Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Startsear.ch Browser Hijacker

Started by Getgraffik , Nov 10 2011 02:17 PM

  • This topic is locked This topic is locked

#1
Getgraffik
Posted 10 November 2011 - 02:17 PM

Getgraffik

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I normally don't use IE, so I'm not sure how long this has been there, but today when I opened it, I found out that something called startsear.ch had taken over it. I tried using AVG and HouseCall to get rid of it, but no luck. So far, I haven't noticed anything out of the ordinary with the way the computer is running, but for obvious reasons I want this thing off my computer.

I am not sure how I got this virus. I suspect it may have been through a website I sometimes visit for Paint Shop Pro tutorials. The site has never given me any problems in the past; however, a couple of days before I discovered the virus, I went and there was a message about a rootkit exploit, and the site was then suspended for several days.

Thanks in advance for your help.

Edited to include system info:

Operating System: Windows XP System Specs: Windows XP Home Edition version 2002
Service Pack 3
Intel Pentium D CPU 2.80 Ghz
2.79 GHz, 3.25 GB of RAM

OTL Logs:

OTL:

OTL logfile created on: 11/10/2011 12:01:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 63.20% Memory free
5.09 Gb Paging File | 4.01 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 442.07 Gb Free Space | 94.92% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 394.76 Gb Free Space | 84.76% Space Free | Partition Type: NTFS

Computer Name: KIM-7B338EF0ED3 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 11:57:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/11/09 13:36:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 19:02:58 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 05:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/22 10:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2003/07/23 07:21:22 | 002,695,168 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
PRC - [2002/03/19 11:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 13:36:25 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 19:02:56 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 19:02:55 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 19:01:20 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 19:01:19 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 19:01:17 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/11/07 15:44:56 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
MOD - [2011/10/27 04:46:09 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/06 04:26:05 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/07/21 13:59:08 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/07/21 13:59:08 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/07/21 13:59:08 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/01/22 17:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2002/03/19 11:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Running] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (MBAMSwissArmy)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/21 13:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 13:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/04/10 02:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2002/09/27 17:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:01:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 13:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 15:39:34 | 000,000,000 | ---D | M]

[2011/06/22 13:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/03 16:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\onma13w1.default\extensions
[2011/07/11 10:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\onma13w1.default\searchplugins\startsear.xml
[2011/10/25 15:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 15:39:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ONMA13W1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ONMA13W1.DEFAULT\EXTENSIONS\[email protected]
[2011/11/04 08:01:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/10/25 15:39:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/09 13:36:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/25 15:39:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 10:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/16 06:11:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:36:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Weather Window by WeatherBug = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.11_0\
CHR - Extension: Better Facebook = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\5.941_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2006/02/28 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2011/11/06 10:13:11 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/11/06 10:13:11 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/11/06 10:13:11 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36E9F78-A736-4396-A01B-1DAF8B84D4C2}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/28 04:00:00 | 000,000,032 | -H-- | M] () - C:\autoexea.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/21 14:13:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 11:57:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/08 11:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PV Graphics
[2011/11/08 09:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Superstar
[2011/11/07 11:05:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2011/11/05 09:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\scrao cgakk
[2011/11/04 06:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Krusty2
[2011/11/03 16:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/11/03 16:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/11/03 10:42:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/11/03 10:42:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/03 10:40:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2011/11/03 07:47:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/10/28 07:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Orders
[2011/10/26 08:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\1
[2011/10/25 15:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\lang
[2011/10/25 15:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GrooveDown_Downloads
[2011/10/25 15:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/25 15:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/25 15:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/25 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2011/10/25 15:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin
[2011/10/25 15:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Groovedown
[2011/10/22 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Universe
[2011/10/22 11:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Universe
[2011/10/17 14:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Moonshadow_material
[2011/10/17 11:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2011/10/15 10:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Scared
[2011/10/14 17:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\materiaalles107liane
[2011/06/25 05:47:34 | 000,782,336 | ---- | C] (Alien Skin Software) -- C:\Program Files\Xenofex.8bf
[2003/06/01 21:05:35 | 006,138,368 | ---- | C] (Auto FX Software) -- C:\Program Files\MysticalTTC.exe
[2003/06/01 21:05:35 | 001,408,000 | ---- | C] (Auto FX Software) -- C:\Program Files\Mystical_PlugIn_TTC.8bf
[2003/01/20 12:07:55 | 001,396,736 | ---- | C] (Auto FX Software) -- C:\Program Files\Mystical_PlugIn.8bf
[2003/01/20 12:07:54 | 006,065,152 | ---- | C] (Auto FX Software) -- C:\Program Files\Mystical.exe
[2002/09/19 13:13:31 | 001,206,784 | ---- | C] (Auto FX Software) -- C:\Program Files\AutoEye_PlugIn.8bf
[2001/02/07 17:47:48 | 131,630,656 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\Setup.exe
[2000/07/27 11:49:42 | 001,526,275 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2000/07/27 11:49:24 | 001,513,987 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 11:57:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/10 11:20:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1003UA.job
[2011/11/10 10:21:29 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/10 10:21:28 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/11/10 09:01:59 | 109,270,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/10 08:13:10 | 000,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/11/10 05:14:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/10 05:14:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/10 05:13:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 17:20:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1003Core.job
[2011/11/09 17:09:45 | 000,157,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/08 19:31:08 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/08 19:31:08 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/07 13:07:46 | 000,296,448 | ---- | M] () -- C:\WINDOWS\Xenofex.ini
[2011/11/06 17:45:51 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/06 17:41:08 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\groovedown.settings
[2011/11/06 17:39:57 | 000,011,241 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\gd.db
[2011/11/06 05:46:19 | 000,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 05:46:19 | 000,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 17:28:54 | 000,373,248 | ---- | M] () -- C:\WINDOWS\EyeCand3.INI
[2011/11/04 08:01:53 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/03 10:46:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\n4s1wvwr.exe
[2011/11/03 10:40:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2011/11/03 10:24:38 | 000,000,486 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/11/03 10:19:34 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/11/03 10:09:21 | 000,273,841 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/11/03 10:09:19 | 000,174,349 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/11/03 07:47:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/10/27 11:43:20 | 000,663,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/10/25 15:35:39 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Groovedown.lnk
[2011/10/14 05:15:20 | 006,841,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 19:29:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 17:45:51 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/03 10:46:44 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\n4s1wvwr.exe
[2011/11/03 10:24:38 | 000,000,486 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/11/03 10:19:34 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/10/25 15:40:43 | 000,011,241 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\gd.db
[2011/10/25 15:40:43 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\groovedown.settings
[2011/10/25 15:35:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Groovedown.lnk
[2011/10/13 19:27:47 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/07 11:09:30 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2011/09/08 23:47:24 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/09 18:50:15 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/03 08:11:24 | 005,785,088 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2011/08/03 08:11:23 | 002,170,368 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2011/08/02 18:28:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/02 18:28:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/28 22:05:38 | 000,000,329 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/07/23 07:59:30 | 000,160,505 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/07/23 07:54:12 | 000,160,319 | ---- | C] () -- C:\WINDOWS\Sqirlz Morph Uninstaller.exe
[2011/07/19 05:55:43 | 000,000,373 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2011/07/16 16:05:58 | 000,273,841 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/07/16 16:05:38 | 000,174,349 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/07/02 22:39:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 21:40:32 | 000,000,654 | ---- | C] () -- C:\WINDOWS\nvrbm.ini
[2011/06/29 11:06:51 | 000,001,067 | ---- | C] () -- C:\WINDOWS\nvrph.ini
[2011/06/27 08:10:47 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/06/27 05:46:01 | 000,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2011/06/27 05:43:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2011/06/26 07:13:10 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2011/06/26 05:07:53 | 000,890,953 | ---- | C] () -- C:\WINDOWS\Txtis.ini
[2011/06/26 05:05:58 | 000,890,953 | ---- | C] () -- C:\WINDOWS\HSC_sq4.ini
[2011/06/26 05:04:58 | 000,890,953 | ---- | C] () -- C:\WINDOWS\mtrk.ini
[2011/06/26 05:02:57 | 000,890,953 | ---- | C] () -- C:\WINDOWS\mfrm.ini
[2011/06/25 05:47:34 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2011/06/25 05:47:34 | 000,245,616 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2011/06/25 05:37:36 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2011/06/23 19:26:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/06/22 16:39:01 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/06/22 13:25:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/21 16:45:26 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/21 16:45:26 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/21 16:45:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/21 16:45:18 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/21 16:40:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 16:40:50 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/21 14:15:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 14:10:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/21 07:05:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/21 07:03:54 | 006,841,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/02/28 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/28 04:00:00 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\ialig.dll
[2005/10/23 06:31:10 | 004,915,200 | ---- | C] () -- C:\WINDOWS\System32\qt-mt333.dll
[2002/09/19 12:20:36 | 000,066,680 | ---- | C] () -- C:\Program Files\ARDS1.ttf
[2002/06/09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll
[2001/08/10 11:36:16 | 003,063,034 | ---- | C] () -- C:\Program Files\Data.Cab
[2001/08/10 11:36:16 | 000,627,712 | ---- | C] () -- C:\Program Files\Virtual Painter.msi
[2001/08/10 11:35:44 | 000,062,697 | ---- | C] () -- C:\Program Files\setup.ini

========== LOP Check ==========

[2011/09/27 08:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/06/21 17:00:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/10 09:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/07 11:05:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2011/10/07 13:35:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DDF46E-C493-470C-89D0-A1338DDA580F}
[2011/08/10 18:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2011/09/27 07:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/08/09 19:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitLord
[2011/10/22 11:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2011/06/26 13:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2011/10/25 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\lang
[2011/06/22 19:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/06/22 19:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philipp Winterberg
[2011/08/09 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Python-Eggs
[2011/11/10 05:14:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >

Edited by Getgraffik, 10 November 2011 - 03:06 PM.

  • 0

Advertisements

#2
Getgraffik
Posted 12 November 2011 - 11:55 AM

Getgraffik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Just wanted to let you know I am getting help for this in meat life, so I no longer need any help. Thanks. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP