Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus and msiexec.exe problem

Started by Tylerkrebsbach123 , Jun 24 2011 12:43 AM

  • This topic is locked This topic is locked

#1
Tylerkrebsbach123
Posted 24 June 2011 - 12:43 AM

Tylerkrebsbach123

    New Member

  • Member
  • Pip
  • 3 posts
Hello! I'm new to this forum and created this account to ask for some help regarding two problems...

First I've noticed two other topics regarding The Google Redirect Virus, and I'm fairly certain my computer has this also. I'm using Mozilla Firefox and every time I type in a search request the links lead to add sites, the yellow pages, and other sites of that kind. I can only find other sites by typing the URL in directly. I downloaded OTL and will post the log at the end of this if it's any help. (I've tried a scan with webroot and nothing has come up)

Second I keep receiving pop ups from "msiexec.exe" which whenever I pull up onto the screen will not allow me to cancel them, and freeze up the computer. At the moment three have appeared sense I've booted the computer up but I've avoided clicking on them so far.I'm not sure if the problems are connected or what, but I would very much appreciate any help available, I have very little computer knowledge.

OTL logfile created on: 6/24/2011 2:22:31 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Cicely\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 67.21% Memory free
7.60 Gb Paging File | 5.96 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 1.25 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 293.25 Gb Free Space | 83.63% Space Free | Partition Type: NTFS

Computer Name: CICELY-PC | User Name: Cicely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/23 22:12:51 | 000,565,248 | ---- | M] () -- C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe
PRC - [2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
PRC - [2011/06/22 12:49:51 | 000,561,664 | ---- | M] () -- C:\Users\Cicely\0.7131146526782262.exe
PRC - [2011/06/22 12:14:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Windows\SysWOW64\UserAccountControlSettings32.exe
PRC - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\ProgramData\iprtprio32.exe
PRC - [2011/05/16 16:50:06 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/04/24 00:30:44 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 04:02:40 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/12/14 03:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/12/04 03:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/20 16:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/11 00:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/06 21:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/16 07:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/19 02:07:48 | 000,783,360 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\UserAccountControlSettings32.exe -- (wscsvc32)
SRV - [2011/05/16 16:32:07 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 18:05:08 | 000,137,760 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/04/18 18:05:06 | 000,058,480 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/28 19:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 23:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 09:15:14 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 16:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 05:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/11/19 23:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/22 19:44:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 97 83 03 4E 5D 8A 4F 94 E5 E6 BC 7A 20 2A CE [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 12:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/22 12:14:40 | 000,000,000 | ---D | M]

[2011/01/17 02:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Extensions
[2011/06/23 21:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions
[2011/06/20 22:33:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{69c79524-5fcf-4649-b011-95d5b9df2703}
[2011/04/22 15:52:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/26 01:59:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cicely\AppData\Roaming\Mozilla\Firefox\Profiles\topklwf5.default\extensions\[email protected]
[2011/05/31 15:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/31 15:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/23 03:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/23 03:41:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/21 00:46:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {03839793-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {05CA11F1-CA16-2364-3347-AD4AF88D65C9} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {08B2A21C-6624-2E11-2837-42E757D81498} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (no name) - {0E0E5E4F-5D4E-4F8A-94E5-E6BC7A202ACe} - C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (wpcubed GmbH)
O2 - BHO: (206da9d8) - {10487C95-D323-2177-516A-8F7E8911F290} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {1CE549D5-9584-D533-AD5C-573F30CE4FAB} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {257AABF5-070E-09AA-45F7-63822B8FFAE5} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {297EE0E5-8206-20C1-226B-9248139944BC} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {310D8618-7806-AA44-8775-0A637E67F1B4} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {66481EA3-B7EA-4173-83AA-A0F01553C560} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {795026D0-63A3-EFDD-2954-B88FF5358FE3} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {7BF4D4B3-BBDF-EE3C-E7C2-11F48AF46092} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (206da9d8) - {B5B7DE37-344E-7B1F-40D3-2115D438D97D} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {BBF47915-2330-0649-AFC4-499E6183CE03} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (206da9d8) - {C18F67D7-699B-15DD-257F-C42BC0578455} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (206da9d8) - {E5325D24-8926-9D5C-9E7D-A883CE87F97F} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O2 - BHO: (206da9d8) - {E9EE9097-7BEB-33B5-643E-1A3603AB38F0} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [1344207245] C:\Users\Cicely\AppData\Local\Temp\0.8532980777556454.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell - "" = AutoRun
O33 - MountPoints2\{05d81cd7-7512-11e0-a52c-002454787644}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 02:20:02 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/24 02:19:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\Desktop\Remember to uninstall
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2011/06/24 02:01:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/22 20:54:11 | 000,545,280 | ---- | C] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/21 01:21:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/06/21 01:21:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/21 01:13:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/06/21 01:13:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/06/21 01:13:34 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/06/21 01:07:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 00:54:36 | 004,131,325 | R--- | C] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{FCCFDB30-E236-480E-A14D-44C9D99870B2}
[2011/06/20 02:09:34 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{86EA107E-2A47-4700-A35F-A9C7E0B8F2E8}
[2011/06/20 02:00:24 | 000,350,208 | ---- | C] (wpcubed GmbH) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[2011/06/18 11:55:57 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{CE13BF6D-FCD4-4553-9EFC-03A6BDC53D5A}
[2011/06/13 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/06/13 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{919497B1-0000-459F-8A87-8667DA99DA89}
[2011/06/12 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{AEA45712-A31F-4653-A632-642A69DA4E03}
[2011/06/11 01:11:11 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{4353B720-53CF-465F-8FC3-EB3FE29F3B39}
[2011/06/07 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{800B6571-F64B-4830-BB21-4339F6B975C9}
[2011/06/05 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{68D44D3D-EF19-4485-80EA-5DBBEF4C8C0E}
[2011/06/04 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8CB908EC-524B-403D-BF31-07E78A725FF1}
[2011/06/04 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{36FC81DE-1B97-4FB3-92A7-6F62CF01B717}
[2011/06/02 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{3EF2A443-FE1E-4C90-A9C7-B9F07FC88703}
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\skypePM
[2011/05/31 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/31 15:02:12 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Roaming\Skype
[2011/05/31 14:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/31 14:59:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/31 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/31 14:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/28 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{8B23A3C4-FB84-482B-A601-C4BBFC2A3F00}
[2011/05/25 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\Cicely\AppData\Local\{BE4DE228-E689-4744-92F5-88150A3E9014}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 02:20:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Cicely\Desktop\OTL.exe
[2011/06/24 01:52:49 | 000,000,043 | ---- | M] () -- C:\ProgramData\9efe8a
[2011/06/24 01:25:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/22 20:54:12 | 000,545,280 | ---- | M] (CrypKey Inc.) -- C:\Users\Cicely\0.40784594667201746.exe
[2011/06/22 19:42:44 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:42:44 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:34:49 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 12:49:51 | 000,561,664 | ---- | M] () -- C:\Users\Cicely\0.7131146526782262.exe
[2011/06/21 00:54:45 | 004,131,325 | R--- | M] (Swearware) -- C:\Users\Cicely\Desktop\ComboFix.exe
[2011/06/20 03:14:51 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/20 03:14:51 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/20 03:14:51 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/20 02:00:28 | 000,000,105 | ---- | M] () -- C:\windows\SysWow64\716238586
[2011/06/20 02:00:27 | 000,184,320 | ---- | M] () -- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
[2011/06/20 02:00:24 | 000,350,208 | ---- | M] (wpcubed GmbH) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\windows\SysWow64\UserAccountControlSettings32.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\msiexec.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\ProgramData\iprtprio32.exe
[2011/06/19 02:07:48 | 000,783,360 | ---- | M] () -- C:\Users\Cicely\0.36728567855500527.exe
[2011/06/18 11:54:32 | 004,988,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/13 17:12:13 | 000,001,229 | ---- | M] () -- C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/13 17:12:13 | 000,001,205 | ---- | M] () -- C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk
[2011/05/31 15:07:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Cicely\Desktop\*.tmp files -> C:\Users\Cicely\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 12:49:49 | 000,561,664 | ---- | C] () -- C:\Users\Cicely\0.7131146526782262.exe
[2011/06/21 01:18:11 | 000,000,043 | ---- | C] () -- C:\ProgramData\9efe8a
[2011/06/21 01:13:42 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/06/21 01:13:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/06/21 01:13:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/06/21 01:13:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/06/21 01:13:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/06/20 02:00:28 | 000,783,360 | ---- | C] () -- C:\ProgramData\iprtprio32.exe
[2011/06/20 02:00:27 | 000,184,320 | ---- | C] () -- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
[2011/06/20 02:00:26 | 000,783,360 | ---- | C] () -- C:\windows\SysWow64\UserAccountControlSettings32.exe
[2011/06/20 02:00:26 | 000,000,105 | ---- | C] () -- C:\windows\SysWow64\716238586
[2011/06/19 02:07:49 | 000,783,360 | ---- | C] () -- C:\Users\Cicely\msiexec.exe
[2011/06/19 02:07:47 | 000,783,360 | ---- | C] () -- C:\Users\Cicely\0.36728567855500527.exe
[2011/06/13 17:12:13 | 000,001,229 | ---- | C] () -- C:\Users\Cicely\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/13 17:12:13 | 000,001,205 | ---- | C] () -- C:\Users\Cicely\Desktop\FrostWire 4.21.8.lnk
[2011/05/31 15:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 14:59:43 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/17 19:54:07 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/08/25 23:34:30 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/08/25 23:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 23:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/01/23 00:11:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/01/23 00:11:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/01/22 07:34:04 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/01/22 06:45:23 | 000,000,800 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/10/08 06:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

========== LOP Check ==========

[2011/01/17 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\AVCWare
[2011/05/20 20:20:27 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/04/22 15:50:55 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\DVDVideoSoft
[2011/01/29 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/15 01:28:28 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\FrostWire
[2011/06/13 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\OpenCandy
[2011/05/24 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/24 02:26:05 | 000,000,000 | ---D | M] -- C:\Users\Cicely\AppData\Roaming\uTorrent
[2011/05/22 11:48:15 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP