Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

GoingOnEarth Google Redirect Virus

Started by Dotanuki85 , Jul 21 2011 10:05 AM

  • Please log in to reply

#1
Dotanuki85
Posted 21 July 2011 - 10:05 AM

Dotanuki85

    New Member

  • Member
  • Pip
  • 1 posts
Hello I recently downloaded a file from a site that I believe was the culprit to this particular Malware problem. I believe the file was BYCVD.exe. However, I am not getting multiple webroot security messages informing me that is is blocking a redirect from WWW.MYRIOTRACKING.COM or from an IP address. Whenever I click on a line in Google or other search engine it redirects me to GoingOnEarth.com I have tried every spyware/malware tool out there. I tried TDSSKiller but it found nothing. I tried installing trial versions of Malware Anti Spyware and Super Antispware software and have had no luck. Please Please Please help! I am leaving town for a meeting soon and I really need a working computer!

When I scan with OTL it freezes when it says that it is scanning the Firefox settings.

Help!

I got it to run successfully.

OTL logfile created on: 7/21/2011 12:51:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 35.28% Memory free
7.49 Gb Paging File | 4.02 Gb Available in Paging File | 53.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.54 Gb Total Space | 191.47 Gb Free Space | 43.17% Space Free | Partition Type: NTFS
Drive D: | 21.92 Gb Total Space | 2.88 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 89.39 Mb Free Space | 90.27% Space Free | Partition Type: FAT32
Drive G: | 931.48 Gb Total Space | 620.71 Gb Free Space | 66.64% Space Free | Partition Type: NTFS

Computer Name: STEVEMILLER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital )
SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (ssfmonm) -- C:\Windows\SysNative\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (NMgamingmsFltr) -- C:\Windows\SysNative\drivers\NMgamingms.sys (Primax Ltd)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.4248
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/05 05:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/01 20:06:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/20 14:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 20:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/01 20:07:38 | 000,000,000 | ---D | M]

[2010/08/30 13:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/07/21 11:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions
[2011/07/18 12:38:16 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/02/01 18:06:08 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2011/02/01 18:05:41 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/05/27 15:42:45 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/06/22 20:07:25 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/26 13:22:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\[email protected]
[2010/08/30 17:32:38 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\[email protected]
[2011/07/17 17:45:11 | 000,000,000 | ---D | M] (Widevine Media Transformer Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\widevinemediatransformer@widevine
[2011/02/01 18:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a7jmyzo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/04/27 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/23 18:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 12:43:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/20 14:28:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0A7JMYZO.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2011/06/22 20:06:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/20 10:53:32 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TheLaptopLock] C:\Program Files (x86)\The LaptopLock\LaptopLock.exe (LaptopLock)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [MusicManager] C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [WD Smartware Upgrader - Uninstall] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [spchecker] C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 165.230.183.34 165.230.172.34
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 12:01:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/07/21 10:59:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/20 16:17:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/20 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/07/20 14:31:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/20 14:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/20 14:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/07/20 14:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/20 14:26:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/07/20 14:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/20 14:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/20 10:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/07/19 23:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/19 23:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/07/19 23:39:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Western_Digital
[2011/07/19 16:28:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/19 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/19 15:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/07/19 15:25:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Western Digital
[2011/07/19 14:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/19 14:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/19 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/19 14:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/19 12:44:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/07/19 12:43:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/19 12:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 12:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/19 12:43:55 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/19 12:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/19 11:35:35 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/07/19 10:42:00 | 007,468,992 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\gogetum-rules.exe
[2011/07/19 10:41:50 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\gogetum.exe
[2011/07/19 10:41:47 | 011,603,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Owner\Desktop\Gogetum2.exe
[2011/07/19 10:41:43 | 006,324,920 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Users\Owner\Desktop\GoGetUm2Def.EXE
[2011/07/19 10:41:39 | 007,693,632 | ---- | C] (SurfRight B.V.) -- C:\Users\Owner\Desktop\HIOTMAN.exe
[2011/07/19 01:11:06 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2011/07/19 01:11:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2011/07/19 01:04:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2011/07/19 01:04:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AIM
[2011/07/19 01:04:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AOL
[2011/07/19 00:49:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2011/07/19 00:46:33 | 000,039,192 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/07/19 00:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\RegRun2
[2011/07/19 00:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2011/07/19 00:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/18 13:17:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/18 13:17:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/18 13:17:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/18 13:16:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/18 13:14:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/18 13:13:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/18 13:12:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/18 13:06:18 | 004,155,513 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/07/18 12:50:05 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/07/18 12:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlphaZIP
[2011/07/18 12:17:47 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateEngine.dll
[2011/07/18 12:17:47 | 000,094,208 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateControl365.dll
[2011/07/18 12:17:44 | 000,071,680 | ---- | C] (Alpha ZIP) -- C:\Windows\SysWow64\english_ztv_Bh.SFX
[2011/07/18 12:17:44 | 000,067,584 | ---- | C] (Alpha ZIP) -- C:\Windows\SysWow64\english_ztv_Jar.SFX
[2011/07/18 12:17:43 | 000,067,584 | ---- | C] (Alpha ZIP) -- C:\Windows\SysWow64\english_ztv_Zip.SFX
[2011/07/18 12:17:43 | 000,066,560 | ---- | C] (Alpha ZIP) -- C:\Windows\SysWow64\english_ztv_lha.SFX
[2011/07/18 12:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlphaZIP
[2011/07/18 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{208C252F-F253-415C-B85F-3A305EF792AC}
[2011/07/17 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IDM
[2011/07/15 12:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClustalX2
[2011/07/15 12:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClustalX2
[2011/07/15 11:50:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Joni Mitchell
[2011/07/15 11:50:13 | 000,000,000 | ---D | C] -- C:\tmp
[2011/07/15 10:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3
[2011/07/15 10:16:07 | 000,000,000 | ---D | C] -- C:\FLAC To MP3
[2011/07/11 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5903CAFE-31CA-4615-AD86-C0EFA062DF3F}
[2011/07/08 18:22:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook
[2011/07/08 17:10:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{26C3EA1D-43FA-4892-9AF7-BDEE15D28ADB}
[2011/07/08 10:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/07/05 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Duke Nukem Forever Demo
[2011/07/05 17:23:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
[2011/07/05 12:04:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1001
[2011/06/29 22:53:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/29 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Google
[2011/06/29 20:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/06/29 20:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/06/28 13:22:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\chimerachecker
[2011/06/23 16:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011/06/23 16:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2011/06/23 16:32:23 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Owner\Desktop\putty.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 13:39:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 12:57:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000UA.job
[2011/07/21 12:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000UA.job
[2011/07/21 12:01:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/07/21 11:04:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 11:04:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 10:59:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/21 10:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 09:52:52 | 122,962,473 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/21 01:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000Core.job
[2011/07/21 00:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000Core.job
[2011/07/20 18:39:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 14:28:06 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/20 14:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/20 14:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/20 10:52:50 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\srsgpgbwc.job
[2011/07/20 10:52:41 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 10:52:05 | 000,016,364 | ---- | M] () -- C:\ml-20110720105205.xml
[2011/07/19 23:47:31 | 000,001,159 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2011/07/19 16:28:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/19 16:19:05 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/19 14:38:08 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/19 14:38:08 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/19 14:38:08 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/19 12:43:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 11:35:36 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/07/19 11:33:28 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2011/07/19 11:32:55 | 000,050,477 | ---- | M] () -- C:\Users\Owner\Desktop\Defogger.exe
[2011/07/19 10:37:21 | 001,008,041 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.exe
[2011/07/19 10:34:48 | 007,693,632 | ---- | M] (SurfRight B.V.) -- C:\Users\Owner\Desktop\HIOTMAN.exe
[2011/07/19 10:29:52 | 011,603,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Owner\Desktop\Gogetum2.exe
[2011/07/19 10:29:42 | 006,324,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Users\Owner\Desktop\GoGetUm2Def.EXE
[2011/07/19 10:29:20 | 007,468,992 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\gogetum-rules.exe
[2011/07/19 10:28:34 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\gogetum.exe
[2011/07/19 01:11:14 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/07/19 01:11:14 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/07/19 01:11:14 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/07/19 00:46:33 | 000,039,192 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/07/19 00:23:22 | 001,751,180 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/18 13:06:43 | 004,155,513 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/07/18 12:50:42 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/07/18 12:35:06 | 522,424,604 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/18 10:59:49 | 000,062,464 | RHS- | M] () -- C:\Windows\SysWow64\ubpmw.dll
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.exe
[2011/07/15 10:16:11 | 000,000,597 | ---- | M] () -- C:\Users\Public\Desktop\FLAC To MP3.lnk
[2011/07/14 22:13:22 | 000,002,397 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/07/13 12:06:46 | 000,000,458 | ---- | M] () -- C:\Users\Owner\Desktop\RarefractionCurve.r
[2011/07/13 11:22:01 | 000,000,600 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2011/07/13 11:21:22 | 000,000,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\PUTTY.RND
[2011/07/12 21:25:22 | 000,419,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 17:28:41 | 000,731,902 | ---- | M] () -- C:\Users\Owner\Desktop\usearch4.2.130_i86linux32_zhanglab.tz
[2011/07/11 17:28:31 | 000,306,714 | ---- | M] () -- C:\Users\Owner\Desktop\UchimePairedEndUserGuide4.2.75.pdf
[2011/07/11 16:10:56 | 000,002,447 | ---- | M] () -- C:\Users\Owner\.Megan.def
[2011/07/08 10:52:23 | 000,001,437 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/08 10:51:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/07/08 10:48:28 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/08 10:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 10:47:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/05 12:05:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/06/29 20:04:17 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/23 16:41:36 | 000,001,849 | ---- | M] () -- C:\Users\Owner\Desktop\WinSCP.lnk
[2011/06/23 16:32:25 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Owner\Desktop\putty.exe
[2011/06/22 20:07:29 | 000,002,048 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/21 09:52:52 | 122,962,473 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/20 14:28:06 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/20 14:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/20 14:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/20 10:52:05 | 000,016,364 | ---- | C] () -- C:\ml-20110720105205.xml
[2011/07/19 23:47:31 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2011/07/19 16:19:05 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/19 12:43:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 11:43:50 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.exe
[2011/07/19 11:33:28 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2011/07/19 11:32:55 | 000,050,477 | ---- | C] () -- C:\Users\Owner\Desktop\Defogger.exe
[2011/07/19 10:37:20 | 001,008,041 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.exe
[2011/07/19 01:10:47 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2011/07/19 00:44:47 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/07/19 00:44:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/07/19 00:44:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/07/19 00:22:45 | 001,751,180 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/18 13:17:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/18 13:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/18 13:17:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/18 13:17:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/18 13:17:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/18 12:17:46 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\ztvunacev2.dll
[2011/07/18 12:17:44 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar3.dll
[2011/07/18 12:17:44 | 000,132,096 | ---- | C] () -- C:\Windows\SysWow64\7z.sfx
[2011/07/18 10:59:50 | 000,000,300 | -HS- | C] () -- C:\Windows\tasks\srsgpgbwc.job
[2011/07/18 10:59:49 | 000,062,464 | RHS- | C] () -- C:\Windows\SysWow64\ubpmw.dll
[2011/07/15 10:16:11 | 000,000,597 | ---- | C] () -- C:\Users\Public\Desktop\FLAC To MP3.lnk
[2011/07/13 12:02:35 | 000,000,458 | ---- | C] () -- C:\Users\Owner\Desktop\RarefractionCurve.r
[2011/07/11 17:28:40 | 000,731,902 | ---- | C] () -- C:\Users\Owner\Desktop\usearch4.2.130_i86linux32_zhanglab.tz
[2011/07/11 17:28:27 | 000,306,714 | ---- | C] () -- C:\Users\Owner\Desktop\UchimePairedEndUserGuide4.2.75.pdf
[2011/07/08 18:22:31 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000UA.job
[2011/07/08 18:22:30 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000Core.job
[2011/07/08 10:48:28 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/08 10:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 10:47:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/05 12:04:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/06/29 20:04:17 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/06/25 22:35:17 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/06/23 16:41:37 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2011/06/23 16:41:36 | 000,001,849 | ---- | C] () -- C:\Users\Owner\Desktop\WinSCP.lnk
[2011/06/23 16:38:36 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\PUTTY.RND
[2011/05/07 22:04:41 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/05/06 23:47:03 | 000,756,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 17:58:43 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/31 14:09:47 | 000,001,854 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
[2010/11/07 18:09:35 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 22:59:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/30 11:32:10 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/08/05 04:52:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/05 04:45:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/08/05 04:45:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/04/25 16:36:52 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/09 21:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/12/30 14:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2009/12/30 14:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2009/12/30 02:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2009/12/30 02:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2009/12/30 02:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/10 00:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/10/25 22:31:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2011/07/20 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/07/16 22:09:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2010/11/27 15:10:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CLC bio
[2010/08/29 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DigitalPersona
[2011/07/18 10:54:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EditPlus 3
[2011/04/13 13:19:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2011/07/17 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IDM
[2011/05/13 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InfraRecorder
[2010/09/24 20:43:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2011/05/03 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MEGA5_5110426
[2011/05/27 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sling Media
[2011/05/17 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2011/04/13 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSH
[2011/04/20 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2011/03/03 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unipro
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/11/27 15:11:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\x-formation
[2011/07/05 12:05:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/07/21 00:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000Core.job
[2011/07/21 12:57:06 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3495857359-851173223-595216675-1000UA.job
[2009/07/14 01:08:49 | 000,029,396 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/20 10:52:50 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\srsgpgbwc.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Edited by Dotanuki85, 21 July 2011 - 11:54 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP