Inactive The Google redirect virus

cjsrulz · Jul 27, 2011

And part 2 of my scan:

[2011/04/03 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.doomseeker
[2011/07/16 11:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2009/11/14 17:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clickteam
[2011/06/19 08:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/14 21:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DragonicaSCB
[2011/04/27 22:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/06/18 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hi-Rez Studios
[2011/06/11 17:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ijjigame
[2010/04/18 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KDE
[2011/07/26 21:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2011/03/10 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2011/07/17 18:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManyCam
[2011/07/26 21:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2010/08/23 20:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MySQL
[2010/08/20 19:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2010/08/12 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/07/17 16:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/04/09 23:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2009/11/13 20:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Chair Software
[2011/05/15 16:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2010/01/10 00:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2010/03/19 21:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/04/04 20:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/12/07 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/12/14 00:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Touchstone
[2011/07/26 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2011/07/24 22:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/11/06 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 15:08:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/17 00:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/07 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/07/17 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/03/19 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/09/20 13:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/06/05 01:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/17 16:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/06/28 01:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/30 01:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/06 15:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2011/06/28 01:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/10/28 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/26 00:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/07/26 21:34:48 | 000,032,496 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========
That's it

Broni · Jul 27, 2011

OTL.txt log is incomplete.
Extras.txt log is missing.
Please redo.

Can you check if IE is getting redirected as well?

cjsrulz · Jul 28, 2011

Sorry about not responding, busy day!
Anyway I did a quick scan again, but when it finished it never gave me an extras.log file. Also on IE I do not get directed

.

cjsrulz · Jul 28, 2011

And heres part one of the Updated OTL:
OTL logfile created on: 7/28/2011 1:10:44 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.41% Memory free
5.75 Gb Paging File | 4.55 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 646.33 Gb Free Space | 69.39% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CALVIN-6YRW29RV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 01:09:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/07/28 01:05:44 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/06/23 15:00:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/26 10:49:49 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
PRC - [2008/07/23 18:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/12 12:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2007/02/18 11:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

========== Modules (SafeList) ==========

MOD - [2011/07/28 01:09:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2011/07/27 15:09:21 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/13 18:37:56 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2010/09/07 18:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2006/03/29 05:00:00 | 000,796,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2006/03/29 05:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2006/03/29 05:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/21 12:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/11/14 22:57:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/03/29 05:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/03/29 05:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/12 14:55:18 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/03/29 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/27 15:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 15:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/11 16:56:23 | 000,000,000 | ---D | M]

[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/21 11:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions
[2011/07/20 13:03:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{1b1e3e9f-b94d-4738-ad18-9b070834d323}
[2010/07/22 11:57:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 21:55:58 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/01/12 16:27:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\searchplugins\conduit.xml
[2011/05/05 21:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 19:20:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G6ZM1OEA.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/07/27 15:13:53 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2009/10/25 22:54:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 15:00:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/19 17:44:17 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/23 08:38:49 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{6ec3fe1b-c19a-11de-883a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ec3fe1b-c19a-11de-883a-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ec3fe1b-c19a-11de-883a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1999/09/23 08:58:15 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/07/27 15:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/07/27 15:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/27 15:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/27 15:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 14:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/27 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2011/07/27 01:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/27 01:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/07/27 00:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Warcraft II Battle.net Edition
[2011/07/27 00:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\system64
[2011/07/27 00:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2011/07/27 00:53:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/27 00:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/27 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 23:15:45 | 000,098,304 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\W2BNEUnin.exe
[2011/07/26 23:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft II BNE
[2011/07/26 21:31:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/24 22:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/24 22:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/23 18:58:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/21 17:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BFBC2
[2011/07/17 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/07/17 16:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Origin
[2011/07/17 16:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin
[2011/07/17 16:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/07/17 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/17 16:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/07/15 19:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/07/15 19:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\{58DD9328-F612-41B7-8353-D3B190E70C7C}
[2011/07/12 21:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/07/01 16:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2011/07/01 16:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2011/07/01 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2011/06/29 00:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Cave Story Deluxe
[2011/06/29 00:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cave Story Deluxe
[2011/06/28 14:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Runes of Magic
[2011/06/28 03:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runes of Magic
[2011/06/28 03:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic
[2011/06/28 02:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/06/28 01:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/28 01:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/06/28 01:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/28 01:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/06/28 01:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/28 00:22:04 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 15:13:53 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/27 15:13:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\avg\incavi.avm
[2011/07/27 15:13:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\avg\iavichjw.avm
[2011/07/27 15:09:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 15:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 14:54:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2011/07/27 14:36:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/27 14:36:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2011/07/27 14:36:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2011/07/27 14:35:59 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/27 14:32:01 | 000,000,225 | -HS- | M] () -- C:\boot.ini
[2011/07/27 13:14:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 12:50:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/27 01:10:33 | 000,206,810 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BackupReg.reg
[2011/07/27 00:53:09 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 23:15:47 | 000,021,720 | ---- | M] () -- C:\WINDOWS\W2BNEUnin.dat
[2011/07/26 23:15:45 | 000,098,304 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\W2BNEUnin.exe
[2011/07/26 23:15:45 | 000,002,829 | ---- | M] () -- C:\WINDOWS\W2BNEUnin.pif
[2011/07/26 14:00:59 | 000,001,438 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/07/26 13:13:24 | 000,000,732 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 22:17:26 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/23 19:11:26 | 000,000,072 | ---- | M] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/23 18:19:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011/07/17 14:49:13 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2011/07/12 00:41:21 | 000,611,158 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011/07/04 00:30:36 | 002,434,856 | ---- | M] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

cjsrulz · Jul 28, 2011

Aaaaaand Part 2:
[2011/07/27 15:13:53 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/27 13:44:39 | 000,844,314 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxm.ocx
[2011/07/27 13:44:39 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2011/07/27 13:44:39 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2011/07/27 13:44:33 | 001,095,680 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.nld
[2011/07/27 13:44:33 | 000,937,984 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.sve
[2011/07/27 13:44:33 | 000,867,840 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.ita
[2011/07/27 13:44:33 | 000,786,944 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.fra
[2011/07/27 13:44:33 | 000,042,496 | ---- | C] () -- C:\WINDOWS\SysWow64\wiasf.ax
[2011/07/27 13:44:32 | 001,309,184 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.deu
[2011/07/27 13:44:32 | 000,957,440 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.enu
[2011/07/27 13:44:32 | 000,750,080 | ---- | C] () -- C:\WINDOWS\SysWow64\wbdbase.esn
[2011/07/27 13:44:32 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2011/07/27 13:44:31 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2011/07/27 13:44:28 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2011/07/27 13:44:27 | 001,290,240 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2011/07/27 13:44:27 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2011/07/27 13:44:27 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2011/07/27 13:44:27 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2011/07/27 13:44:27 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2011/07/27 13:44:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2011/07/27 13:44:25 | 000,004,310 | ---- | C] () -- C:\WINDOWS\SysWow64\odbcconf.rsp
[2011/07/27 13:44:23 | 000,008,117 | ---- | C] () -- C:\WINDOWS\SysWow64\msmqtrc.mof
[2011/07/27 13:44:22 | 000,148,992 | ---- | C] () -- C:\WINDOWS\SysWow64\mpg2splt.ax
[2011/07/27 13:44:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2011/07/27 13:44:22 | 000,062,976 | ---- | C] () -- C:\WINDOWS\SysWow64\mpeg2data.ax
[2011/07/27 13:44:22 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2011/07/27 13:44:21 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2011/07/27 13:44:19 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2011/07/27 13:44:19 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2011/07/27 13:44:17 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2011/07/27 13:44:16 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2011/07/27 13:44:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2011/07/27 13:44:11 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2011/07/27 13:44:11 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2011/07/27 13:43:56 | 000,024,541 | ---- | C] () -- C:\WINDOWS\SysWow64\ieuinit.inf
[2011/07/27 13:43:56 | 000,001,644 | ---- | C] () -- C:\WINDOWS\SysWow64\homepage.inf
[2011/07/27 13:43:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2011/07/27 13:43:43 | 000,056,678 | ---- | C] () -- C:\WINDOWS\SysWow64\eventvwr.msc
[2011/07/27 13:43:43 | 000,046,133 | ---- | C] () -- C:\WINDOWS\SysWow64\sqlsodbc.chm
[2011/07/27 13:43:38 | 000,003,167 | ---- | C] () -- C:\WINDOWS\SysWow64\rsaci.rat
[2011/07/27 13:42:29 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2011/07/27 13:42:08 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2011/07/27 01:10:31 | 000,206,810 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BackupReg.reg
[2011/07/27 00:53:09 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 23:15:47 | 000,021,720 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
[2011/07/26 23:15:45 | 000,002,829 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.pif
[2011/07/26 13:46:27 | 000,001,438 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2011/07/26 13:12:22 | 000,000,732 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 22:17:26 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 13:03:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/17 16:13:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/04 00:30:36 | 002,434,856 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/06/17 10:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2011/06/17 10:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2011/06/17 10:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2011/06/17 10:39:55 | 000,026,297 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/04 00:48:48 | 000,056,952 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/04/15 18:01:09 | 000,000,143 | ---- | C] () -- C:\WINDOWS\SysWow64\msexcr.ini
[2011/01/03 19:35:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls
[2010/10/26 19:57:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/07/09 01:54:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/07/05 23:08:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\SysWow64\rmc_rtspdl.dll
[2010/03/14 00:26:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe
[2010/03/14 00:26:59 | 000,036,110 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/03/06 01:50:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/25 22:32:03 | 001,970,176 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx9.dll
[2009/11/08 00:43:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/08 00:43:28 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 21:33:16 | 000,611,158 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/10/26 21:31:50 | 000,215,128 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2009/10/26 21:31:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2009/10/26 21:31:49 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2009/10/26 15:06:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2009/10/26 15:06:00 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2009/10/26 15:05:57 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2009/10/26 15:05:57 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2009/10/26 14:56:22 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2009/10/26 14:52:46 | 000,023,208 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/26 14:52:46 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2009/10/26 01:06:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 21:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/25 15:48:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/25 15:17:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\SysWow64\OpenQuicktimeLib.dll

========== LOP Check ==========

[2011/04/03 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.doomseeker
[2011/07/27 21:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2011/07/27 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2009/11/14 17:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clickteam
[2011/06/19 08:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/14 21:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DragonicaSCB
[2011/04/27 22:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/06/18 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hi-Rez Studios
[2011/06/11 17:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ijjigame
[2010/04/18 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KDE
[2011/07/27 15:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2011/03/10 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2011/07/17 18:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManyCam
[2011/07/27 11:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2010/08/23 20:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MySQL
[2010/08/20 19:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2010/08/12 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/07/17 16:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/04/09 23:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2009/11/13 20:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Chair Software
[2011/05/15 16:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2010/01/10 00:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2010/03/19 21:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/04/04 20:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/12/07 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/12/14 00:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Touchstone
[2011/07/27 01:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2011/07/24 22:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/27 15:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/27 15:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 15:08:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/17 00:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/07 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/07/17 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/03/19 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/09/20 13:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/07/27 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/05 01:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/17 16:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/06/28 01:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/30 01:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/06 15:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2011/06/28 01:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/10/28 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/26 00:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/07/27 15:07:58 | 000,032,582 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========

< End of report >
Thank you so much for sticking through this with me, you're a big help!

Broni · Jul 28, 2011

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

cjsrulz · Jul 28, 2011

Here's the log
GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:59 on 28/07/2011 (Administrator)
Firefox version 5.0 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{1b1e3e9f-b94d-4738-ad18-9b070834d323}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:11 06/05/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [05:55 26/10/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [02:20 13/05/2010]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [18:57 22/07/2010]
{dd3d7613-0246-469d-bc65-2a3cc1668adc} [04:55 03/01/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:00 17/11/2009]
"jqs@sun.com"="C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff" [05:54 26/10/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG10\Firefox4\" [22:13 27/07/2011]

-=E.O.F=-

Broni · Jul 28, 2011

How is redirection?

cjsrulz · Jul 28, 2011

Still Redirects on FF but on IE it doesn't

Broni · Jul 28, 2011

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

cjsrulz · Jul 28, 2011

That seems to have worked for now. Thanks for the help, I'll try to PM you if it acts up again!

Broni · Jul 28, 2011

Very well, but we need to run couple more steps...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Aug 2, 2011

Still with me?

Inactive The Google redirect virus

cjsrulz

Posts: 15 +0

Broni

Posts: 56,041 +516

cjsrulz

Posts: 15 +0

cjsrulz

Posts: 15 +0

cjsrulz

Posts: 15 +0

Broni

Posts: 56,041 +516

cjsrulz

Posts: 15 +0

Broni

Posts: 56,041 +516

cjsrulz

Posts: 15 +0

Broni

Posts: 56,041 +516

cjsrulz

Posts: 15 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts