Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect virus problem

Started by Balex_balex , Mar 24 2011 01:09 PM

  • Please log in to reply

#1
Balex_balex
Posted 24 March 2011 - 01:09 PM

Balex_balex

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I am having a trouble with the google redirect virus. After I perform a search in google and click onto any link, I am quite often (approx every second time) get redirected to malware sites. I run 64-bit Windows 7 on my laptop, use Mozilla Firefox 4 and Nod 32 v4. I have tried the following:

-Running full clean by NOD 32, running full scan by MalwareBytes and by SuperAntiSpyware independently with all other applications closed in safe mode. The programs did find cookies, but after the second run they found nothing, whereas the links were still redirectred.
-I also followed your and one other guide. Namely, last time I tried OTM+GooredFix+TDSKiller, but that wouldn't help again. Notice, that TDSKiller, doesn't find anything on my computer.

Additional details:
-The program occurs when I use the laptop at different places (at home, at work,...)
-Right after I do cleanup(say, after following the steps of your guide) the first 2-3 times google search works fine, then after next click on a search results link, there is a delay of few seconds(normaly everything works faster), and then it goes to a wrong site.

Below I attach the OTL results, as prompted by your guide. I would be very grateful if you helped me to cure this nasty virus, because it really seems to be a disaster. Thank you!



OTL logfile created on: 2011-03-24 19:45:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Acer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 245,91 Gb Free Space | 85,99% Space Free | Partition Type: NTFS
Drive D: | 146,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 232,83 Gb Total Space | 8,80 Gb Free Space | 3,78% Space Free | Partition Type: FAT32

Computer Name: ACER-DATOR | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-03-24 19:43:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
PRC - [2011-03-19 18:47:56 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe
PRC - [2011-03-18 19:06:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-01-14 12:33:16 | 000,810,144 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010-09-06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010-04-16 18:46:06 | 013,791,152 | ---- | M] (Ritlabs S.R.L.) -- C:\Program Files (x86)\The Bat!\thebat.exe
PRC - [2010-01-22 09:10:50 | 001,287,760 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010-01-22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010-01-22 09:10:50 | 000,268,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010-01-13 03:25:10 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010-01-07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009-12-24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009-12-24 02:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009-12-09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-12-09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-09-10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009-08-28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009-08-04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program\Acer\Acer Updater\UpdaterService.exe
PRC - [2009-03-12 23:06:38 | 000,258,048 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\ABBYY Lingvo 12\LvAgent.exe


========== Modules (SafeList) ==========

MOD - [2011-03-24 19:43:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-01-14 12:33:54 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011-01-14 12:33:16 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-06-29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010-09-06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010-01-18 18:55:46 | 000,842,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010-01-16 04:51:02 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010-01-07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009-12-24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009-12-09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009-12-09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009-09-10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009-08-28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009-08-10 21:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010-09-23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009-12-18 04:38:54 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-12-17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-12-11 09:25:06 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009-12-10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009-12-09 06:18:34 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009-12-02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009-11-26 22:15:12 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009-11-06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-10-26 05:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009-10-16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009-09-17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009-06-02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009-06-02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2010-02-17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010-02-17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009-08-07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z115t4422j40n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z115t4422j40n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z115t4422j40n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z115t4422j40n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z115t4422j40n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z115t4422j40n
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-03-23 12:31:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-03-23 12:31:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-03-20 13:54:41 | 000,000,000 | ---D | M]

[2011-03-04 23:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2011-03-23 22:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions
[2011-03-06 12:38:09 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2011-03-19 18:48:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011-03-23 12:32:50 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011-03-12 12:04:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-06 12:38:08 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011-03-06 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011-03-23 22:51:02 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011-03-06 12:38:05 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011-03-06 12:38:09 | 000,000,000 | ---D | M] (Downloads in Tab) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\[email protected]
[2011-03-23 12:32:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\[email protected]
[2011-03-06 12:38:09 | 000,000,000 | ---D | M] (The DoGooder) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\replacer@dogoodhq
[2011-03-10 23:08:16 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\[email protected]
[2011-03-06 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\nhsp4brk.Alexey\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011-03-19 18:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\wot1n2o8.default\extensions
[2011-03-19 18:48:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\wot1n2o8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011-03-06 12:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\wot1n2o8.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010-05-12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\wot1n2o8.default\searchplugins\icqplugin.xml
[2011-03-23 12:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-03-05 01:16:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-03-18 19:06:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010-01-01 09:00:00 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-01-01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010-01-01 09:00:00 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010-01-01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010-01-01 09:00:00 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010-01-01 09:00:00 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2011-03-24 19:23:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo 12\Lvagent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Translate with ABBYY &Lingvo... - C:\Program Files (x86)\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - C:\Program Files (x86)\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))
O9:64bit: - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.235.132.90
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-03-24 19:43:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2011-03-24 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\GooredFix Backups
[2011-03-24 19:23:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011-03-24 19:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-03-24 19:16:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Acer\Desktop\GooredFix.exe
[2011-03-24 19:15:31 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTM.exe
[2011-03-24 19:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011-03-24 19:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011-03-24 14:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Registry Repair
[2011-03-24 14:40:28 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\GlarySoft
[2011-03-24 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2011-03-24 14:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011-03-24 14:16:34 | 000,000,000 | ---D | C] -- C:\rei
[2011-03-24 14:16:32 | 000,000,000 | ---D | C] -- C:\Program\Reimage
[2011-03-24 14:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011-03-24 14:12:21 | 000,000,000 | ---D | C] -- C:\Program\CCleaner
[2011-03-24 14:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeReturner
[2011-03-24 14:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe Returner
[2011-03-24 14:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Returner
[2011-03-24 14:07:13 | 003,676,946 | ---- | C] (SafeReturner Anti-Malware Studio ) -- C:\Users\Acer\Desktop\safereturner.exe
[2011-03-24 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\tdsskiller
[2011-03-24 00:27:11 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com
[2011-03-24 00:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-03-24 00:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011-03-24 00:27:05 | 000,000,000 | ---D | C] -- C:\Program\SUPERAntiSpyware
[2011-03-23 23:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011-03-23 22:56:30 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Acer\Desktop\tdsskiller.exe
[2011-03-23 22:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011-03-23 21:41:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-03-23 21:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-03-23 21:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-03-23 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Acer\Tracing
[2011-03-23 20:47:59 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2011-03-23 20:46:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011-03-23 20:46:05 | 000,000,000 | ---D | C] -- C:\Program\Windows Live
[2011-03-23 20:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011-03-23 20:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011-03-23 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Windows Live
[2011-03-23 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011-03-23 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011-03-23 17:52:38 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011-03-20 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\ESET
[2011-03-20 13:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011-03-20 13:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011-03-20 13:54:41 | 000,000,000 | ---D | C] -- C:\Program\ESET
[2011-03-19 19:03:39 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\ICQ
[2011-03-19 18:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011-03-19 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011-03-19 18:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011-03-19 18:47:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\ICQ
[2011-03-19 18:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011-03-14 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop'
[2011-03-12 15:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-03-10 19:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011-03-10 19:47:20 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Diagnostics
[2011-03-07 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Media Player Classic
[2011-03-06 23:52:12 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2011-03-06 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-03-06 23:52:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-03-06 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Mathematica
[2011-03-06 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Mathematica
[2011-03-06 21:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2011-03-06 21:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
[2011-03-06 20:56:55 | 000,369,680 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i3.dll
[2011-03-06 20:56:55 | 000,333,840 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcpip32.mlp
[2011-03-06 20:56:55 | 000,260,112 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i2.dll
[2011-03-06 20:56:55 | 000,253,968 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i1.dll
[2011-03-06 20:56:55 | 000,167,952 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmodule32.dll
[2011-03-06 20:56:55 | 000,093,712 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcp32.mlp
[2011-03-06 20:56:55 | 000,088,080 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlshm32.mlp
[2011-03-06 20:56:55 | 000,079,376 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmap32.mlp
[2011-03-06 20:56:54 | 000,462,864 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcpip64.mlp
[2011-03-06 20:56:54 | 000,436,240 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i3.dll
[2011-03-06 20:56:54 | 000,302,608 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i2.dll
[2011-03-06 20:56:54 | 000,203,792 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlmodule64.dll
[2011-03-06 20:56:54 | 000,103,440 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcp64.mlp
[2011-03-06 20:56:54 | 000,099,344 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlshm64.mlp
[2011-03-06 20:55:11 | 000,000,000 | ---D | C] -- C:\Program\Wolfram Research
[2011-03-06 03:25:19 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\WinEdt
[2011-03-06 03:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt
[2011-03-06 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinEdt Team
[2011-03-06 03:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2011-03-06 03:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ghostgum
[2011-03-06 03:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.7
[2011-03-06 03:15:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\MiKTeX
[2011-03-06 03:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2011-03-06 02:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.7
[2011-03-06 02:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011-03-06 02:54:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Last.fm
[2011-03-06 02:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011-03-06 02:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2011-03-06 02:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-03-06 02:48:45 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011-03-06 02:48:45 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011-03-06 02:48:45 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011-03-06 02:48:44 | 000,683,520 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2011-03-06 02:48:44 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011-03-06 02:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011-03-06 02:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY Lingvo 12
[2011-03-06 02:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2011-03-06 02:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY Lingvo 12
[2011-03-06 02:33:49 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\OneNote-anteckningsböcker
[2011-03-06 02:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011-03-06 02:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011-03-06 02:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-03-06 02:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011-03-06 02:28:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-03-06 02:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011-03-06 02:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011-03-06 02:26:03 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Office
[2011-03-06 02:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011-03-06 02:24:49 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Microsoft Help
[2011-03-06 02:24:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011-03-06 02:11:59 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011-03-06 02:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011-03-06 02:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011-03-06 02:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011-03-06 02:11:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Winamp
[2011-03-06 02:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011-03-06 01:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011-03-06 01:24:40 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Adobe
[2011-03-06 01:04:57 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Miranda IM Native Profiles
[2011-03-05 12:01:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-03-05 12:01:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-03-05 02:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011-03-05 02:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-03-05 02:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011-03-05 01:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
[2011-03-05 01:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Bat!
[2011-03-05 01:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2011-03-05 01:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDjView
[2011-03-05 01:29:08 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-03-05 01:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-03-05 01:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011-03-05 01:26:39 | 000,000,000 | ---D | C] -- C:\Soft
[2011-03-05 01:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011-03-05 01:22:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\BitTorrent
[2011-03-05 01:17:56 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\skypePM
[2011-03-05 01:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-03-05 01:16:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011-03-05 01:16:45 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Skype
[2011-03-05 01:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-03-04 23:56:43 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Mozilla
[2011-03-04 23:56:43 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Mozilla
[2011-03-04 23:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-03-04 23:32:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011-03-04 23:32:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011-03-04 23:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011-03-04 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2011-03-04 19:34:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011-03-04 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2011-03-04 19:33:39 | 000,000,000 | ---D | C] -- C:\Program\SiSoftware
[2011-03-04 19:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2011-03-04 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Adobe
[2011-03-04 19:00:49 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Google
[2011-03-04 19:00:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Google
[2010-01-16 04:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-03-24 19:43:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2011-03-24 19:35:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-03-24 19:35:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-03-24 19:28:14 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-03-24 19:28:11 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\Slnxmcjuv.job
[2011-03-24 19:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-03-24 19:28:03 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-24 19:23:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011-03-24 19:16:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Acer\Desktop\GooredFix.exe
[2011-03-24 19:15:35 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTM.exe
[2011-03-24 19:15:00 | 000,001,112 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011-03-24 19:14:54 | 000,000,932 | ---- | M] () -- C:\Users\Acer\Desktop\NTREGOPT.lnk
[2011-03-24 19:14:54 | 000,000,913 | ---- | M] () -- C:\Users\Acer\Desktop\ERUNT.lnk
[2011-03-24 19:01:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-03-24 14:40:29 | 000,001,021 | ---- | M] () -- C:\Users\Acer\Desktop\Glary Registry Repair.lnk
[2011-03-24 14:40:29 | 000,000,143 | ---- | M] () -- C:\Users\Acer\Desktop\Glary Utilities Freeware.url
[2011-03-24 14:29:26 | 000,000,232 | ---- | M] () -- C:\Windows\reimage.ini
[2011-03-24 14:16:34 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011-03-24 14:12:22 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011-03-24 14:08:26 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2011-03-24 14:08:26 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Kill Rogue Process.lnk
[2011-03-24 14:07:29 | 003,676,946 | ---- | M] (SafeReturner Anti-Malware Studio ) -- C:\Users\Acer\Desktop\safereturner.exe
[2011-03-24 14:01:47 | 001,263,721 | ---- | M] () -- C:\Users\Acer\Desktop\tdsskiller.zip
[2011-03-24 00:32:17 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-03-23 22:56:45 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Acer\Desktop\tdsskiller.exe
[2011-03-23 22:54:36 | 000,512,992 | ---- | M] () -- C:\Users\Acer\Desktop\sdasetup_revwire207.exe
[2011-03-23 21:41:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-23 21:18:45 | 000,000,027 | ---- | M] () -- C:\Users\Acer\Desktop\hosts
[2011-03-23 18:54:42 | 034,107,667 | ---- | M] () -- C:\Users\Acer\Desktop\Project_Main_12.nb
[2011-03-23 18:13:44 | 000,002,971 | ---- | M] () -- C:\Users\Acer\Desktop\HiJackThis.lnk
[2011-03-23 13:45:24 | 033,701,658 | ---- | M] () -- C:\Users\Acer\Desktop\Project_Main_11.nb
[2011-03-23 12:31:53 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-03-20 23:25:36 | 000,001,304 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
[2011-03-20 16:14:27 | 000,121,758 | ---- | M] () -- C:\Users\Acer\Desktop\Test for project.nb
[2011-03-20 13:29:38 | 000,000,482 | ---- | M] () -- C:\Users\Acer\Desktop\Kotta.rtf
[2011-03-17 20:05:03 | 000,012,088 | ---- | M] () -- C:\Users\Acer\Desktop\Structure.nb
[2011-03-15 00:50:38 | 032,770,459 | ---- | M] () -- C:\Users\Acer\Desktop\Project_Main_10.nb
[2011-03-13 17:56:33 | 000,026,015 | ---- | M] () -- C:\Users\Acer\Documents\Cover letter_Malevich.pdf
[2011-03-13 17:55:44 | 000,059,910 | ---- | M] () -- C:\Users\Acer\Documents\Curriculum Vitae_Malevich.pdf
[2011-03-13 15:06:19 | 001,466,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-03-13 15:06:19 | 000,625,772 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011-03-13 15:06:19 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-03-13 15:06:19 | 000,123,894 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011-03-13 15:06:19 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-03-13 14:58:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-03-11 17:20:06 | 032,210,356 | ---- | M] () -- C:\Users\Acer\Desktop\Project_Main_9.nb
[2011-03-06 23:03:55 | 000,434,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-03-06 21:29:25 | 000,143,360 | RHS- | M] () -- C:\Windows\SysWow64\vsstracea.dll
[2011-03-06 03:24:26 | 000,001,483 | ---- | M] () -- C:\Users\Acer\gsview32.ini
[2011-03-06 01:56:41 | 000,044,793 | ---- | M] () -- C:\Users\Public\Documents\dll
[2011-03-05 01:18:00 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011-03-04 23:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-03-04 23:54:02 | 011,010,048 | ---- | M] () -- C:\ProgramData\sandra.mda
[2011-03-04 23:32:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011-03-04 23:32:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-03-24 19:15:00 | 000,001,112 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011-03-24 19:14:54 | 000,000,932 | ---- | C] () -- C:\Users\Acer\Desktop\NTREGOPT.lnk
[2011-03-24 19:14:54 | 000,000,913 | ---- | C] () -- C:\Users\Acer\Desktop\ERUNT.lnk
[2011-03-24 14:40:29 | 000,001,021 | ---- | C] () -- C:\Users\Acer\Desktop\Glary Registry Repair.lnk
[2011-03-24 14:40:29 | 000,000,143 | ---- | C] () -- C:\Users\Acer\Desktop\Glary Utilities Freeware.url
[2011-03-24 14:16:58 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011-03-24 14:16:34 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011-03-24 14:12:22 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011-03-24 14:08:26 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2011-03-24 14:08:26 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Kill Rogue Process.lnk
[2011-03-24 14:01:18 | 001,263,721 | ---- | C] () -- C:\Users\Acer\Desktop\tdsskiller.zip
[2011-03-24 00:27:07 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-03-23 22:54:32 | 000,512,992 | ---- | C] () -- C:\Users\Acer\Desktop\sdasetup_revwire207.exe
[2011-03-23 21:41:14 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-23 21:18:01 | 000,000,027 | ---- | C] () -- C:\Users\Acer\Desktop\hosts
[2011-03-23 20:47:42 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011-03-23 20:47:33 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011-03-23 20:47:19 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011-03-23 20:46:57 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011-03-23 18:13:44 | 000,002,971 | ---- | C] () -- C:\Users\Acer\Desktop\HiJackThis.lnk
[2011-03-23 13:46:20 | 034,107,667 | ---- | C] () -- C:\Users\Acer\Desktop\Project_Main_12.nb
[2011-03-23 12:31:53 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-03-23 12:31:53 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-03-21 23:00:57 | 033,701,658 | ---- | C] () -- C:\Users\Acer\Desktop\Project_Main_11.nb
[2011-03-20 14:28:43 | 000,121,758 | ---- | C] () -- C:\Users\Acer\Desktop\Test for project.nb
[2011-03-20 13:29:38 | 000,000,482 | ---- | C] () -- C:\Users\Acer\Desktop\Kotta.rtf
[2011-03-17 20:05:03 | 000,012,088 | ---- | C] () -- C:\Users\Acer\Desktop\Structure.nb
[2011-03-17 14:40:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-03-14 22:21:24 | 032,770,459 | ---- | C] () -- C:\Users\Acer\Desktop\Project_Main_10.nb
[2011-03-13 17:56:32 | 000,026,015 | ---- | C] () -- C:\Users\Acer\Documents\Cover letter_Malevich.pdf
[2011-03-13 17:55:43 | 000,059,910 | ---- | C] () -- C:\Users\Acer\Documents\Curriculum Vitae_Malevich.pdf
[2011-03-13 14:58:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-03-13 14:49:01 | 032,210,356 | ---- | C] () -- C:\Users\Acer\Desktop\Project_Main_9.nb
[2011-03-06 21:29:25 | 000,143,360 | RHS- | C] () -- C:\Windows\SysWow64\vsstracea.dll
[2011-03-06 21:29:25 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\Slnxmcjuv.job
[2011-03-06 03:22:08 | 000,001,483 | ---- | C] () -- C:\Users\Acer\gsview32.ini
[2011-03-06 02:48:47 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-03-06 02:48:46 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011-03-06 02:48:44 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011-03-06 02:48:44 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-03-06 02:48:44 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-03-06 02:48:43 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-03-06 02:33:53 | 000,001,304 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
[2011-03-06 01:10:53 | 000,044,793 | ---- | C] () -- C:\Users\Public\Documents\dll
[2011-03-06 00:30:17 | 000,001,861 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat!.LNK
[2011-03-05 01:56:11 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-03-05 01:56:10 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-03-05 01:18:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-03-04 23:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-04 19:33:49 | 011,010,048 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011-03-04 18:55:26 | 000,001,455 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2010-01-16 04:12:47 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010-01-16 04:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010-01-16 04:12:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010-01-16 04:12:46 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010-01-16 04:12:46 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011-03-24 14:28:14 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BitTorrent
[2011-03-24 14:41:13 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GlarySoft
[2011-03-24 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ICQ
[2011-03-06 01:04:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Miranda IM Native Profiles
[2011-03-20 14:28:06 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WinEdt
[2009-07-14 06:08:49 | 000,014,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-03-24 19:28:11 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\Slnxmcjuv.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-03-12 21:22:18 | 000,018,330 | ---- | M] ()(C:\Users\Acer\Desktop\?????? ???????.docx) -- C:\Users\Acer\Desktop\Список физиков.docx
[2011-03-12 21:22:18 | 000,018,330 | ---- | C] ()(C:\Users\Acer\Desktop\?????? ???????.docx) -- C:\Users\Acer\Desktop\Список физиков.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP