Being redirected while using IE

[Sir Lost A Lot]

Messed up on my last thread so here is the new one.
Hey, thanks for taking your time to help me with this problem. A couple days ago, while using IE, I started get redirected when I am browsing sites(even these forums) to this res://C:\Windows\system32\shdoclc.dll/navcancl.htm

DDS (Ver_09-05-14.01) - NTFSx86
Run by brandon at 19:20:02.65 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1235 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\letlfch\atisvc_ekylmf.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\letlfch\atisvc_ekylmf.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7MB91DFG\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [removecpl] RemoveCpl.exe
mRun: [Airlink101 Airlink101 WLAN Monitor] c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\brandon\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\jk7qo3ig.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\1304043.dll
FF - component: c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\jk7qo3ig.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\jk7qo3ig.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-7-18 4608]
R2 atisvc_ekylmf;atisvc_ekylmf;c:\windows\system32\letlfch\atisvc_ekylmf.exe [2009-5-25 454063]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]

=============== Created Last 30 ================

2009-06-02 08:01 <DIR> --d----- c:\users\brandon\appdata\roaming\Malwarebytes
2009-06-02 08:01 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 08:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-02 08:01 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-02 08:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 08:01 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-01 21:56 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 09:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-29 21:29 <DIR> --d----- c:\users\brandon\appdata\roaming\uniblue
2009-05-29 21:28 <DIR> --d----- c:\program files\Uniblue
2009-05-25 21:51 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-25 11:54 82,432 a------- c:\windows\system32\msxml4r.dll
2009-05-25 11:54 44,544 a------- c:\windows\system32\msxml4a.dll
2009-05-25 11:54 402 a------- c:\windows\system32\msxml4.inf
2009-05-23 20:58 <DIR> --d----- c:\programdata\CCP
2009-05-23 20:58 <DIR> --d----- c:\progra~2\CCP
2009-05-20 18:09 <DIR> --d----- c:\program files\Ventrilo
2009-05-20 18:09 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-05-20 18:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-16 12:29 <DIR> --d----- c:\program files\Disney

==================== Find3M ====================

2009-04-25 22:42 381,834 a------- c:\windows\system32\perfh011.dat
2009-04-25 22:42 101,144 a------- c:\windows\system32\perfc011.dat
2009-03-28 22:17 51,200 a------- c:\windows\inf\infpub.dat
2009-03-16 20:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 12:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 04:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 04:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 04:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 04:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 04:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 04:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-07 11:30 129,356 a------- c:\windows\hppins21.dat
2009-02-16 15:48 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-16 15:47 86,016 a------- c:\windows\inf\infstor.dat
2008-07-18 18:35 174 a--sh--- c:\program files\desktop.ini
2008-07-18 18:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-09 11:44 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2008-07-09 11:44 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2008-07-09 11:44 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2008-07-09 11:44 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-28 15:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 19:21:51.03 ===============

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please go to: VirusTotal

• On the page you'll find a Browse button.
  
• Next to the Browse button you'll see a box to enter text.
• Please copy/paste the following bolded text into the box:
  
  c:\windows\system32\letlfch\atisvc_ekylmf.exe
  
  
• Then click the Send File button just below.
• This will scan the file. Please be patient.
• If you get a message saying File has already been analysed: click Reanalyse file now
• Once scanned, copy and paste the results in your next reply.

------------------------------------------------------

If you have trouble getting to the site, copy/paste the link directly into your browser:

http://www.virustotal.com/

------------------------------------------------------

[Sir Lost A Lot]

File atisvc_ekylmf.exe received on 2009.06.06 17:37:10 (UTC)Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.04 -
AhnLab-V3 5.0.0.2 2009.06.05 -
AntiVir 7.9.0.180 2009.06.06 -
Antiy-AVL 2.0.3.1 2009.06.05 -
Authentium 5.1.2.4 2009.06.05 -
Avast 4.8.1335.0 2009.06.05 -
AVG 8.5.0.339 2009.06.06 -
BitDefender 7.2 2009.06.06 -
CAT-QuickHeal 10.00 2009.06.06 -
ClamAV 0.94.1 2009.06.06 -
Comodo 1272 2009.06.06 -
DrWeb 5.0.0.12182 2009.06.06 -
eSafe 7.0.17.0 2009.06.04 -
eTrust-Vet 31.6.6542 2009.06.05 -
F-Prot 4.4.4.56 2009.06.05 -
F-Secure 8.0.14470.0 2009.06.05 -
Fortinet 3.117.0.0 2009.06.06 -
GData 19 2009.06.06 -
Ikarus T3.1.1.59.0 2009.06.06 -
K7AntiVirus 7.10.754 2009.06.04 -
Kaspersky 7.0.0.125 2009.06.06 -
McAfee 5637 2009.06.05 -
McAfee+Artemis 5637 2009.06.05 -
McAfee-GW-Edition 6.7.6 2009.06.06 -
Microsoft 1.4701 2009.06.06 -
NOD32 4135 2009.06.06 -
Norman 6.01.09 2009.06.05 -
nProtect 2009.1.8.0 2009.06.06 -
Panda 10.0.0.14 2009.06.06 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.06 -
Rising 21.32.52.00 2009.06.06 -
Sophos 4.42.0 2009.06.06 -
Sunbelt 3.2.1858.2 2009.06.06 -
Symantec 1.4.4.12 2009.06.06 -
TheHacker 6.3.4.3.340 2009.06.05 -
TrendMicro 8.950.0.1092 2009.06.06 -
VBA32 3.12.10.6 2009.06.06 -
ViRobot 2009.6.5.1771 2009.06.05 -
VirusBuster 4.6.5.0 2009.06.06 -

Additional information
File size: 454063 bytes
MD5...: 1f0f2f389e07b897854ce9f7b481a43b
SHA1..: b008ccb530ff3e114c03380ea4b0f9001e647da3
SHA256: bb5ab0cbd599212cc95cb0a61959fcadd4ad81a61ef7a2ac07d43998f39c94d8
ssdeep: -<BR>
PEiD..: -
TrID..: File type identification<BR>Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13ff9<BR>timedatestamp.....: 0x49dd4d97 (Thu Apr 09 01:21:27 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x5476c 0x55000 6.66 75630d02cac08e408c7067a054b5b831<BR>.rdata 0x56000 0xe882 0xf000 4.97 5098eb5a7e100966042990b5e146e89d<BR>.data 0x65000 0x53ec 0x3000 3.05 739f5f44a27f5fa804b63b44d2c5ae1a<BR>.rsrc 0x6b000 0x4bc 0x1000 3.99 23504fadc829a6f27936c0a6c875d248<BR><BR>( 11 imports ) <BR>&gt; KERNEL32.dll: SetEnvironmentVariableW, lstrcatW, GetEnvironmentVariableW, SetFileAttributesW, GetFileAttributesW, OpenEventW, FindClose, FindNextFileW, CopyFileW, FindFirstFileW, CreateDirectoryW, RemoveDirectoryW, DeleteFileW, QueryDosDeviceW, GetSystemDirectoryW, CreateProcessW, WaitForMultipleObjects, GetExitCodeThread, ResumeThread, MoveFileW, FileTimeToDosDateTime, MapViewOfFile, ReadProcessMemory, UnmapViewOfFile, InterlockedExchangeAdd, GlobalAlloc, GlobalReAlloc, Thread32First, Thread32Next, SetProcessShutdownParameters, LoadLibraryW, SetUnhandledExceptionFilter, SetErrorMode, GetCommandLineW, GetCurrentThreadId, TerminateThread, GetExitCodeProcess, DuplicateHandle, GetCurrentProcessId, CreateToolhelp32Snapshot, Process32FirstW, ProcessIdToSessionId, OpenProcess, Process32NextW, TerminateProcess, CreateEventW, LoadLibraryExW, lstrcmpiW, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, FreeLibrary, HeapAlloc, GetCurrentThread, GetCurrentProcess, CloseHandle, MultiByteToWideChar, WaitForSingleObject, SetEvent, GetModuleFileNameW, lstrcpyW, lstrcpynW, GetModuleHandleW, GetProcAddress, GetProcessHeap, HeapFree, GetComputerNameW, lstrlenW, LocalFree, GetVersionExW, InterlockedDecrement, GetLastError, FindResourceExW, FindResourceW, LoadResource, LockResource, GlobalFree, SetThreadPriority, ResetEvent, FileTimeToLocalFileTime, ReleaseSemaphore, SetFileTime, CreateSemaphoreW, GetSystemTime, GlobalSize, GlobalLock, ReleaseMutex, GlobalUnlock, SizeofResource, lstrlenA, lstrcpynA, CreateMutexA, GetFileAttributesExW, GetTempPathW, GetTempFileNameW, GetFileSize, ReadFile, DeleteCriticalSection, InitializeCriticalSection, SetEndOfFile, RaiseException, FindFirstFileA, FindNextFileA, GetComputerNameExW, ExpandEnvironmentStringsW, OpenFileMappingW, lstrcpyA, CreateFileMappingW, CreateMutexW, IsBadReadPtr, CreateFileW, GetFileInformationByHandle, GetLocalTime, SystemTimeToFileTime, SetEnvironmentVariableA, CompareStringW, CompareStringA, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapDestroy, HeapReAlloc, HeapSize, RtlUnwind, UnhandledExceptionFilter, IsDebuggerPresent, ExitThread, CreateThread, GetStartupInfoW, HeapCreate, VirtualFree, FatalAppExitA, VirtualAlloc, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCPInfo, GetOEMCP, IsValidCodePage, Sleep, LCMapStringA, WideCharToMultiByte, LCMapStringW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, SetConsoleCtrlHandler, LoadLibraryA, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetLocaleInfoW, GetTimeZoneInformation, CreateFileA, FlushFileBuffers<BR>&gt; USER32.dll: CharNextW, PostThreadMessageW, DispatchMessageW, CharLowerBuffW, GetDesktopWindow, TranslateMessage, IsWindow, MsgWaitForMultipleObjects, GetWindowThreadProcessId, GetParent, CharLowerW, UnregisterClassA, PeekMessageW, wsprintfW<BR>&gt; ADVAPI32.dll: CryptEncrypt, CryptDestroyKey, CryptDeriveKey, LookupAccountSidW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, DuplicateTokenEx, SetTokenInformation, LookupPrivilegeValueW, AdjustTokenPrivileges, CreateProcessAsUserW, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, CreateServiceW, RegGetKeySecurity, RegOpenKeyW, RegSetKeySecurity, RegQueryValueExW, OpenThreadToken, OpenProcessToken, SetServiceStatus, StartServiceW, ControlService, DeleteService, OpenSCManagerW, OpenServiceW, CloseServiceHandle, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, SetSecurityDescriptorDacl, LookupAccountNameW, ConvertSidToStringSidW, GetTokenInformation, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, IsValidSid, GetLengthSid, CopySid, RegOpenKeyExW, RegCloseKey, CryptDecrypt<BR>&gt; ole32.dll: CoRevokeClassObject, CoRegisterClassObject, CoUninitialize, CoInitializeEx, CoInitialize, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoInitializeSecurity, StringFromCLSID, CoRegisterPSClsid, CreateStreamOnHGlobal, GetHGlobalFromStream, CoCreateInstance<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; SHLWAPI.dll: PathIsDirectoryW, PathSkipRootW, PathMatchSpecA, PathAppendA, PathFindFileNameA, PathRemoveFileSpecA, PathIsDirectoryA, SHCreateStreamOnFileW, PathMatchSpecW, PathSkipRootA, PathStripPathW, PathAppendW, PathRemoveFileSpecW, PathFileExistsW, PathFindFileNameW<BR>&gt; USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock<BR>&gt; PSAPI.DLL: EnumProcessModules, GetModuleFileNameExW, GetModuleBaseNameW<BR>&gt; WTSAPI32.dll: WTSFreeMemory, WTSQuerySessionInformationW, WTSOpenServerW, WTSCloseServer<BR>&gt; NETAPI32.dll: NetWkstaUserEnum, NetApiBufferFree<BR>&gt; RPCRT4.dll: UuidCreate, RpcStringFreeW, UuidToStringW<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-

[chemist]

Hello again, Sir Lost A Lot.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

[Sir Lost A Lot]

ComboFix 09-06-06.04 - brandon 06/07/2009 10:42.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1346 [GMT -7:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 17:40 . 2009-06-07 17:52 -------- d-s---w- \ComboFix
2009-06-07 17:35 . 2009-06-07 17:40 -------- d-----w- \Qoobox
2009-06-02 15:01 . 2009-06-02 15:01 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
2009-06-02 15:01 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 15:01 . 2009-06-02 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 15:01 . 2009-06-02 15:01 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 15:01 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 04:56 . 2009-06-02 04:56 -------- d-----w- c:\program files\Trend Micro
2009-05-30 04:29 . 2009-05-30 04:29 -------- d-----w- c:\users\brandon\AppData\Roaming\uniblue
2009-05-30 04:28 . 2009-05-30 04:28 -------- d-----w- c:\program files\Uniblue
2009-05-26 04:51 . 2009-05-26 04:51 -------- d-----w- c:\program files\MSXML 4.0
2009-05-25 18:54 . 2008-03-14 18:14 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-05-25 18:54 . 2008-03-14 18:14 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-05-25 18:53 . 2009-05-25 18:54 -------- d-----w- c:\windows\system32\letlfch
2009-05-24 03:58 . 2009-05-24 03:58 -------- d-----w- c:\programdata\CCP
2009-05-24 03:58 . 2009-05-24 03:58 -------- d-----w- c:\users\brandon\AppData\Local\CCP
2009-05-21 04:58 . 2009-05-21 04:58 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-21 01:12 . 2009-05-21 01:16 -------- d-----w- c:\users\brandon\AppData\Roaming\Ventrilo
2009-05-21 01:09 . 2009-05-21 01:09 -------- d-----w- c:\program files\Ventrilo
2009-05-21 01:07 . 2009-05-21 01:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-17 22:52 . 2009-05-17 22:52 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 19:29 . 2009-05-16 19:29 -------- d-----w- c:\program files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 17:27 . 2008-07-11 18:01 -------- d-----w- c:\program files\Steam
2009-06-07 17:27 . 2008-12-15 20:31 2143784960 --sha-w- \hiberfil.sys
2009-06-07 17:27 . 2008-07-07 01:05 2459713536 --sha-w- \pagefile.sys
2009-06-06 20:00 . 2008-08-28 22:03 -------- d-----w- c:\programdata\Rosetta Stone
2009-06-05 17:49 . 2008-07-09 18:46 381834 ----a-w- c:\windows\system32\perfh011.dat
2009-06-05 17:49 . 2008-07-09 18:46 101144 ----a-w- c:\windows\system32\perfc011.dat
2009-06-02 18:26 . 2008-07-09 01:15 -------- d-----w- c:\program files\JKDefrag
2009-05-28 01:44 . 2008-07-09 01:12 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-23 15:08 . 2008-10-18 17:41 1 ----a-w- c:\users\brandon\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 22:04 . 2008-10-04 15:42 -------- d-----w- c:\users\brandon\AppData\Roaming\Audacity
2009-05-17 22:48 . 2008-10-11 06:52 -------- d-----w- c:\program files\Interbank FX Trader 4
2009-05-17 12:53 . 2008-07-11 18:01 -------- d-----w- c:\program files\Common Files\Steam
2009-05-13 22:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-06 02:28 . 2008-12-13 03:33 -------- d-----w- c:\programdata\Steam
2009-05-06 02:28 . 2008-12-13 03:33 -------- d-----w- c:\programdata\PopCap Games
2009-04-25 18:00 . 2008-08-22 04:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-18 19:05 . 2009-04-18 19:05 -------- d-----w- c:\program files\FRONTIER GROOVE
2009-04-18 19:05 . 2008-07-09 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-10 23:42 . 2008-07-09 01:13 -------- d-----w- c:\program files\CCleaner
2009-04-01 23:54 . 2009-04-01 23:54 34062 ----a-w- c:\users\brandon\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-03-17 03:38 . 2009-04-14 17:16 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 17:16 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 19:49 . 2008-11-28 18:36 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 18:54 . 2009-05-25 18:54 2157846 ----a-w- c:\program files\mozilla firefox\components\1304043.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\steam\steam.exe" [2009-04-29 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Airlink101 Airlink101 WLAN Monitor"="c:\program files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe" [2007-12-01 1949696]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]
"removecpl"="RemoveCpl.exe" - c:\windows\System32\RemoveCpl.exe [2003-01-16 24576]

c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{108B4250-F6B1-407D-BCA8-9CCC3765DF66}c:\\program files\\steam\\steamapps\\tts1011\\condition zero\\hl.exe"= Disabled:UDP:c:\program files\steam\steamapps\tts1011\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{796FF89E-B475-4F90-AA33-F167D0CED7A3}c:\\program files\\steam\\steamapps\\tts1011\\condition zero\\hl.exe"= Disabled:TCP:c:\program files\steam\steamapps\tts1011\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{5BED2854-F22B-4D28-920C-23D329375BEF}c:\\program files\\steam\\steamapps\\_kirby2_\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\garrysmod\hl2.exe:hl2
"UDP Query User{8CE394D7-7E0D-4B98-8122-9881B8EA0A13}c:\\program files\\steam\\steamapps\\_kirby2_\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\garrysmod\hl2.exe:hl2
"TCP Query User{D42037AA-1644-4658-8515-3463354C5922}c:\\program files\\steam\\steamapps\\_kirby2_\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\team fortress 2\hl2.exe:hl2
"UDP Query User{1D51EC90-8203-4B5E-B7F5-4E37DC0B8C47}c:\\program files\\steam\\steamapps\\_kirby2_\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\team fortress 2\hl2.exe:hl2
"TCP Query User{A4DDC5AF-AC2B-4582-9CC4-5A77F55467AE}c:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= UDP:c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{F7E81328-0F6D-4B14-8AD7-C778B6687710}c:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= TCP:c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{CF7B8506-AF94-48DB-86B5-6917A75883D5}c:\\program files\\steam\\steamapps\\_kirby2_\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\day of defeat source\hl2.exe:hl2
"UDP Query User{98F6B701-FE00-427F-8AB9-00D570704CF5}c:\\program files\\steam\\steamapps\\_kirby2_\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\day of defeat source\hl2.exe:hl2
"TCP Query User{7F6E6DEC-ADD4-4133-A784-C01E84DA47E1}c:\\program files\\steam\\steamapps\\_kirby2_\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\counter-strike source\hl2.exe:hl2
"UDP Query User{0EB03737-BFE6-430D-A304-FABE3DF1C62B}c:\\program files\\steam\\steamapps\\_kirby2_\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\counter-strike source\hl2.exe:hl2
"TCP Query User{61803FB8-5B92-4839-981E-C214671F4743}c:\\program files\\steam\\steamapps\\_kirby2_\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\source sdk base\hl2.exe:hl2
"UDP Query User{20B7B966-DC37-43C8-9963-90E50AE85B23}c:\\program files\\steam\\steamapps\\_kirby2_\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\source sdk base\hl2.exe:hl2
"{FEA6C560-D263-4EFE-BBF6-E2B0CA327ED0}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{C4A751E9-DC68-4E7B-985F-13A885AB7461}"= Disabled:UDP:c:\users\brandon\AppData\Local\Temp\7zS2B86.tmp\setup\HPZnui01.exe:hpznui01.exe
"{48038FA4-715A-4617-AFAC-DB444E4878EC}"= Disabled:TCP:c:\users\brandon\AppData\Local\Temp\7zS2B86.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{E88159C9-374E-478E-99C3-6BC8A8E9C5D7}c:\\program files\\steam\\steamapps\\_kirby2_\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\insurgency\hl2.exe:hl2
"UDP Query User{2D0EE913-B8FF-4AA3-A1BC-E38CDC1DBF01}c:\\program files\\steam\\steamapps\\_kirby2_\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\insurgency\hl2.exe:hl2
"TCP Query User{DB12CC7B-C353-4D76-8BCE-590C4A61DED1}c:\\program files\\steam\\steamapps\\_kirby2_\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\_kirby2_\zombie panic! source\hl2.exe:hl2
"UDP Query User{DC647F63-7455-4384-959B-E2384C93A90E}c:\\program files\\steam\\steamapps\\_kirby2_\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\_kirby2_\zombie panic! source\hl2.exe:hl2
"TCP Query User{D3F6FDF8-142E-4B9C-BFB4-DCF8C8557A31}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds
"UDP Query User{A744650F-B610-47B9-9DD8-0EC4A23F81E4}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds
"TCP Query User{EDA382D7-E09F-4EE5-9FC5-EE518104CE70}c:\\program files\\steam\\steamapps\\common\\dead space\\dead space.exe"= UDP:c:\program files\steam\steamapps\common\dead space\dead space.exe:Dead Space ™
"UDP Query User{7289D32E-34F9-4ADB-8FAB-A15C17CA7CD6}c:\\program files\\steam\\steamapps\\common\\dead space\\dead space.exe"= TCP:c:\program files\steam\steamapps\common\dead space\dead space.exe:Dead Space ™
"{F001C3AB-C7D4-4B70-B640-406125D855E9}"= UDP:c:\program files\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe:STALKER: Clear Sky
"{1FA25B88-E6DD-4BDE-BE29-E9B524A039F5}"= TCP:c:\program files\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe:STALKER: Clear Sky
"{671F1D65-05A1-4672-8C89-5B23DBCB01EC}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{4C755935-E742-481B-9E1C-7659C1FD3D4E}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{FFE0444D-FB86-4353-B439-8429F3B3F114}"= UDP:c:\program files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:STALKER: Shadow of Chernobyl
"{83FF8197-ACF7-4D89-AF43-71EEABE7AEB5}"= TCP:c:\program files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:STALKER: Shadow of Chernobyl
"{552734BA-47DB-4092-9005-DA06FA3A2B10}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{240A6346-8486-44A3-88C3-2B0A504B5F95}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{CFD6C4E1-8B4C-4CDA-A75A-676017259DF5}"= UDP:c:\program files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:World of Goo
"{8295A911-61A3-41B4-958A-894CE229AD54}"= TCP:c:\program files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:World of Goo
"{66F56B15-C511-43F7-AE4A-5819E634F616}"= UDP:c:\program files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:Bioshock
"{25371602-5F41-4E84-B323-08974227F864}"= TCP:c:\program files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:Bioshock
"{0A88D0F0-B7F7-47E7-B1BA-5B8379460055}"= UDP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3
"{6555B073-F601-4A80-B469-6EA9D455D3D8}"= TCP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3
"{E2C9AD58-4153-4745-801A-0F3A37E42A10}"= UDP:c:\program files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:Defense Grid: The Awakening
"{B65043E1-D937-4613-9558-7A0648D7A33B}"= TCP:c:\program files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:Defense Grid: The Awakening
"TCP Query User{B8ED38DC-F94E-4B97-A87C-95CBF095BB83}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8C308B0F-7818-4F0D-9ED9-733B36D11DAA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3F8CA7FE-C788-46E5-8879-CA17867301E6}"= UDP:c:\program files\Steam\steamapps\common\multiwinia\multiwinia.exe:Multiwinia
"{7FCE7A31-78D8-43D2-9383-B99E9318F30F}"= TCP:c:\program files\Steam\steamapps\common\multiwinia\multiwinia.exe:Multiwinia
"{38E1E46F-F75C-48DC-BE3C-41DB6E67FFC2}"= UDP:c:\program files\Steam\steamapps\common\world in conflict\wic.exe:World in Conflict
"{6F7D8872-6FE8-45E8-B425-719CCB7E3CD6}"= TCP:c:\program files\Steam\steamapps\common\world in conflict\wic.exe:World in Conflict
"TCP Query User{776D0F36-34CB-483C-A369-C93DED80A50C}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"UDP Query User{3198EF9C-D69B-4543-9443-1D5A6C9BF7BD}c:\\program files\\steam\\steamapps\\common\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager
"{2B6E97D1-C73E-455A-B60E-C34A61F5652B}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{9B1BB567-819A-46CD-9315-2BA6C7D212AE}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{4F5A3A80-5B47-4A33-B536-C1905C5C354E}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{24A20038-8F85-4449-A150-BF800C0E902B}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{07791956-DF1B-4E09-9E3B-9743A5D09BAF}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0D471FBB-55E0-448E-A966-DD875BE7ED62}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{555567FB-6E6E-47EC-B3F0-2996F294D82F}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{0210520E-5C9A-4EE5-8749-4BD7486485CC}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B92C7F29-7C6A-4A2A-962C-F11244D1BCBE}"= UDP:c:\program files\Steam\steamapps\common\eve online\eve.exe:EVE Online Demo
"{71A922B1-E5E3-4E7E-9659-732FD19DF48C}"= TCP:c:\program files\Steam\steamapps\common\eve online\eve.exe:EVE Online Demo
"TCP Query User{45C98667-9D09-4585-A829-F6B6BD722F47}c:\\program files\\steam\\steamapps\\common\\eve online\\bin\\exefile.exe"= UDP:c:\program files\steam\steamapps\common\eve online\bin\exefile.exe:CCP ExeFile
"UDP Query User{9DCA7F3E-324A-4899-B881-F86828682D6A}c:\\program files\\steam\\steamapps\\common\\eve online\\bin\\exefile.exe"= TCP:c:\program files\steam\steamapps\common\eve online\bin\exefile.exe:CCP ExeFile

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [7/18/2008 5:38 PM 4608]
R2 atisvc_ekylmf;atisvc_ekylmf;c:\windows\System32\letlfch\atisvc_ekylmf.exe [5/25/2009 11:54 AM 454063]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [11/21/2007 11:35 AM 569344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: **{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
FF - ProfilePath - c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jk7qo3ig.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\1304043.dll
FF - component: c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jk7qo3ig.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jk7qo3ig.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 10:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-803882144-954943098-977685452-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4c,e3,88,ae,e7,5f,d5,5b,57,a8,a5,1c,3f,42,3f,04,5b,45,98,99,c9,df,ac,
c8,a1,09,77,00,56,ba,99,05,20,81,f8,8b,91,6e,f5,e2,06,87,42,95,95,a2,d4,0a,\
"??"=hex:fa,51,9e,ee,c6,98,ff,5f,f0,dc,2e,25,e8,5a,bf,93

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-07 10:55
ComboFix-quarantined-files.txt 2009-06-07 17:55

Pre-Run: 110,902,714,368 bytes free
Post-Run: 110,927,241,216 bytes free

249 --- E O F --- 2009-06-04 17:53

[chemist]

Hello again, Sir Lost A Lot. I don't see anything in your logs. Are you still getting redirected? Do you also get redirected in FireFox?

Please reset your IE default settings by doing the following:

• Close any Internet Explorer or Windows Explorer windows that are currently open.
• Go Start > Internet Explorer
• Click the Tools menu, and then click Internet Options
• On the Advanced tab, click Reset
• In the Reset Internet Explorer Settings dialog box, click Reset
• When Internet Explorer 8 finishes restoring the default settings, click Close, and then click OK two times.
• Close Internet Explorer 8. The changes take effect the next time that you open Internet Explorer 8.

------------------------------------------------------

[Sir Lost A Lot]

The problem is still there and with Firefox the pages that don't work just become blank

[chemist]

Hello again, Sir Lost A Lot.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Have you tried a hard reset of your router/modem? Please see if this solves your issue:

http://www.ehow.com/how_2121711_rebo...dsl-modem.html

http://www.ehow.com/how_2242009_rese...dsl-modem.html

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs and Features):

Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 12

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to Yahoo Toolbar for Firefox/Mozilla or MSN Toolbar unless you want it.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Right-click ATF-Cleaner.exe and choose Run as Administrator to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

[Sir Lost A Lot]

I am unable to use the Kaspersky Online Scanner, because the virus or whatever it is, keeps redirecting me

[chemist]

Did you reset your router/modem?

Try copy/pasting the link directly into your browser:

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

------------------------------------------------------

[Sir Lost A Lot]

Yes I have tried resetting and the problem is still there. Also I still can't use the link even when I put it straight into my browser

[chemist]

Hello again, Sir Lost A Lot. Did you reset both your router and your modem? Just trying to make sure.

• Download RegSearch.zip and Save it to your Desktop.
• Double-click on the regsearch.zip folder and click Extract all files
• Follow the Extraction Wizard by clicking Next, and finally Finish
• Double-click RegSearch.exe to launch the program and click Run
• Enter the following bolded text into the very first Enter search strings box and click OK
  
  navcancl.htm
  
  
• After completion Notepad will be opened with all the found instances of the string.
• The resulting file is saved in the same location as RegSearch.exe
• Please copy/paste that file in your next reply.

------------------------------------------------------

[Sir Lost A Lot]

Yes, I reset both of them.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/10/2009 10:58:23 AM for strings:
; 'navcancl.htm'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
"DesktopItemNavigationFailure"="res://ieframe.dll/navcancl.htm"
"NavigationCanceled"="res://ieframe.dll/navcancl.htm"

; End Of The Log...

[chemist]

Hello again, Sir Lost A Lot.

Go Start > Run and copy/paste the following into the Run box and click OK:

notepad C:\Windows\System32\Drivers\etc\hosts

A Notepad file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

[Sir Lost A Lot]

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

[chemist]

Did you try the Kaspersky scan with Firefox? If you still can't, can you update Avira? If so, update Avira and do a full system scan.

At the end of the scan, click 'Report' and post the log in your next reply.

------------------------------------------------------

Can you think of anything you did like install a program, etc. about the same time this problem started? How long ago did you upgrade to IE8?

Do you use IE7Pro add-on? Try disabling it under Tools > Manage Add-ons. Does that make a difference?

------------------------------------------------------

[Sir Lost A Lot]

Avira AntiVir Personal
Report file date: Friday, June 12, 2009 09:38

Scanning for 1462412 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BRANDON-PC

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 5/15/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/26/2008 04:47:07
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/18/2008 23:21:06
LUKE.DLL : 8.1.4.5 164097 Bytes 7/18/2008 23:21:06
LUKERES.DLL : 8.1.4.0 12033 Bytes 7/18/2008 23:21:06
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 01:08:55
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 02:05:15
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 01:44:57
ANTIVIR3.VDF : 7.1.4.82 321024 Bytes 6/10/2009 17:51:17
Engineversion : 8.2.0.183
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/1/2009 03:24:58
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/17/2009 12:55:01
AESCN.DLL : 8.1.2.3 127347 Bytes 5/17/2009 12:55:00
AERDL.DLL : 8.1.1.3 438645 Bytes 11/6/2008 01:24:40
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 01:44:51
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 05:41:47
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/17/2009 12:54:59
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 05:41:44
AEGEN.DLL : 8.1.1.45 348532 Bytes 6/10/2009 17:51:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/16/2008 01:35:46
AECORE.DLL : 8.1.6.12 180599 Bytes 5/28/2009 01:44:49
AEBB.DLL : 8.1.0.3 53618 Bytes 10/16/2008 01:35:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/18/2008 23:21:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/18/2008 23:21:06
AVREP.DLL : 8.0.0.3 155688 Bytes 4/20/2009 21:43:47
AVREG.DLL : 8.0.0.1 33537 Bytes 7/18/2008 23:21:06
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/18/2008 23:21:06
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/18/2008 23:21:06
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/18/2008 23:21:04
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/18/2008 23:21:04

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Skipped files....................: C:\Program Files\AruaROSE,

Start of the scan: Friday, June 12, 2009 09:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'WlanMon.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'atisvc_ekylmf.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atisvc_ekylmf.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\brandon\Downloads\tremulous-1.1.0-installer(2).exe.part
[0] Archive type: NSIS
--> [ProgramFilesDir]/Tremulous/map-arachnid2-1.1.0.pk3
[WARNING] No further files can be extracted from this archive. The archive will be closed


End of the scan: Friday, June 12, 2009 10:47
Used time: 1:08:20 Hour(s)

The scan has been done completely.

35596 Scanning directories
506831 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
506829 Files not concerned
2986 Archives were scanned
3 Warnings
0 Notes

[chemist]

Please answer my questions.

[Sir Lost A Lot]

Can't use Firefox for the scan either, didn't install any new programs around the time the problem started,nupgraded to EI8 around a month or 2 ago, and I don't use IE7 pro addon

[chemist]

Did you try disabling IE7Pro? Go Start > Run and copy/paste the following into the Run box and click OK:

iexplore.exe -extoff

Do you still get redirected?

------------------------------------------------------