Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need help removing Google Redirect Virus

Started by smatt00000 , May 21 2011 09:32 PM

  • Please log in to reply

#1
smatt00000
Posted 21 May 2011 - 09:32 PM

smatt00000

    New Member

  • Member
  • Pip
  • 7 posts
I've had the redirect virus for a while. I have tried using various anti-virus and malware programs with no luck. I have included an OTL quick scan.

OTL logfile created on: 5/21/2011 11:24:45 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.28 Gb Total Space | 82.11 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Drive L: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NEWCOMP | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 17:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/04/29 17:09:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 18:16:10 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/09/24 05:46:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 17:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/10 06:29:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 05:46:08 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 02:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 13:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 23:07:25 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/01 11:44:21 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 09:51:04 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 09:51:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 09:51:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 09:51:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/26 20:26:38 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090923.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/12/09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/12/07 11:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 11:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 11:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/08 05:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {70df8d13-bdd3-448e-944c-efde21b77161}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AAA46C78-D425-4A1D-8F71-B87748C37071}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/14 18:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 17:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 17:09:15 | 000,000,000 | ---D | M]

[2009/09/24 06:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/05/21 20:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions
[2010/07/23 21:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 06:34:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/16 12:26:30 | 000,000,000 | ---D | M] (ClixSense.com Community Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
[2010/12/16 12:26:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\[email protected]
[2011/01/05 18:21:26 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\[email protected]
[2010/08/02 13:58:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\[email protected]
[2009/10/14 04:10:56 | 000,004,554 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\aim-search.xml
[2010/12/20 16:51:43 | 000,002,568 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\askcom.xml
[2011/01/14 02:29:56 | 000,001,919 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\bing-zugo.xml
[2011/03/13 02:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 01:57:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 05:08:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/15 11:14:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/13 02:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 18:16:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/06/09 20:35:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MATT\APPDATA\LOCAL\{AAA46C78-D425-4A1D-8F71-B87748C37071}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/25 17:43:47 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober216825805.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.gif
[2010/05/21 00:29:13 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.src

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 10:35:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/10/10 10:56:20 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) - L:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/10 10:56:17 | 000,000,000 | R--D | M] - L:\Autorun -- [ UDF ]
O32 - AutoRun File - [2008/10/10 10:56:22 | 004,108,288 | R--- | M] () - L:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2008/10/10 10:56:15 | 000,000,137 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell\AutoRun\command - "" = O:\setup.exe
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{df1c0a29-c391-11de-988e-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{df1c0a29-c391-11de-988e-001e901df623}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- [2008/10/10 10:56:20 | 000,447,752 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 17:28:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/05/21 05:34:06 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\bejeweled blitz
[2011/05/21 05:32:58 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\farkle
[2011/05/20 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\gardens of time
[2011/05/19 13:16:42 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/05/19 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP1700
[2011/05/19 13:16:16 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/05/19 06:32:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/19 06:31:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/05/19 06:31:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/19 06:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/05/19 06:29:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/19 06:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/19 06:05:42 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Windows Live
[2011/05/19 06:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/19 04:57:22 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\mafia wars
[2011/05/13 20:35:52 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\New Folder (2)
[2011/05/10 05:41:49 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\monster galaxy
[2011/05/10 03:36:05 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\crime city
[2011/05/10 01:32:21 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\slot city
[2011/05/08 06:14:41 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\csi
[2011/05/07 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\casino city
[2011/05/05 19:49:33 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\college basketball
[2011/04/24 14:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2011/04/24 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xiph.Org
[2010/08/05 12:07:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\matt\AppData\Roaming\pcouffin.sys
[2010/06/02 18:48:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2010/06/02 18:48:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2010/06/02 18:48:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2010/06/02 18:48:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2010/06/02 18:48:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2010/06/02 18:48:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2010/06/02 18:48:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2010/06/02 18:48:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2010/06/02 18:48:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2010/06/02 18:48:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2010/06/02 18:48:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2010/06/02 18:48:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2010/06/02 18:48:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/05/21 22:34:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 22:34:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 17:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/05/20 10:39:17 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 10:39:17 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 10:34:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 13:16:06 | 004,495,960 | ---- | M] () -- C:\Users\matt\Desktop\ip1700vst200ej.exe
[2011/05/19 06:39:01 | 000,000,905 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/19 06:37:29 | 000,961,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/19 06:02:58 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/19 06:02:58 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/19 06:02:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/17 03:29:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/16 20:00:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - matt.job
[2011/05/13 19:14:50 | 000,119,296 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 14:46:45 | 000,043,293 | ---- | M] () -- C:\Users\matt\Desktop\sign1.jpg
[2011/05/03 15:15:17 | 000,050,230 | ---- | M] () -- C:\Users\matt\Documents\Wazzamba Prize Winner Information Form-1.pdf
[2011/04/30 10:00:17 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/19 13:16:00 | 004,495,960 | ---- | C] () -- C:\Users\matt\Desktop\ip1700vst200ej.exe
[2011/05/19 06:31:07 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/19 06:30:45 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/19 06:30:14 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/19 06:29:52 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/19 06:02:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/10 21:26:33 | 000,043,293 | ---- | C] () -- C:\Users\matt\Desktop\sign1.jpg
[2011/05/03 15:15:17 | 000,050,230 | ---- | C] () -- C:\Users\matt\Documents\Wazzamba Prize Winner Information Form-1.pdf
[2011/04/14 14:50:00 | 000,000,269 | ---- | C] () -- C:\Windows\SysMech.INI
[2011/04/12 20:03:38 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011/03/10 03:08:52 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/03/08 19:55:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/03/08 19:55:13 | 000,000,404 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2011/03/08 19:52:59 | 000,000,067 | ---- | C] () -- C:\Windows\Cook'n99.ini
[2010/12/15 12:18:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/10 20:36:44 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/09 18:41:56 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/08/05 12:08:57 | 000,000,668 | ---- | C] () -- C:\Users\matt\AppData\Roaming\vso_ts_preview.xml
[2010/08/05 12:07:55 | 000,087,608 | ---- | C] () -- C:\Users\matt\AppData\Roaming\inst.exe
[2010/08/05 12:07:55 | 000,007,887 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.cat
[2010/08/05 12:07:55 | 000,001,144 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.inf
[2010/08/01 12:25:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/20 17:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/06/09 20:35:14 | 000,000,120 | ---- | C] () -- C:\Users\matt\AppData\Local\Rtelacega.dat
[2010/06/09 20:35:14 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\Tputubetogu.bin
[2010/06/06 00:15:25 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010/06/02 18:48:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2010/05/24 21:35:45 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2010/05/24 21:35:45 | 000,069,720 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/04/22 14:24:54 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/02/28 11:00:14 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2009/10/08 00:19:02 | 000,119,296 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 04:27:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 04:27:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 05:43:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/18 10:35:44 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/18 10:27:44 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/18 10:23:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/18 10:21:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/18 10:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/30 11:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,961,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 03:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe

========== LOP Check ==========

[2009/10/13 05:28:30 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Absolute Poker
[2009/10/14 04:10:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\acccore
[2010/08/08 04:28:25 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ashtons. Family Resort
[2009/10/31 22:13:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\CasualForge
[2009/10/22 23:13:04 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DAEMON Tools Lite
[2009/11/06 01:16:01 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DivoGames
[2010/05/16 07:55:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Facebook
[2010/08/01 02:27:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Flood Light Games
[2010/08/01 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Floodlight Games
[2011/03/13 02:25:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Free Download Manager
[2009/11/14 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Got Game Entertainment
[2010/05/23 07:04:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\GrabPro
[2010/08/10 04:20:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\gtk-2.0
[2011/03/09 00:31:13 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\iolo
[2011/03/13 03:59:29 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\IrfanView
[2010/12/02 02:34:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Lionhead Studios
[2010/07/25 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Oberon Media
[2011/03/10 03:33:52 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2011/03/13 02:14:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Orbit
[2010/05/19 06:56:48 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\PlayFirst
[2010/06/06 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Pogo
[2011/04/21 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3
[2011/03/21 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smilebox
[2009/09/24 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Snapfish
[2011/03/10 03:08:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Template
[2010/10/25 12:31:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ubisoft
[2011/05/20 00:19:14 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2010/05/23 08:29:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\ValuSoft
[2010/12/23 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Vso
[2009/09/25 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinBatch
[2010/07/31 00:42:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YoudaGames
[2010/12/16 12:16:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YouDataAIR.CDA5CEB063BC2A22C44BAA035F25F65FCCDA2208.1
[2011/05/17 03:29:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/05/20 10:33:23 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:80AC2AE7
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1C6D843F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP