\video-streaming\video-streaming-site\lang.php

Original location:

L;\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 1.zip

Last Changed:

6/15/2011 12:14:43 AM

Transfer time:

6/15/2011 12:14:59 AM

Virus: PHP:Redirector-P [Trj]

Note: Above is per Virus Chest log.

It is interesting that the Avast *Scan Log* says for this scan "No Virus Found", yet the scan did find the above virus and it was moved to the Virus Chest where the above information about it is contained.

Also, after this *boot-time scan* completed, I selected the option #3 to move the virus to the Virus Chest. It started processing to complete the restart of computer process but then shut down the computer completely. I then manually started the computer. It started but the monitor was not displaying anything (but could hear windows *chimes sound* as it loaded). I then had to manually turn off computer and manually restart it. It then went through a *consistency check* process of deleting and recovering and repharse a lot of files,etc. Once completed with the *consistency check* process it went to a screen saying computer not shut down properly, asking if wanted to start in Save Mode, etc. or Normal Mode, etc. I let it continue start up in Normal. Everything started up fine. I then *restarted* (properly) and it restarted like it should.

When I did the previous *boot-time scan* before this one and it found this same virus on L: drive and moved it to the Virus Chest, the file name, etc. was the same except it was:

....\flags.php

instead of:

.....\lang.php

It appears that whenever it is moved to the Virus Chest it jumps to *lang.php* if located on *flags.php*. If located on *lang.php* it jumps to *flags.php* when moved to the Virus Chest.

Please let me know what to do next.

Thank you.
  • 0

#9
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Do you know what this folder is in your documents?
C\Users\Bob\Documents\Joel Comm Free Bonuses\video-streaming\video-streaming-site

Did you create it or did the infection put it there?

Let's get another scan.

Open up OTL and click on Quick Scan. Post the log it makes here.
  • 0

#10
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello,

1. C\Users\Bob\Documents\Joel Comm Free Bonuses\video-streaming\video-streaming-site

Yes, I know what the file is. I created it. It is part of a Private Label Rights (PLR) package I got 2 or 3 years ago to re-brand and re-sell the products in the package. The infection did not put the file on my computer. The file was on my computer long before this infection showing up on April 24, 2011 (1st time Avast showed it). (Note: If we need to I can delete that entire 8/13/2010 back up set on Drive L: (external hard drive) as more recent back up sets are storing the same data, etc. Also, I have the original CD/DVD the PLR package came on.)

2. OTL Quick Scan log:

OTL logfile created on: 6/15/2011 12:45:56 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Bob\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 82.78% Memory free
11.86 Gb Paging File | 9.73 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.56 Gb Total Space | 518.11 Gb Free Space | 88.63% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 1.64 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
Drive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 930.86 Gb Total Space | 414.42 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 17:28:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/08 11:18:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/07 15:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 17:28:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/16 17:36:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/04 11:17:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/29 13:16:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 06:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/11 10:19:18 | 000,084,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 05:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/06/11 09:46:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/08 11:18:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/08 11:18:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/01 21:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/04 16:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions
[2011/03/22 22:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/07 13:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 00:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 22:47:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 09:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/22 22:34:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/08 11:18:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 11:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 11:22:38 | 000,435,030 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14970 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 12:55:11 | 000,000,038 | -H-- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f37c4733-8ace-11df-b6f6-4061869b0cec}\Shell - "" = AutoRun
O33 - MountPoints2\{f37c4733-8ace-11df-b6f6-4061869b0cec}\Shell\AutoRun\command - "" = K:\HPLauncher.exe -- [2009/05/18 12:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 13:53:22 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2011/06/14 13:53:11 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/14 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/14 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/14 13:53:07 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/14 13:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/14 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\OTL run fixes scan 6 14 2011
[2011/06/14 13:23:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 13:21:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/11 09:46:42 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/06/08 10:52:13 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Accounts Receivable
[2011/06/06 22:43:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Geeks to Go OTL Logs 6 6 2011
[2011/05/22 12:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPSS
[2011/05/22 12:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSS
[2011/05/21 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\{28AD7A85-BB99-4F42-BAEF-F63516DC033F}
[2011/05/19 13:47:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Face Book Campaigns - Paul Ponna
[2011/05/16 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2011/05/16 23:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/16 21:42:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Quicken
[2011/05/16 21:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
[2011/05/16 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2011/05/16 21:39:31 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2011/05/16 21:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2010
[2011/05/16 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/05/16 21:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2011/05/16 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Intuit
[2011/05/16 21:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/05/16 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Adobe
[2011/05/16 17:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2011/05/16 17:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011/05/16 17:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2011/05/16 17:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/05/16 17:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/05/16 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

========== Files - Modified Within 30 Days ==========

[2011/06/15 12:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 12:40:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 00:32:21 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 00:32:21 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 00:24:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 00:24:40 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 14:01:08 | 000,075,264 | ---- | M] () -- C:\Users\Bob\Desktop\SystemLook.exe
[2011/06/14 13:53:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/14 13:39:52 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2011/06/12 11:22:38 | 000,435,030 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/11 09:46:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/06 17:28:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/05 11:25:57 | 000,434,874 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110612-112238.backup
[2011/06/05 03:55:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/05 03:55:26 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/05 03:55:26 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/01 10:54:58 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/05/29 13:13:05 | 000,434,670 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110605-112557.backup
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/23 04:57:34 | 000,000,175 | ---- | M] () -- C:\ProgramData\LockFilePath.ini
[2011/05/22 12:38:33 | 000,001,881 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/05/19 13:20:11 | 000,434,608 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110529-131305.backup
[2011/05/16 21:39:28 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Home & Business 2010.lnk
[2011/05/16 21:39:28 | 000,000,357 | ---- | M] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2011/05/16 21:39:21 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/05/16 21:17:55 | 000,350,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/16 21:05:46 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk

========== Files Created - No Company Name ==========

[2011/06/14 14:03:11 | 000,075,264 | ---- | C] () -- C:\Users\Bob\Desktop\SystemLook.exe
[2011/06/14 13:53:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 04:57:34 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2011/05/22 12:38:33 | 000,001,881 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/05/16 21:39:28 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2010.lnk
[2011/05/16 21:39:28 | 000,000,357 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2011/05/16 21:38:53 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/16 21:05:46 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 21:05:46 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
[2011/05/16 17:36:41 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2010/07/15 22:02:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/07/11 13:30:04 | 000,037,780 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpBOB AT ROUND TOP, OAHU, HI.JPG
[2010/06/29 13:16:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/29 13:16:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/06/29 13:16:19 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2010/06/29 13:16:19 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2010/06/29 13:16:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2010/06/29 13:16:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2010/06/29 13:16:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2010/06/29 13:16:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2010/06/29 13:16:19 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2010/06/29 13:16:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2010/06/29 13:16:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2010/06/29 13:16:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2010/06/29 13:16:19 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2010/06/29 13:16:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2010/06/29 13:16:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/21 12:23:15 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CoreFTP
[2010/07/09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\iWin
[2010/12/21 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\JonathanLeger.com
[2010/09/06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\KompoZer
[2011/05/16 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2010/07/07 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Notepad++
[2010/07/07 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/07/03 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PictureMover
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Thunderbird
[2010/07/11 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangentv1001
[2010/07/08 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WinBatch
[2011/05/31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/10 07:20:23 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Next,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#12
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello

A couple of clarification questions (so I hopefully don't mess this up since I don't have a clue what I'm doing - lol).

1. re: Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

*root folder* - would that be the directory (folder)?

Computer > HP(C:)

I have Windows7 Professional.

2. re: If running Vista, right click on it and select "Run as an Administrator".

I have Windows7 Professional (not Vista). Am I correct in assuming I should *Run as an Administrator* also?

-------

I'll try to get this completed and report back to you by tomorrow night, but it might be as late as Friday PM sometime (hectic schedule here for the next couple days).

Thank you very much for your assistance - very much appreciated.
  • 0

#13
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
You are correct on both points, sorry those instructions are a little old.
  • 0

#14
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hello Mitch8,

Sorry for the delay in getting back to you. It was unavoidable.

1. GMER Results.log

This scan did not find anything. So Results Log is *Blank*.

2. Kaspersky Scan: Kas Log of Detections (all infections were moved to quarantine).

Autoscan: completed 2 minutes ago (events: 71, objects: 2703052, time: 05:49:28)
6/18/2011 9:10:44 PM Task completed
6/18/2011 8:00:33 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\AtoZ-RSS-Rights.zip/index.htm
6/18/2011 8:00:26 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\AtoZ-RSS-Rights.zip/reprint-rights.htm
6/18/2011 8:00:23 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 8:00:23 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 8:00:05 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\Create_Your_Own_Ebook-Rights.zip/reprint-rights.htm
6/18/2011 6:04:18 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\Create_Your_Own_Ebook-Rights.zip/index.htm
6/18/2011 6:04:18 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 6:04:18 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 5:59:46 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 5:44:17 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-06-02 000001\Backup Files 2011-06-02 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 5:43:50 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-06-02 000001\Backup Files 2011-06-02 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 5:43:23 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-06-02 000001\Backup Files 2011-06-02 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 5:43:16 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-06-02 000001\Backup Files 2011-06-02 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 5:39:22 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-06-02 000001\Backup Files 2011-06-02 000001\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 5:32:13 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-05-16 000001\Backup Files 2011-05-16 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 5:31:06 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-05-16 000001\Backup Files 2011-05-16 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 5:31:00 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-05-16 000001\Backup Files 2011-05-16 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 5:29:47 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-05-16 000001\Backup Files 2011-05-16 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 5:29:22 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-05-16 000001\Backup Files 2011-05-16 000001\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 5:20:33 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-04-06 083042\Backup Files 2011-04-06 083042\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 5:20:05 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-04-06 083042\Backup Files 2011-04-06 083042\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 5:19:54 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-04-06 083042\Backup Files 2011-04-06 083042\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 5:19:01 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-04-06 083042\Backup Files 2011-04-06 083042\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 5:18:42 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-04-06 083042\Backup Files 2011-04-06 083042\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 5:13:00 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-02-17 000000\Backup Files 2011-02-17 000000\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 5:08:00 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-02-17 000000\Backup Files 2011-02-17 000000\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 5:07:21 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-02-17 000000\Backup Files 2011-02-17 000000\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 5:06:39 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-02-17 000000\Backup Files 2011-02-17 000000\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 5:06:20 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-02-17 000000\Backup Files 2011-02-17 000000\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 5:02:25 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-19 000001\Backup files 1.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 4:59:51 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-10 000004\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 4:59:20 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-10 000004\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 4:59:17 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-10 000004\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 4:58:20 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-10 000004\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 4:58:01 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2011-01-10 000004\Backup Files 2011-01-10 000004\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 4:54:16 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-12-08 000001\Backup Files 2010-12-08 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 4:53:00 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-12-08 000001\Backup Files 2010-12-08 000001\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 4:51:12 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-12-08 000001\Backup Files 2010-12-08 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 4:50:10 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-12-08 000001\Backup Files 2010-12-08 000001\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 4:49:52 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-12-08 000001\Backup Files 2010-12-08 000001\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 4:45:02 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-10-31 000011\Backup Files 2010-10-31 000011\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 4:43:13 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-10-31 000011\Backup Files 2010-10-31 000011\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 4:42:32 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-10-31 000011\Backup Files 2010-10-31 000011\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 4:06:49 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-10-31 000011\Backup Files 2010-10-31 000011\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 4:05:37 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-10-31 000011\Backup Files 2010-10-31 000011\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 4:05:06 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-09-17 061103\Backup Files 2010-09-17 061103\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 3:59:15 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-09-17 061103\Backup Files 2010-09-17 061103\Backup files 5.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 3:58:09 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-09-17 061103\Backup Files 2010-09-17 061103\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 3:51:03 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-09-17 061103\Backup Files 2010-09-17 061103\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 3:50:45 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-09-17 061103\Backup Files 2010-09-17 061103\Backup files 2.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 3:44:53 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 3:44:15 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 3.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 3:43:49 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 4.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 3:42:36 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 3.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 3:42:17 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup files 1.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 3:37:28 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-07-09 123237\Backup Files 2010-07-15 024827\Backup files 1.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 3:37:10 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-07-09 123237\Backup Files 2010-07-15 024827\Backup files 1.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 3:36:33 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-07-09 123237\Backup Files 2010-07-15 024827\Backup files 1.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 3:35:38 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-07-09 123237\Backup Files 2010-07-15 024827\Backup files 1.zip/C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 3:35:30 PM Detected: HEUR:Trojan.Script.Iframer L:\BOB-PC\Backup Set 2010-07-09 123237\Backup Files 2010-07-14 000001\Backup files 1.zip/C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 3:31:33 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\AtoZ-RSS-Rights.zip/index.htm
6/18/2011 3:31:17 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\Create_Your_Own_Ebook-Rights.zip/reprint-rights.htm
6/18/2011 3:30:05 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\reprint-rights.htm
6/18/2011 3:27:51 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\AtoZ-RSS-Rights.zip/reprint-rights.htm
6/18/2011 3:27:46 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\The A to Z about RSS\index.htm
6/18/2011 3:27:03 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\reprint-rights.htm
6/18/2011 3:26:04 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\Create_Your_Own_Ebook-Rights.zip/index.htm
6/18/2011 3:26:03 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\My eBooks\Eric and Daniel Firesale\Create Ebook without writting\index.htm
6/18/2011 3:24:00 PM Detected: HEUR:Trojan.Script.Iframer L:\Backup Files\1\1\V0\C\Users\Bob\Documents\Joel Comm Inet Bus\YourBusiness\RESALEPRODUCTS\Websites\NetworkMarketingPitfalls\index.htm
6/18/2011 3:21:16 PM Task started


3. I hope I completed all this correctly. If not let me know.

4. After completing above per your last instructions, I ran Avast *full system scan* followed by *boot-time scan* results are:

a.) Scan Logs:

Name: Full System Scan
Date: 6/18/2011 10:07:02 PM
Result: virus found.

I moved it to Virus Chest.

Virus Chest entry:

Name: unp218525619.tmp
Original location: C:\Windows\Temp
Last changed: 6/15/2011 5:14:43 AM
Transfer time: 6/19/2011 2:44:47 AM
Virus: PHP:Redirector-P[Trj]

b.) Scan Logs:

Name: Boot-time scan
Date: 6/19/2011 4:00:56 AM
Result: no virus found*

*Note: Infected file was found and a corrupted file was found during boot-time scan.

Corrupted file found was:

File C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\resources\guid.zip |>HPSAUpgrade.exe Error 42125 {ZIP archive is corrupted}

Infected file found was:

File L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup Files 26.zip | Users\BOB\Documents\Joel Comm Free Bonsus\fashion school.zip |>fasion-school-site\flags.php is infected by PHP:Redirector-P [Tjr]

Virus Chest entry shows:

Name: fashion-school-site\flags.php
Original Location: L:\BOB-PC\Backup Set 2010-08-13 030125\Backup Files 2010-08-13 030125\Backup Files 26.zip |>C\Users\BOB\Documents\Joel Comm Free Bonsus\fashion school.zip
Last changed: 6/19/2011 3:59:46 AM
Transfer time: 6/19/2011 4:00:39 AM
Virus: PHP:Redirector-P [Trj]

Note: After the boot-time scan completed I selected Option 4 - Move All to Chest. The above Infected file is shown in the Virus Chest per above entry. The Corrupted file is not shown in the Virus Chest.

Once I selected Option 4 the computer paused for a few seconds then proceeded to continue with the Restart process. Then witnin a few seconds the computer locked up completely. I waited for about 5 minutes to make sure it wasn't just taking some time to process something. Then attempted to manually shut down by pressing the On/Off switch on the CPU. Computer would not shut off. I then unplugged the CPU from the electrical outlet to shut it down. Then plugged it back into the electrical outlet. Pressed the On/Off Switch and computer started normally. Once it was fully booted, I restarted it again by: Start>Shut Down>Restart. It then went through the normal shut down and restart process without a problem.

Thank you, your assistance is very much appreciated.

Edited by Junius, 19 June 2011 - 04:40 AM.

  • 0

#15
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Alright, it looks like your downloads where infected, they are also in your backups.

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP