Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect, IE errors, Audio Ads, System Crashes

Started by SamaraDuck , Jun 15 2011 01:25 PM

  • Please log in to reply

#1
SamaraDuck
Posted 15 June 2011 - 01:25 PM

SamaraDuck

    New Member

  • Member
  • Pip
  • 1 posts
Greetings!

I originally got "Windows Recovery" virus some 2 months ago. I manually removed it following advice found online (deleted the virus .exe file and registry entries, then ran unhide.exe). The Windows Recovery problem per se was thus resolved.

However, my PC continues to suffer from the following issues which are exacerbating over time:

- Google Redirect: when searching in Google and then clicking on results, I am redirected to extraneous sites;

- Internet Explorer: each time the system is started, IE starts to run in the background without my permission (I don't use IE for browsing, I use Firefox). IE would not be visible as a window/program - but you can see it in the Processes tabs in Win Task Manager (iexplore.exe and ieuser.exe). These tasks take up very large amounts of CPU. If you kill the processes, it may help for a few minutes, but they come back again. Sometimes a window pops up saying "Internet Explorer Stopped Working". Eventually these IE processes bring CPU usage to 100% and hold it there. The system stops responding and/or crashes;

- I can sometimes hear audio advertisements even when not browsing the Internet.

Neither Spybot S&D nor Symantec Antivirus find anything.

I tried Google Redirect manual instructions from this site, but TDSS Killer does not run (neither in Standard nor in Safe Mode).

I will greatly appreciate your help! OML log is below. THANK YOU!


OTL logfile created on: 6/15/2011 1:48:18 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\admin\Desktop\VIRUS-REMOVAL
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.27% Memory free
4.20 Gb Paging File | 3.20 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 11.44 Gb Free Space | 10.37% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 5.73 Gb Free Space | 3.84% Space Free | Partition Type: NTFS

Computer Name: LEO-TOSHIBA | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 13:46:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\VIRUS-REMOVAL\OTL.com
PRC - [2010/12/11 20:23:49 | 012,584,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/08/08 23:17:48 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/12 02:03:40 | 005,730,304 | ---- | M] () -- C:\Program Files\ReadyShipper\mysql\bin\mysqld-nt.exe
PRC - [2008/05/20 17:27:22 | 002,474,031 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/02/27 09:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/28 16:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/02/06 20:50:08 | 004,374,528 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/02 17:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/02 16:07:14 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/12/03 18:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/28 11:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 11:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 11:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 22:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 22:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 13:46:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\VIRUS-REMOVAL\OTL.com
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/20 15:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/06/12 02:03:40 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\ReadyShipper\mysql\bin\mysqld-nt.exe -- (ready31mysql)
SRV - [2008/02/27 09:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/28 16:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/08/08 20:04:42 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/05/24 12:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/02/02 17:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/28 11:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 11:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 11:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 22:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 22:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 07:32:25 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/31 15:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 03:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110610.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/10 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110610.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/20 15:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2007/08/08 20:50:30 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/01/26 19:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/13 11:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/11 09:03:19 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/01/11 09:03:18 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/01/03 03:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 03:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/09 03:01:02 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/22 21:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 21:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 21:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/26 17:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 17:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 19:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2002/11/27 16:46:55 | 000,006,400 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RegKill.sys -- (RegKill)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 87

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/26 10:29:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 18:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/12 18:39:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/11 20:23:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/06 11:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/10/06 11:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/27 11:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ojjzumb1.default\extensions
[2010/03/12 19:35:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ojjzumb1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/15 12:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/18 21:32:01 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2006/12/03 18:58:24 | 000,864,768 | ---- | M] (UPEK Inc.) -- C:\Program Files\Mozilla Firefox\components\pbgk1_8.dll

O1 HOSTS File: ([2011/05/23 21:31:42 | 000,433,811 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14956 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 12:34:26 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\GooredFix Backups
[2011/06/15 12:30:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\admin\Desktop\GooredFix.exe
[2011/06/15 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\VIRUS-REMOVAL
[2011/06/01 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\VATOLIN
[2011/05/31 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\CANON
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 13:39:40 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2011/06/15 13:29:58 | 000,202,267 | ---- | M] () -- C:\Users\admin\AppData\Roaming\nvModes.001
[2011/06/15 13:29:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/15 13:29:13 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 13:29:13 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 13:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 13:28:39 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 12:31:08 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\admin\Desktop\GooredFix.exe
[2011/06/15 11:30:21 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/15 11:30:21 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/09 20:12:04 | 279,676,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/04 11:03:38 | 000,117,188 | ---- | M] () -- C:\Users\admin\Desktop\sharashkiny.jpg
[2011/06/04 10:09:17 | 000,030,285 | ---- | M] () -- C:\Users\admin\Desktop\lic-a6-c.pdf
[2011/06/04 09:42:47 | 000,138,174 | ---- | M] () -- C:\Users\admin\Desktop\0002228990-preview.jpg
[2011/06/03 14:10:05 | 000,162,312 | ---- | M] () -- C:\Users\admin\Desktop\0001628509-preview.jpg
[2011/05/30 12:25:25 | 008,025,088 | ---- | M] () -- C:\Users\admin\Desktop\DAZzle-Update-113.EXE
[2011/05/23 21:31:42 | 000,433,811 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 13:39:40 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2011/06/15 13:28:39 | 2145,443,840 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 11:03:38 | 000,117,188 | ---- | C] () -- C:\Users\admin\Desktop\sharashkiny.jpg
[2011/06/04 10:09:06 | 000,030,285 | ---- | C] () -- C:\Users\admin\Desktop\lic-a6-c.pdf
[2011/06/04 09:42:44 | 000,138,174 | ---- | C] () -- C:\Users\admin\Desktop\0002228990-preview.jpg
[2011/06/03 14:09:45 | 000,162,312 | ---- | C] () -- C:\Users\admin\Desktop\0001628509-preview.jpg
[2011/05/30 12:23:13 | 008,025,088 | ---- | C] () -- C:\Users\admin\Desktop\DAZzle-Update-113.EXE
[2011/04/27 12:40:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/27 12:40:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/27 12:40:07 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/27 12:40:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/27 12:40:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/27 11:41:14 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/22 22:03:48 | 000,000,136 | ---- | C] () -- C:\ProgramData\~36626208r
[2011/04/22 22:03:46 | 000,000,120 | ---- | C] () -- C:\ProgramData\~36626208
[2010/11/13 21:41:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 14:12:04 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2009/07/05 17:39:00 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009/07/05 17:29:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugo1l3.dll
[2009/07/05 17:28:49 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/06/26 19:15:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/09/10 19:29:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/10 14:50:54 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2008/03/02 22:30:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2008/02/20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008/01/05 22:58:11 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/01/05 22:58:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/11/21 14:56:59 | 000,000,548 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
[2007/09/15 19:13:39 | 000,158,014 | ---- | C] () -- C:\Windows\Plagiarism-Finder Uninstaller.exe
[2007/08/08 19:22:01 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/08/08 19:22:01 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/08/08 19:22:01 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/08/08 19:22:01 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/08/08 19:22:01 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/08/08 19:22:01 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/08/08 19:22:01 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/08/08 19:22:01 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/08/08 19:22:00 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/08/08 19:22:00 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/08/08 19:22:00 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/08/08 19:22:00 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/08/08 19:22:00 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/08/08 19:22:00 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/08/08 19:22:00 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/08/08 19:22:00 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/08/08 19:19:05 | 000,000,054 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2007/08/08 19:17:25 | 000,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2007/08/08 19:14:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/08 18:23:04 | 000,202,267 | ---- | C] () -- C:\Users\admin\AppData\Roaming\nvModes.001
[2007/08/08 18:23:03 | 000,202,267 | ---- | C] () -- C:\Users\admin\AppData\Roaming\nvModes.dat
[2007/08/08 18:03:47 | 000,239,104 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/01 20:21:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/04/01 20:21:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/04/01 20:21:01 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/04/01 20:21:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/02 14:03:00 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/02 14:03:00 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/02 14:03:00 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/02 14:03:00 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/02 14:03:00 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/02 14:03:00 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/02/28 15:46:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/02/28 14:51:49 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/02/28 14:51:49 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,650,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:29 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 07:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/15 11:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL
[2000/03/30 03:00:00 | 000,125,440 | ---- | C] () -- C:\Windows\System32\UNZDLL.DLL
[1999/10/23 23:29:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[1999/08/11 20:28:02 | 000,101,888 | ---- | C] () -- C:\Windows\System32\LIBBZ2.DLL
[1999/05/22 02:10:00 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ZIPDLL.DLL
[1999/01/22 08:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/28 05:06:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UNACE.DLL

========== LOP Check ==========

[2008/01/06 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Agelong Tree
[2008/06/02 17:44:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Anonymizer
[2009/01/16 13:08:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Endicia
[2007/08/21 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\EPSON
[2011/06/15 13:50:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Free Download Manager
[2008/08/04 16:25:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Galaxy Ship
[2007/08/08 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InterVideo
[2007/08/08 19:22:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2009/01/01 10:23:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MusicNet
[2008/09/28 01:42:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2008/12/29 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers
[2008/08/06 00:26:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ReadyShipper
[2008/12/29 23:57:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony
[2007/11/21 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
[2010/10/06 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2008/12/30 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ulead Systems
[2008/01/11 03:21:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2007/08/15 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\VanDyke
[2011/06/15 12:42:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP