Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Misdirect Virus, Need your help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 15th, 2011, 12:18 pm

Hello and thank you for helping me out,

For some time my laptop has been infected with the "Google Misdirect virus" and up until now it has been a nuisance rather than a real threat to my computer. A few nights ago i was redirected to a website that installed some pretty vicious malware that took me several hours to remove. The only antivirus scanning software i used is Malewarebytes' Anti-malware. My laptop is for personal use and besides the google misdirecting those are the only malicious symptoms. The following are a HijackThis log and a log of my scan last night from Malwarebyte's anti malware full scan. Thanks so much in advance, for your help! Obi wan, your our only hope! :lol:

----------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:47 AM, on 3/15/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Steamy\Steam.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Users\Matt\AppData\Local\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Steamy\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8857 bytes
-------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6059

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/14/2011 7:21:45 PM
mbam-log-2011-03-14 (19-21-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 336147
Time elapsed: 38 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am
Advertisement
Register to Remove

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 15th, 2011, 4:16 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 15th, 2011, 4:27 pm

Hi hoylematt,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

The only antivirus scanning software i used is Malewarebytes' Anti-malware


It is vital that you run a real time antivirus program.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    uTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe then select Run as Administrator and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 15th, 2011, 5:58 pm

Thanks for your help!

1) I downloaded Antivira AntiVir and am currently running it on my system.

2) I removed Utorrent p2p filesharing software.

3) I downloaded the CKscanner and after running received the following log file:

--------------------------------------------------------------------------------------------
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\crack dat pat\crack dat pat.exe
c:\program files (x86)\crack dat pat\crack dat pat.url
c:\program files (x86)\crack dat pat\db.rsd
c:\program files (x86)\crack dat pat\install_flash_player_active_x.exe
c:\program files (x86)\crack dat pat\terms & conditions.rtf
c:\program files (x86)\crack dat pat\uninst.exe
c:\program files (x86)\crack dat pat\crackdatpat libs\appearance pak.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\browser plugin.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\internet encodings.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\mbsregistrationplugin15838.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\mbsstringplugin15838.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\mbswindowswmiplugin15838.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\mbswinplugin15838.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\md5.dll
c:\program files (x86)\crack dat pat\crackdatpat libs\realsqldatabase.dll
c:\users\matt\desktop\dat study tools\crack dat pat.lnk
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\30_35_crackerhead22_hinterlands.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\40_45_crackerhead22_eastern_plaguelands.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\45_48_crackerhead22_badlands.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\48_50_crackerhead22_searing_gorge.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\50_52_crackerhead22_burning_steppes.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\52_54_crackerhead22_swamp_of_sorrows.lua
c:\users\public\games\world of warcraft\interface\addons\wowpro_leveling\alliance\54_58_crackerhead22_blasted_lands.lua
scanner sequence 3.ZZ.11
----- EOF -----
--------------------------------------------------------------------------------------------------------------------------


4) I downloaded the microsoft tool, ran it, and received the following log file:
--------------------------------------------------------------------------------------------------------------------------
Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAIAAQABAAEABAACAAAAAwABAAEA6GF4OTZb22RcdB4CRqaN7yIBwGXy9GgUcKacmmrWrFZGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC GATEWA SYSTEM
SSDT PmRef CpuPm

-----------------------------------------------------------------------------------
I use this computer for personal use only.

Thanks again for the help!
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 15th, 2011, 6:06 pm

Hi hoylematt,

downloaded Antivira AntiVir and am currently running it on my system.


Please run a full scan and post the log file when complete.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 15th, 2011, 8:23 pm

Hi Deltalima!
1) I ran the Avira AntiVir full scan, with the following log: I quaranteed the viruses that it found. As far as how to delete them i couldnt figure that out, perhaps thats what quarantine meant in this situation
--------------------------------------------------------------------------------------------------------------------------
Avira AntiVir Personal
Report file date: Tuesday, March 15, 2011 15:39

Scanning for 2494868 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MATT-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 21:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 21:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:35:37
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 21:35:37
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 21:35:38
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 21:35:38
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 21:35:38
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 21:35:38
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 21:35:39
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 21:35:39
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 21:35:39
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 21:35:39
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 21:35:39
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 21:35:40
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 21:35:41
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 21:35:41
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 21:35:42
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 21:35:43
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 21:35:43
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 21:35:44
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 21:35:45
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 21:35:45
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 21:35:46
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 21:35:47
VBASE024.VDF : 7.11.4.184 2048 Bytes 3/14/2011 21:35:47
VBASE025.VDF : 7.11.4.185 2048 Bytes 3/14/2011 21:35:47
VBASE026.VDF : 7.11.4.186 2048 Bytes 3/14/2011 21:35:47
VBASE027.VDF : 7.11.4.187 2048 Bytes 3/14/2011 21:35:48
VBASE028.VDF : 7.11.4.188 2048 Bytes 3/14/2011 21:35:48
VBASE029.VDF : 7.11.4.189 2048 Bytes 3/14/2011 21:35:48
VBASE030.VDF : 7.11.4.190 2048 Bytes 3/14/2011 21:35:48
VBASE031.VDF : 7.11.4.216 78848 Bytes 3/15/2011 21:35:49
Engineversion : 8.2.4.186
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 21:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 3/15/2011 21:36:03
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 21:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 21:23:26
AERDL.DLL : 8.1.9.8 639346 Bytes 3/15/2011 21:36:01
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/15/2011 21:35:59
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/15/2011 21:35:58
AEHEUR.DLL : 8.1.2.86 3350903 Bytes 3/15/2011 21:35:57
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/15/2011 21:35:52
AEGEN.DLL : 8.1.5.2 397683 Bytes 3/15/2011 21:35:51
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 21:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 3/15/2011 21:35:51
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 21:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 21:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 21:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 21:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 21:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 21:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 21:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 21:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 21:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, March 15, 2011 15:39

Starting search for hidden objects.
C:\Users\Public\Games\World of Warcraft\
C:\Users\Public\Games\World of Warcraft\
[NOTE] The registry entry is invisible.
C:\Users\Public\Games\World of Warcraft Public Test\
C:\Users\Public\Games\World of Warcraft Public Test\
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\logtofile
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\timing
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\trace
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\memory
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\locking
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\error
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\custom1
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\custom2
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\custom3
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\custom4
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\custom5
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\CEC_MAIN.exe\timeout
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\timing
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\trace
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\memory
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\locking
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\error
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\custom1
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\custom2
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\custom3
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\custom4
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\custom5
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Debug\GLOBAL\timeout
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\InterVideo\Common\AudioDec\audio
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.clmp3enc\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.clmp3enc\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.clmp3enc\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.clmp3enc\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\id
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
C:\Windows\system32\unregmp2.exe /ShowWMP
C:\Windows\system32\unregmp2.exe /ShowWMP
[NOTE] The registry entry is invisible.
C:\Program Files\Windows Media Player
C:\Program Files\Windows Media Player
[NOTE] The registry entry is invisible.
C:\Program Files\Windows Media Player
C:\Windows\system32\wbem\Logs\WMITracing.log
C:\Windows\system32\wbem\Logs\WMITracing.log
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\a1841308-3541-4fab-bc81-f71556f20b4a
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype)
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '73' Module(s) have been scanned
Scan process 'avnotify.exe' - '87' Module(s) have been scanned
Scan process 'avgnt.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'firefox.exe' - '113' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'SetPoint32.exe' - '29' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '59' Module(s) have been scanned
Scan process 'RichVideo.exe' - '20' Module(s) have been scanned
Scan process 'o2flash.exe' - '16' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '36' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '42' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '30' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '31' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '917' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Users\Matt\AppData\Local\Temp\jar_cache6785053965608750686.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.B Java virus
--> C.class
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.B Java virus
--> F.class
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.D Java virus
--> Google.class
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.E Java virus
C:\Users\Matt\AppData\Local\Temp\jar_cache7605084120882395948.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> Cz_0_CDKa__.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> jWSyyv.class
[DETECTION] Contains recognition pattern of the JAVA/Remote.B Java virus
--> M8PFGFzL.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> rsl__E2.class
[DETECTION] Contains recognition pattern of the JAVA/SecureSet.A Java virus
--> uwE_qu4.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AK Java virus
C:\Users\Matt\AppData\Local\Temp\jar_cache8191118221138650312.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Jafuzzo.A Java virus
--> sunos/Globales.class
[DETECTION] Contains recognition pattern of the JAVA/Jafuzzo.A Java virus
--> sunos/Manuals.class
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.C Java virus
--> sunos/Support.class
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.A Java virus
C:\Users\Matt\AppData\Local\Temp\jar_cache8550508039260491086.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
C:\Users\Matt\AppData\Local\Temp\plugtmp\plugin-Notes1.pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.waxy exploit
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5cb9575a-62e58bec
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\77c3a532-30c5b689
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
C:\Users\Matt\Desktop\CyberLink.PowerDirector.Ultra.8\New folder\cr-pdu80.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
--> keygen.exe
--> Object
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
C:\Windows\SysWOW64\Deviecab.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
C:\Windows\SysWOW64\Deviecab.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '48d05b72.qua'.
C:\Users\Matt\Desktop\CyberLink.PowerDirector.Ultra.8\New folder\cr-pdu80.zip
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '501e74ea.qua'.
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\77c3a532-30c5b689
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '020f2e4f.qua'.
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5cb9575a-62e58bec
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '643b61f1.qua'.
C:\Users\Matt\AppData\Local\Temp\plugtmp\plugin-Notes1.pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.waxy exploit
[NOTE] The file was moved to the quarantine directory under the name '21aa4cf8.qua'.
C:\Users\Matt\AppData\Local\Temp\jar_cache8550508039260491086.tmp
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
[NOTE] The file was moved to the quarantine directory under the name '5eb47eac.qua'.
C:\Users\Matt\AppData\Local\Temp\jar_cache8191118221138650312.tmp
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.A Java virus
[NOTE] The file was moved to the quarantine directory under the name '120c52e6.qua'.
C:\Users\Matt\AppData\Local\Temp\jar_cache7605084120882395948.tmp
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.AK Java virus
[NOTE] The file was moved to the quarantine directory under the name '6e1412b6.qua'.
C:\Users\Matt\AppData\Local\Temp\jar_cache6785053965608750686.tmp
[DETECTION] Contains recognition pattern of the JAVA/Jafusso.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '434e3dfb.qua'.


End of the scan: Tuesday, March 15, 2011 17:08
Used time: 1:17:34 Hour(s)

The scan has been done completely.

32491 Scanned directories
527277 Files were scanned
17 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
527260 Files not concerned
3833 Archives were scanned
0 Warnings
9 Notes
738145 Objects were scanned with rootkit scan
78 Hidden objects were found
----------------------------------------------------------------------------------------------------------------------------------

2) I ran the WVcheck and recieved the following log:

----------------------------------------------------------------------------------------------------------------------------------
Windows Validation Check
Version: 1.9.11.5
Log Created On: 1714_15-03-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last Success Time for Update Detection: 2011-03-15 10:14:26
Last Success Time for Update Download: 2010-06-25 18:33:11
Last Success Time for Update Installation: 2009-07-30 15:57:56


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 7/8/2009 15:43:28
Modification; 10/4/2009 23:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 18:51:9
Modification; 20/1/2008 18:51:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 18:51:9
Modification; 20/1/2008 18:51:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_aa66056bb20829cd\slwga.dll
Size: 14336 bytes
Creation; 20/1/2008 18:50:13
Modification; 20/1/2008 18:50:13
MD5; 6b5dc9711fd15a0e944a4f17366e2300
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_ac517e77af29f519\slwga.dll
Size: 14336 bytes
Creation; 20/1/2008 18:50:13
Modification; 20/1/2008 18:50:13
MD5; 6b5dc9711fd15a0e944a4f17366e2300
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 18:51:9
Modification; 20/1/2008 18:51:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 3d691030dbd3bd75de1501be54f0d425


-------- End of File, program close at 1718_15-03-2011 --------
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 16th, 2011, 4:28 am

Hi hoylematt,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right click TFC.exe and select: Run as Administrator.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know how the computer is running now
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 16th, 2011, 3:17 pm

Here are the 3 logs that you wanted. As far as how my computer is running now, I just attempted to access a couple sites via a google search, and the 2nd search (travel tickets) came up with orbitz as the top result. I clicked on the orbitz result and was redirected to Cheapo airline tickets one of the many sites that this virus likes to send me to instead of where I really want to go.

I tried the same thing with car rental just to be sure. Was sent to Travelo search engine which is probably related to Cheapo. This redirect virus is really annoying holy crap. Thanks again for all your help!

----------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 3/16/2011 11:39:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.32 Gb Total Space | 77.20 Gb Free Space | 26.77% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)


========== Modules (SafeList) ==========

MOD - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys ()
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys ()
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys ()
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (CXRAPHD) Conexant Raptor HD Video Capture (Philips TUV 1236D) -- C:\Windows\SysNative\drivers\cxraphd_IBV64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
IE - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.riftgame.com/en/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {99F541FB-2258-4FDE-A63E-78F792E49E6C}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{99F541FB-2258-4FDE-A63E-78F792E49E6C}: C:\Users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C} [2010/05/31 18:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 06:49:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 06:49:44 | 000,000,000 | ---D | M]

[2009/02/22 12:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2011/03/15 09:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\extensions
[2011/03/06 10:59:21 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/03/06 10:59:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/18 11:07:07 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\extensions\NPDyyno@dyyno.com
[2011/01/07 01:18:56 | 000,000,863 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\searchplugins\conduit.xml
[2010/06/17 21:19:33 | 000,001,751 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\searchplugins\search-the-web.xml
[2011/03/16 11:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/31 18:00:18 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MATT\APPDATA\LOCAL\{99F541FB-2258-4FDE-A63E-78F792E49E6C}

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000..\Run: [Steam] C:\Steamy\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ed67b59-1b1f-11df-b458-001d72ef4ae2}\Shell - "" = AutoRun
O33 - MountPoints2\{2ed67b59-1b1f-11df-b458-001d72ef4ae2}\Shell\AutoRun\command - "" = E:\BSAutoRun.exe
O33 - MountPoints2\{580f3398-4527-11df-a534-001d72ef4ae2}\Shell - "" = AutoRun
O33 - MountPoints2\{580f3398-4527-11df-a534-001d72ef4ae2}\Shell\AutoRun\command - "" = G:\laucher.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\BSAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4250599012-288616337-2587635617-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 11:33:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/03/16 11:33:22 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2011/03/15 15:07:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Malware Removal
[2011/03/15 14:51:41 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/03/15 14:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/03/15 14:39:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Avira
[2011/03/15 14:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/03/15 14:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/03/15 14:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/03/10 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\The Workout Mix 2011+full set of covers
[2011/03/03 04:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/03/03 04:39:26 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/03/03 04:39:25 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/03/03 04:39:23 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/03/03 04:39:23 | 010,078,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/03/03 04:39:23 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/03/03 04:39:23 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/03/03 04:39:23 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/03/03 04:39:23 | 001,965,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/03/03 04:39:23 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/03/03 04:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/03/03 04:35:22 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/03/03 04:25:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SystemRequirementsLab
[2011/03/03 04:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/03/03 02:50:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/03/03 02:50:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/03/03 02:50:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/03/03 02:50:25 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/03/03 02:50:25 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/03/03 02:50:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/03/03 02:50:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/03/03 02:50:22 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/03/03 02:50:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/03/03 02:50:20 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/03/03 02:50:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/03/03 02:50:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/03/03 02:50:19 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/03/03 02:50:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/03/03 02:50:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/03/03 02:50:18 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/03/03 02:50:16 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/03/03 02:50:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/03/03 02:50:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/03/03 02:50:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/03/03 02:50:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/03/03 02:50:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/03/03 02:50:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/03/03 02:50:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/02/23 13:07:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\All aXXo Movies as of 9 6 2008
[2011/02/21 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/02/21 15:28:41 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/02/21 15:28:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/02/21 15:28:39 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/02/21 15:28:39 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/02/21 15:28:38 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/02/21 15:28:37 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/02/21 15:28:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/02/21 15:28:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/02/21 15:28:34 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/02/21 15:28:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/02/21 15:28:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/02/21 15:28:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/02/21 15:28:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/02/21 15:27:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\RIFT
[2011/02/21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\RIFT Beta
[2011/02/21 09:33:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/21 09:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[2011/03/16 11:37:12 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/03/16 11:37:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 11:37:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 11:37:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/03/16 11:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/16 11:33:42 | 000,296,448 | ---- | M] () -- C:\Users\Matt\Desktop\m8w9znde.exe
[2011/03/16 11:33:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/03/16 11:33:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2011/03/16 01:14:24 | 000,695,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/16 01:14:24 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/16 01:14:24 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/14 22:11:57 | 000,221,184 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 22:34:23 | 000,013,018 | -HS- | M] () -- C:\Users\Matt\AppData\Local\3782553494
[2011/03/12 22:34:23 | 000,013,018 | -HS- | M] () -- C:\ProgramData\3782553494
[2011/03/12 22:24:10 | 577,001,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/12 22:01:36 | 000,000,680 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2011/03/11 03:13:59 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/03/11 00:10:33 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/03 04:41:00 | 000,001,460 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat
[2011/03/02 15:15:08 | 000,000,166 | ---- | M] () -- C:\Users\Matt\Desktop\RIFT.url

========== Files Created - No Company Name ==========

[2011/03/16 11:33:41 | 000,296,448 | ---- | C] () -- C:\Users\Matt\Desktop\m8w9znde.exe
[2011/03/15 14:34:58 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/03/15 14:34:58 | 000,083,120 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/03/12 18:24:28 | 000,013,018 | -HS- | C] () -- C:\Users\Matt\AppData\Local\3782553494
[2011/03/12 18:24:28 | 000,013,018 | -HS- | C] () -- C:\ProgramData\3782553494
[2011/03/03 04:39:27 | 001,359,976 | ---- | C] () -- C:\Windows\SysNative\nvgenco64hda.dll
[2011/03/03 04:39:27 | 000,155,752 | ---- | C] () -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/03/03 04:39:27 | 000,070,760 | ---- | C] () -- C:\Windows\SysNative\nvapo64v.dll
[2011/03/03 04:39:27 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\nvhdap64.dll
[2011/03/03 04:39:26 | 007,729,256 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/03/03 04:39:25 | 020,471,912 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll
[2011/03/03 04:39:24 | 012,961,640 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys
[2011/03/03 04:39:24 | 001,614,440 | ---- | C] () -- C:\Windows\SysNative\nvdispco642090.dll
[2011/03/03 04:39:24 | 001,359,976 | ---- | C] () -- C:\Windows\SysNative\nvgenco642040.dll
[2011/03/03 04:39:24 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/03/03 04:39:23 | 018,580,072 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2011/03/03 04:39:23 | 012,859,496 | ---- | C] () -- C:\Windows\SysNative\nvd3dumx.dll
[2011/03/03 04:39:23 | 006,604,904 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll
[2011/03/03 04:39:23 | 003,112,040 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll
[2011/03/03 04:39:23 | 002,479,720 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll
[2011/03/03 04:39:23 | 002,200,680 | ---- | C] () -- C:\Windows\SysNative\nvapi64.dll
[2011/03/03 04:39:23 | 000,067,176 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2011/03/03 04:39:23 | 000,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/03/03 02:50:28 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2011/03/03 02:50:28 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2011/03/03 02:50:27 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/03/03 02:50:25 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/03/03 02:50:25 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2011/03/03 02:50:24 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2011/03/03 02:50:24 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2011/03/03 02:50:22 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/03/03 02:50:22 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2011/03/03 02:50:20 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2011/03/03 02:50:20 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2011/03/03 02:50:20 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/03/03 02:50:19 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2011/03/03 02:50:19 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/03/03 02:50:18 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/03/03 02:50:18 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2011/03/03 02:50:16 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2011/03/03 02:50:15 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2011/03/03 02:50:15 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2011/03/03 02:50:15 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/03/03 02:50:14 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2011/03/03 02:50:14 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/03/03 02:50:14 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/03/03 02:50:13 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/03/03 02:50:13 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2011/03/03 02:50:13 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2011/03/03 02:50:12 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2011/03/02 15:15:08 | 000,000,166 | ---- | C] () -- C:\Users\Matt\Desktop\RIFT.url
[2011/02/21 15:28:41 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2011/02/21 15:28:41 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/02/21 15:28:39 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/02/21 15:28:39 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2011/02/21 15:28:38 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/02/21 15:28:37 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2011/02/21 15:28:36 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2011/02/21 15:28:35 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2011/02/21 15:28:34 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2011/02/21 15:28:34 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/02/21 15:28:31 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2011/02/21 15:28:30 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/12/10 11:28:49 | 000,009,680 | ---- | C] () -- C:\Users\Matt\AppData\Local\elaxetedabe.dll
[2010/12/10 00:13:06 | 000,028,080 | ---- | C] () -- C:\Users\Matt\AppData\Local\ulonuzafa.dll
[2010/12/09 22:11:11 | 000,028,079 | ---- | C] () -- C:\Users\Matt\AppData\Local\upubemobelisuz.dll
[2010/12/09 18:20:19 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayiwavadej.dll
[2010/12/09 14:17:22 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\irevudam.dll
[2010/12/09 12:02:47 | 000,009,682 | ---- | C] () -- C:\Users\Matt\AppData\Local\akacoruwuyanacu.dll
[2010/12/09 10:00:47 | 000,009,682 | ---- | C] () -- C:\Users\Matt\AppData\Local\oqaqowaliyun.dll
[2010/12/08 22:23:52 | 000,009,682 | ---- | C] () -- C:\Users\Matt\AppData\Local\ijupahog.dll
[2010/12/07 16:49:42 | 000,009,726 | ---- | C] () -- C:\Users\Matt\AppData\Local\efafivuf.dll
[2010/12/07 14:43:58 | 000,009,726 | ---- | C] () -- C:\Users\Matt\AppData\Local\akupiditem.dll
[2010/12/07 12:10:49 | 000,009,601 | ---- | C] () -- C:\Users\Matt\AppData\Local\elisogologiwab.dll
[2010/12/07 10:08:48 | 000,009,601 | ---- | C] () -- C:\Users\Matt\AppData\Local\olofidelujolij.dll
[2010/12/07 08:06:59 | 000,009,601 | ---- | C] () -- C:\Users\Matt\AppData\Local\exomipusovo.dll
[2010/12/06 10:07:47 | 000,009,572 | ---- | C] () -- C:\Users\Matt\AppData\Local\awematumoyes.dll
[2010/12/06 08:05:47 | 000,009,571 | ---- | C] () -- C:\Users\Matt\AppData\Local\ocitamagabobi.dll
[2010/12/05 15:41:12 | 000,009,573 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofubasebiw.dll
[2010/12/04 23:30:21 | 000,027,353 | ---- | C] () -- C:\Users\Matt\AppData\Local\ehadazayujupi.dll
[2010/12/04 14:03:02 | 000,027,352 | ---- | C] () -- C:\Users\Matt\AppData\Local\uwiwepasule.dll
[2010/12/04 12:10:14 | 000,009,702 | ---- | C] () -- C:\Users\Matt\AppData\Local\ekexewugonajero.dll
[2010/12/04 10:08:14 | 000,009,703 | ---- | C] () -- C:\Users\Matt\AppData\Local\ifoqixates.dll
[2010/12/03 17:02:41 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\ozucoruw.dll
[2010/12/03 15:00:41 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\iqukuqisalutejef.dll
[2010/12/03 08:37:55 | 000,009,541 | ---- | C] () -- C:\Users\Matt\AppData\Local\adidasib.dll
[2010/12/02 21:51:51 | 000,005,403 | ---- | C] () -- C:\Users\Matt\AppData\Local\uwaxixib.dll
[2010/12/02 16:58:48 | 000,027,346 | ---- | C] () -- C:\Users\Matt\AppData\Local\urikemomopuduy.dll
[2010/12/02 14:57:18 | 000,027,346 | ---- | C] () -- C:\Users\Matt\AppData\Local\oridukemug.dll
[2010/12/01 13:53:08 | 000,008,723 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewoxuxabibidovug.dll
[2010/11/30 18:41:33 | 000,009,607 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofenarigap.dll
[2010/11/30 11:33:21 | 000,009,539 | ---- | C] () -- C:\Users\Matt\AppData\Local\eqojehulalihocim.dll
[2010/11/30 09:31:21 | 000,009,539 | ---- | C] () -- C:\Users\Matt\AppData\Local\axenibumerujo.dll
[2010/11/30 07:29:21 | 000,009,539 | ---- | C] () -- C:\Users\Matt\AppData\Local\aniyureg.dll
[2010/11/30 02:25:09 | 000,027,355 | ---- | C] () -- C:\Users\Matt\AppData\Local\amosoyuyebiyini.dll
[2010/11/30 00:23:39 | 000,027,356 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvebagogagimo.dll
[2010/11/29 13:13:49 | 000,009,621 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipuyodege.dll
[2010/11/29 09:15:39 | 000,027,355 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyefoqes.dll
[2010/11/28 19:42:39 | 000,009,873 | ---- | C] () -- C:\Users\Matt\AppData\Local\oniyureg.dll
[2010/11/28 14:55:07 | 000,009,609 | ---- | C] () -- C:\Users\Matt\AppData\Local\ajuzoxaz.dll
[2010/11/28 12:53:08 | 000,009,609 | ---- | C] () -- C:\Users\Matt\AppData\Local\ojuwecigitulobom.dll
[2010/11/28 10:51:12 | 000,009,609 | ---- | C] () -- C:\Users\Matt\AppData\Local\odegadagakusa.dll
[2010/11/28 04:02:09 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivuhujeh.dll
[2010/11/28 02:00:09 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\azekuyep.dll
[2010/11/27 23:58:09 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\elasuyax.dll
[2010/11/27 21:56:08 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\evuviloxeg.dll
[2010/11/27 19:54:08 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\irupeter.dll
[2010/11/27 17:52:07 | 000,009,539 | ---- | C] () -- C:\Users\Matt\AppData\Local\igajabivebaxiti.dll
[2010/11/27 15:50:06 | 000,009,539 | ---- | C] () -- C:\Users\Matt\AppData\Local\ajozuvov.dll
[2010/11/27 13:48:06 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\afefojuf.dll
[2010/11/27 09:44:06 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\ikereciy.dll
[2010/11/25 08:50:08 | 000,009,795 | ---- | C] () -- C:\Users\Matt\AppData\Local\examuzag.dll
[2010/11/24 17:38:45 | 000,009,583 | ---- | C] () -- C:\Users\Matt\AppData\Local\upugukogevusu.dll
[2010/11/24 15:38:50 | 000,013,853 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipubinag.dll
[2010/11/20 11:23:51 | 000,000,680 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2010/11/11 15:50:19 | 000,001,569 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyiwepasule.dll
[2010/10/05 09:31:19 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\egeruzonahukozi.dll
[2010/10/04 20:28:42 | 000,002,181 | ---- | C] () -- C:\Users\Matt\AppData\Local\obiwanom.dll
[2010/10/04 09:52:30 | 000,002,159 | ---- | C] () -- C:\Users\Matt\AppData\Local\isajanil.dll
[2010/10/03 21:42:25 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivegigus.dll
[2010/10/03 15:08:27 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\afazizuf.dll
[2010/10/03 13:06:27 | 000,002,185 | ---- | C] () -- C:\Users\Matt\AppData\Local\uziwidum.dll
[2010/10/03 11:04:28 | 000,002,167 | ---- | C] () -- C:\Users\Matt\AppData\Local\ihuwotev.dll
[2010/10/03 07:55:33 | 000,002,187 | ---- | C] () -- C:\Users\Matt\AppData\Local\ehulugaw.dll
[2010/10/02 23:30:59 | 000,002,207 | ---- | C] () -- C:\Users\Matt\AppData\Local\ubuwexul.dll
[2010/10/02 21:28:59 | 000,002,171 | ---- | C] () -- C:\Users\Matt\AppData\Local\uhilusas.dll
[2010/10/02 16:58:19 | 000,002,159 | ---- | C] () -- C:\Users\Matt\AppData\Local\ifomunum.dll
[2010/10/02 14:56:20 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\epuzayahe.dll
[2010/10/02 13:05:47 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\iliciduw.dll
[2010/10/02 11:03:47 | 000,002,169 | ---- | C] () -- C:\Users\Matt\AppData\Local\ixozaqaw.dll
[2010/10/02 09:02:08 | 000,002,165 | ---- | C] () -- C:\Users\Matt\AppData\Local\usaxovab.dll
[2010/10/01 06:22:51 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\elezawuf.dll
[2010/09/30 16:27:26 | 000,002,185 | ---- | C] () -- C:\Users\Matt\AppData\Local\iwomucet.dll
[2010/09/30 15:22:14 | 000,002,185 | ---- | C] () -- C:\Users\Matt\AppData\Local\afegefim.dll
[2010/09/30 14:25:37 | 000,002,177 | ---- | C] () -- C:\Users\Matt\AppData\Local\ekazulax.dll
[2010/09/30 12:23:33 | 000,002,161 | ---- | C] () -- C:\Users\Matt\AppData\Local\aliwapaf.dll
[2010/09/30 10:21:33 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\imuwahazuyosegef.dll
[2010/09/29 20:32:38 | 000,002,213 | ---- | C] () -- C:\Users\Matt\AppData\Local\ububexuy.dll
[2010/09/29 16:51:14 | 000,002,177 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewegisey.dll
[2010/09/29 14:49:15 | 000,002,161 | ---- | C] () -- C:\Users\Matt\AppData\Local\iwiwepasulebodu.dll
[2010/09/29 11:42:10 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\axiyuregadaga.dll
[2010/09/28 22:27:36 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\eniyurega.dll
[2010/09/28 16:09:00 | 000,002,193 | ---- | C] () -- C:\Users\Matt\AppData\Local\evehawuroviqohu.dll
[2010/09/28 14:09:04 | 000,005,337 | ---- | C] () -- C:\Users\Matt\AppData\Local\abamecus.dll
[2010/09/28 09:42:07 | 000,002,191 | ---- | C] () -- C:\Users\Matt\AppData\Local\atewobozeyesoguf.dll
[2010/09/27 20:41:07 | 000,002,169 | ---- | C] () -- C:\Users\Matt\AppData\Local\abosajubij.dll
[2010/09/27 18:39:08 | 000,002,169 | ---- | C] () -- C:\Users\Matt\AppData\Local\akiyiniyetasoyu.dll
[2010/09/27 12:34:44 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\unegexin.dll
[2010/09/27 07:06:04 | 000,002,203 | ---- | C] () -- C:\Users\Matt\AppData\Local\onovawubixaxayug.dll
[2010/09/26 22:21:00 | 000,002,143 | ---- | C] () -- C:\Users\Matt\AppData\Local\ajucofezip.dll
[2010/09/26 20:19:00 | 000,002,191 | ---- | C] () -- C:\Users\Matt\AppData\Local\azogunewuc.dll
[2010/09/26 11:39:35 | 000,002,187 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibuvigulusefub.dll
[2010/09/25 12:27:45 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\eregobeyeyo.dll
[2010/09/25 11:26:51 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\ugevitogolo.dll
[2010/09/25 09:25:02 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\isejacoyu.dll
[2010/09/24 20:19:41 | 000,002,177 | ---- | C] () -- C:\Users\Matt\AppData\Local\ociyemamerih.dll
[2010/09/24 16:14:45 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\afucivir.dll
[2010/09/24 14:12:46 | 000,002,187 | ---- | C] () -- C:\Users\Matt\AppData\Local\efojirazohitoz.dll
[2010/09/24 12:10:46 | 000,002,201 | ---- | C] () -- C:\Users\Matt\AppData\Local\ufopanuvaz.dll
[2010/09/24 10:09:17 | 000,002,201 | ---- | C] () -- C:\Users\Matt\AppData\Local\eyegukoge.dll
[2010/09/24 07:00:24 | 000,002,191 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayejogumajapim.dll
[2010/09/23 22:51:23 | 000,002,191 | ---- | C] () -- C:\Users\Matt\AppData\Local\anewuyazamil.dll
[2010/09/23 20:49:23 | 000,002,209 | ---- | C] () -- C:\Users\Matt\AppData\Local\eyiduraya.dll
[2010/09/23 17:24:14 | 000,002,167 | ---- | C] () -- C:\Users\Matt\AppData\Local\usoyiyime.dll
[2010/09/23 15:22:15 | 000,002,175 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyaqivuxe.dll
[2010/09/23 10:13:43 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\ujoqetug.dll
[2010/09/23 07:57:30 | 000,009,607 | ---- | C] () -- C:\Users\Matt\AppData\Local\ojomizih.dll
[2010/09/22 22:15:15 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayacasat.dll
[2010/09/21 15:31:57 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\ehexanetix.dll
[2010/09/20 20:20:32 | 000,002,215 | ---- | C] () -- C:\Users\Matt\AppData\Local\apiyetas.dll
[2010/09/20 12:18:31 | 000,002,177 | ---- | C] () -- C:\Users\Matt\AppData\Local\ebiyedohaqitej.dll
[2010/09/20 08:59:39 | 000,002,171 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayaqivuxe.dll
[2010/09/19 23:15:21 | 000,002,187 | ---- | C] () -- C:\Users\Matt\AppData\Local\ogajikeregucoru.dll
[2010/09/19 21:13:21 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\oviyayiy.dll
[2010/09/19 10:35:22 | 000,002,185 | ---- | C] () -- C:\Users\Matt\AppData\Local\uzoxisigihajile.dll
[2010/09/18 23:00:04 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\usezucowopoze.dll
[2010/09/18 20:58:04 | 000,002,191 | ---- | C] () -- C:\Users\Matt\AppData\Local\aluwavad.dll
[2010/09/18 18:56:04 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\asupofuyipidu.dll
[2010/09/18 14:13:30 | 000,002,201 | ---- | C] () -- C:\Users\Matt\AppData\Local\areciqusoletunux.dll
[2010/09/18 12:11:29 | 000,002,201 | ---- | C] () -- C:\Users\Matt\AppData\Local\iciwugow.dll
[2010/09/18 10:09:30 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\erewexuluqizev.dll
[2010/09/17 17:35:36 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\ehapubikehej.dll
[2010/09/17 15:33:36 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibiqowaliyun.dll
[2010/09/17 13:31:36 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\edaqerof.dll
[2010/09/17 07:57:59 | 000,002,177 | ---- | C] () -- C:\Users\Matt\AppData\Local\aqogilimelum.dll
[2010/09/16 22:57:59 | 000,002,197 | ---- | C] () -- C:\Users\Matt\AppData\Local\erarijafecu.dll
[2010/09/16 20:55:59 | 000,002,169 | ---- | C] () -- C:\Users\Matt\AppData\Local\oralelufiwu.dll
[2010/09/16 18:56:03 | 000,003,378 | ---- | C] () -- C:\Users\Matt\AppData\Local\aqovonegifo.dll
[2010/09/16 15:57:49 | 000,002,179 | ---- | C] () -- C:\Users\Matt\AppData\Local\osezerazurowovox.dll
[2010/09/16 13:57:53 | 000,005,423 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyiyijiwan.dll
[2010/09/16 11:54:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aduboboge.dll
[2010/09/16 09:23:40 | 000,005,379 | ---- | C] () -- C:\Users\Matt\AppData\Local\ododejuz.dll
[2010/09/16 07:21:41 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aridopumamajux.dll
[2010/09/15 20:39:56 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iguyodege.dll
[2010/09/15 12:39:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\opaxetet.dll
[2010/09/15 10:16:15 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\asukaqibiyovoxan.dll
[2010/09/14 22:17:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\emusozom.dll
[2010/09/14 16:44:51 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofiqecuzoz.dll
[2010/09/14 11:20:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\opivoher.dll
[2010/09/14 09:18:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\okiyazamilab.dll
[2010/09/14 07:16:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewejogumajapim.dll
[2010/09/13 14:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uhiyifanivago.dll
[2010/09/13 11:57:57 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\exevihegoza.dll
[2010/09/13 10:53:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\usedejuzakaxodem.dll
[2010/09/13 08:51:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayafusizebaz.dll
[2010/09/13 06:49:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aleridubayavejog.dll
[2010/09/12 23:09:48 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ozicuzozecahex.dll
[2010/09/12 21:07:48 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oriqugarorohuge.dll
[2010/09/12 19:05:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uriyetas.dll
[2010/09/12 14:22:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\evejedabenud.dll
[2010/09/11 21:28:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\avafipul.dll
[2010/09/11 19:26:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uqevanuzafavina.dll
[2010/09/11 11:02:17 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\efiwekif.dll
[2010/09/11 09:00:18 | 000,009,609 | ---- | C] () -- C:\Users\Matt\AppData\Local\uguwecig.dll
[2010/09/10 15:57:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\itijoloz.dll
[2010/09/10 13:55:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\opunudowubucudi.dll
[2010/09/10 06:56:15 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxebiyini.dll
[2010/09/10 02:08:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipoxijoyigere.dll
[2010/09/10 00:06:06 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ecukaqib.dll
[2010/09/09 23:20:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\egukohiyimaxe.dll
[2010/09/09 17:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\owisifefela.dll
[2010/09/09 15:13:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uwexucemucoroje.dll
[2010/09/09 11:57:09 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uqenacur.dll
[2010/09/09 09:55:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oruvanuzafavina.dll
[2010/09/09 07:53:41 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aqoxikayisuki.dll
[2010/09/08 16:41:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\apaduraya.dll
[2010/09/08 14:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipuyufomorabulez.dll
[2010/09/08 09:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ezajosifaduju.dll
[2010/09/08 07:12:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ahiyalogujage.dll
[2010/09/07 15:29:32 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayalimelum.dll
[2010/09/07 09:07:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\upajolozik.dll
[2010/09/06 22:27:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\enafiziw.dll
[2010/09/06 20:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\axikunosesoxi.dll
[2010/09/06 08:06:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\edamomigo.dll
[2010/09/06 00:33:56 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvewadil.dll
[2010/09/05 22:32:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\azeviwec.dll
[2010/09/05 11:06:54 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oqiducen.dll
[2010/09/05 08:05:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uqiducenafi.dll
[2010/09/04 11:48:06 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iqiropif.dll
[2010/09/04 09:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oriyetasoyuyebi.dll
[2010/09/04 08:07:23 | 000,009,682 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivejedabenudajug.dll
[2010/09/04 00:10:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ahiyemam.dll
[2010/09/03 15:57:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivonevoz.dll
[2010/09/03 13:55:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\awepuqaz.dll
[2010/09/03 11:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayibomuredi.dll
[2010/09/03 09:51:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ahebagoga.dll
[2010/09/03 08:14:55 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\abasaxog.dll
[2010/09/02 21:27:51 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eladiyubader.dll
[2010/09/02 17:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\italevef.dll
[2010/09/02 15:21:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ixalupavidif.dll
[2010/09/02 13:20:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\anovawubixax.dll
[2010/09/02 11:20:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovukibof.dll
[2010/09/02 09:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ojenocesofihutaf.dll
[2010/09/02 07:16:54 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uhebagog.dll
[2010/09/01 16:32:13 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ogucoxew.dll
[2010/09/01 14:32:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovegigusobo.dll
[2010/09/01 08:32:07 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ijucofezip.dll
[2010/08/31 22:06:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eyiwepasulebodu.dll
[2010/08/31 20:42:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivasoyuyebi.dll
[2010/08/30 23:04:06 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\omubucamotig.dll
[2010/08/30 19:40:26 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isukexug.dll
[2010/08/30 18:32:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibatamagabobi.dll
[2010/08/30 11:58:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\owebagogagimo.dll
[2010/08/30 04:47:35 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\asewisura.dll
[2010/08/30 02:45:15 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\amalihiw.dll
[2010/08/30 00:43:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\atimifor.dll
[2010/08/29 22:41:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ebejifig.dll
[2010/08/29 16:34:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uyaqivux.dll
[2010/08/29 14:32:41 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oduboboge.dll
[2010/08/29 08:18:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyegukogevusu.dll
[2010/08/29 06:59:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovasoyuyebiyini.dll
[2010/08/28 21:50:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ezoxolib.dll
[2010/08/28 13:22:08 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\ecoxanet.dll
[2010/08/28 09:36:55 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\upuvigulus.dll
[2010/08/28 07:34:33 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibidopumam.dll
[2010/08/28 07:07:20 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ekebazobif.dll
[2010/08/27 21:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ufejedab.dll
[2010/08/27 17:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\atadoqenezu.dll
[2010/08/26 21:16:57 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uwasuqeb.dll
[2010/08/26 16:37:57 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\etewowowowowo.dll
[2010/08/26 14:35:58 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\imeroxehotep.dll
[2010/08/26 09:10:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\onawanom.dll
[2010/08/26 07:08:31 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovebagoga.dll
[2010/08/25 16:43:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\izilonor.dll
[2010/08/25 14:41:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\adiwekif.dll
[2010/08/25 12:38:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\amexisig.dll
[2010/08/25 10:36:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ijejedabenud.dll
[2010/08/25 08:47:14 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\esibucam.dll
[2010/08/25 06:45:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ayovoneg.dll
[2010/08/24 17:17:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\icarinaz.dll
[2010/08/24 15:15:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ikiluqiz.dll
[2010/08/24 13:13:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\unejacoyusiku.dll
[2010/08/24 10:45:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ifoqusol.dll
[2010/08/24 08:43:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uniqidefayoqe.dll
[2010/08/23 16:01:17 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\anonafazeqeqal.dll
[2010/08/23 13:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ihihocozis.dll
[2010/08/23 11:57:39 | 000,027,356 | ---- | C] () -- C:\Users\Matt\AppData\Local\ireheseweriquyi.dll
[2010/08/23 09:57:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofohuyag.dll
[2010/08/23 06:56:53 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\igeboqut.dll
[2010/08/21 23:49:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\amesowovonegi.dll
[2010/08/21 21:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ememinopa.dll
[2010/08/21 19:45:07 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\apumazekudegem.dll
[2010/08/21 17:43:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\opewavadejuzak.dll
[2010/08/21 15:41:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\akolimelumorun.dll
[2010/08/21 13:39:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivehawur.dll
[2010/08/21 11:37:07 | 000,002,157 | ---- | C] () -- C:\Users\Matt\AppData\Local\ojubasebiweyif.dll
[2010/08/21 11:00:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\acoxujesazuku.dll
[2010/08/21 09:33:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\erenutul.dll
[2010/08/20 23:05:19 | 000,002,189 | ---- | C] () -- C:\Users\Matt\AppData\Local\urimakulad.dll
[2010/08/20 18:42:15 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isukalegetekola.dll
[2010/08/19 22:04:33 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\eriyetasoyuyebi.dll
[2010/08/19 17:52:51 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyiwavadej.dll
[2010/08/19 13:49:09 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\efikofeg.dll
[2010/08/19 12:04:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\obuvigul.dll
[2010/08/19 07:09:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\arevudam.dll
[2010/08/18 22:29:39 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uhukukububov.dll
[2010/08/18 16:10:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\olibililahacafof.dll
[2010/08/18 14:08:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isucipis.dll
[2010/08/18 11:31:00 | 000,009,607 | ---- | C] () -- C:\Users\Matt\AppData\Local\igonacur.dll
[2010/08/18 09:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\idubobog.dll
[2010/08/18 07:33:34 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aquburuyaxubexu.dll
[2010/08/18 07:04:00 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\izoxisigihajile.dll
[2010/08/17 18:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewiwepasule.dll
[2010/08/17 16:05:30 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\abuvigul.dll
[2010/08/16 23:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aticomexe.dll
[2010/08/16 21:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\azuvefif.dll
[2010/08/16 19:10:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\alitamagabobi.dll
[2010/08/16 17:02:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\osamotetacoy.dll
[2010/08/16 16:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uleguyoy.dll
[2010/08/16 14:50:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovaloyar.dll
[2010/08/16 12:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipicenafidaco.dll
[2010/08/16 10:46:34 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\akubinagoguta.dll
[2010/08/16 08:03:00 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofogotobuhuwon.dll
[2010/08/15 16:18:34 | 000,002,175 | ---- | C] () -- C:\Users\Matt\AppData\Local\udenegifopani.dll
[2010/08/15 14:16:56 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyasaxogapoga.dll
[2010/08/13 16:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uruqidefayoqe.dll
[2010/08/13 14:03:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ulunibume.dll
[2010/08/13 12:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ixodujug.dll
[2010/08/13 08:17:31 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\evamiyumihoy.dll
[2010/08/12 22:26:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\unebufebos.dll
[2010/08/12 16:20:09 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyenajer.dll
[2010/08/12 14:18:12 | 000,002,185 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewaxixib.dll
[2010/08/11 22:48:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\itejubetov.dll
[2010/08/11 18:43:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\osikeqod.dll
[2010/08/11 16:41:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ezedeluj.dll
[2010/08/11 14:40:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\asuqidefa.dll
[2010/08/11 12:38:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\obaqugar.dll
[2010/08/11 10:36:06 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ubenudowubucudi.dll
[2010/08/11 08:34:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\omebicitaqunuhog.dll
[2010/08/10 21:00:35 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\udayiyim.dll
[2010/08/10 18:58:39 | 000,002,173 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewoqoziyijevu.dll
[2010/08/10 09:34:17 | 000,009,571 | ---- | C] () -- C:\Users\Matt\AppData\Local\exuvadazader.dll
[2010/08/10 00:00:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\irazunesey.dll
[2010/08/09 19:54:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ilugutudiwoniqi.dll
[2010/08/09 17:52:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\exoxeyuv.dll
[2010/08/09 15:50:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\osefumakulad.dll
[2010/08/09 13:48:21 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\erohonevoz.dll
[2010/08/09 11:46:20 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\onojosif.dll
[2010/08/09 09:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oqotewis.dll
[2010/08/09 07:42:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\efulidemawixor.dll
[2010/08/07 22:51:48 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ekucabaf.dll
[2010/08/07 20:50:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iwubijamehigatag.dll
[2010/08/07 17:13:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eguwecig.dll
[2010/08/07 15:07:13 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\upucenaf.dll
[2010/08/07 13:04:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\edabinag.dll
[2010/08/07 11:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyuhudafugaho.dll
[2010/08/07 01:19:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipamerihes.dll
[2010/08/06 21:38:48 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\umamunumatoy.dll
[2010/08/06 16:30:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyacasat.dll
[2010/08/06 13:14:35 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipunikanujuqod.dll
[2010/08/06 10:35:03 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\uxalupavidif.dll
[2010/08/06 08:33:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ipaxeqayofika.dll
[2010/08/05 22:32:00 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iheharusaneyulex.dll
[2010/08/05 20:30:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\axukejubetovapuz.dll
[2010/08/05 11:23:26 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isucecisuwaq.dll
[2010/08/05 09:21:53 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibubexuyiru.dll
[2010/08/05 01:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isidokez.dll
[2010/08/04 23:34:55 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eqehonev.dll
[2010/08/04 15:11:43 | 000,009,608 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvejedabenud.dll
[2010/08/04 08:36:35 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ukomusigegobe.dll
[2010/08/03 22:18:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\osusifef.dll
[2010/08/03 20:16:20 | 000,002,165 | ---- | C] () -- C:\Users\Matt\AppData\Local\epaxeqayo.dll
[2010/08/03 12:29:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyenuzafa.dll
[2010/08/03 10:26:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ocotazalebin.dll
[2010/08/03 08:25:53 | 000,002,209 | ---- | C] () -- C:\Users\Matt\AppData\Local\aherabatid.dll
[2010/08/02 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\asusifef.dll
[2010/08/02 09:09:49 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\otiyovuzi.dll
[2010/08/01 08:26:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\utevegub.dll
[2010/07/31 22:42:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\unulamol.dll
[2010/07/31 20:40:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iyiciluvunebur.dll
[2010/07/31 18:38:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyiqahivaf.dll
[2010/07/31 16:36:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ajeboduyeviwepa.dll
[2010/07/31 12:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ocoloxegirif.dll
[2010/07/31 10:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oqilezel.dll
[2010/07/31 08:04:26 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ovuyosamavabowin.dll
[2010/07/31 00:00:24 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\okupiditem.dll
[2010/07/30 22:03:26 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\efiferabatid.dll
[2010/07/30 16:39:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxosowovonegi.dll
[2010/07/30 14:37:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\epokijad.dll
[2010/07/30 12:35:24 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aqiqatar.dll
[2010/07/30 10:33:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uhiwomew.dll
[2010/07/30 08:31:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\icirijafecu.dll
[2010/07/30 06:29:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvevokom.dll
[2010/07/29 23:28:34 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oduhojafa.dll
[2010/07/29 21:26:34 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvehawuroviqohu.dll
[2010/07/29 19:24:55 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofikofeg.dll
[2010/07/29 11:31:05 | 000,002,183 | ---- | C] () -- C:\Users\Matt\AppData\Local\uquyazamilabefog.dll
[2010/07/29 08:29:55 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxukejubetovapuz.dll
[2010/07/28 23:29:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\icojanilerih.dll
[2010/07/28 21:27:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\edenegifo.dll
[2010/07/28 19:26:12 | 000,002,195 | ---- | C] () -- C:\Users\Matt\AppData\Local\ejubasebiweyif.dll
[2010/07/28 08:25:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\inovawubixax.dll
[2010/07/27 22:42:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofefojuf.dll
[2010/07/27 20:40:47 | 000,009,538 | ---- | C] () -- C:\Users\Matt\AppData\Local\uqaqowaliyunolif.dll
[2010/07/27 18:38:46 | 000,009,681 | ---- | C] () -- C:\Users\Matt\AppData\Local\ubamecusuramujo.dll
[2010/07/27 12:13:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\opebufebos.dll
[2010/07/27 11:07:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eyasaxogapoga.dll
[2010/07/27 08:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\awoqoziyi.dll
[2010/07/26 21:45:51 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\usucecisuwaq.dll
[2010/07/26 19:43:59 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\itegadaga.dll
[2010/07/26 08:22:12 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iqogilimelum.dll
[2010/07/25 20:07:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ikuwofes.dll
[2010/07/25 18:05:43 | 000,000,566 | ---- | C] () -- C:\Users\Matt\AppData\Local\uzuyicubuc.dll
[2010/07/25 07:37:18 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ofiyohuy.dll
[2010/07/24 22:53:01 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ahiwomewo.dll
[2010/07/24 20:50:57 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eduvukovikerevaf.dll
[2010/07/24 18:48:58 | 000,003,378 | ---- | C] () -- C:\Users\Matt\AppData\Local\ulejozug.dll
[2010/07/24 17:19:09 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ubayapar.dll
[2010/07/24 15:17:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\utovupom.dll
[2010/07/24 10:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxikunosesoxi.dll
[2010/07/24 09:04:03 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uxebiyiniyeta.dll
[2010/07/23 23:59:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ugaqofolinin.dll
[2010/07/23 21:57:44 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ezuwilul.dll
[2010/07/23 19:55:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ivogavimovumaxag.dll
[2010/07/23 10:18:28 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\avalakizaxif.dll
[2010/07/23 08:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\unevibeb.dll
[2010/07/22 22:34:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\idozucowo.dll
[2010/07/22 20:32:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oqukemom.dll
[2010/07/22 12:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\aqotewis.dll
[2010/07/22 10:43:54 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ifulidem.dll
[2010/07/22 10:09:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\irimakuladoleq.dll
[2010/07/22 08:07:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibamecusuramujo.dll
[2010/07/21 22:42:38 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\isaxovab.dll
[2010/07/21 22:38:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ewomucetuheseheg.dll
[2010/07/20 22:32:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\apizikag.dll
[2010/07/20 20:30:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\olegaqabih.dll
[2010/07/20 17:28:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\etalipizuluf.dll
[2010/07/20 11:07:35 | 000,009,540 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxuvadazader.dll
[2010/07/20 09:05:36 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\inidemawixorigeg.dll
[2010/07/20 00:55:17 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ubiwunozabulamuf.dll
[2010/07/19 22:52:56 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uzeharusaneyulex.dll
[2010/07/19 20:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\afaxayot.dll
[2010/07/18 16:16:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyalimelum.dll
[2010/07/18 14:14:11 | 000,002,203 | ---- | C] () -- C:\Users\Matt\AppData\Local\amaxuwen.dll
[2010/07/17 22:53:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\evoxevuq.dll
[2010/07/17 20:51:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oxuveraxif.dll
[2010/07/17 18:49:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\etubocovofama.dll
[2010/07/17 16:47:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\edigibux.dll
[2010/07/17 14:45:04 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eqilakiz.dll
[2010/07/17 12:43:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\awalatiwojili.dll
[2010/07/17 10:41:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uwofawiw.dll
[2010/07/17 08:39:05 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\imaxuwen.dll
[2010/07/16 23:18:56 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ugomipusovomado.dll
[2010/07/16 17:40:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\acotazalebin.dll
[2010/07/16 14:14:46 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\anozapow.dll
[2010/07/16 12:12:48 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\arezobes.dll
[2010/07/16 10:11:16 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\owofawiwifafa.dll
[2010/07/16 08:08:47 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\unidemawixor.dll
[2010/07/15 23:15:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ukoqowaliyunolif.dll
[2010/07/15 21:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uyubicit.dll
[2010/07/15 19:11:10 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\eqidadotib.dll
[2010/07/14 20:41:37 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ucamomig.dll
[2010/07/14 08:10:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\oyulecugofudoca.dll
[2010/07/13 23:43:39 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\amonejobec.dll
[2010/07/13 21:41:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ebanowet.dll
[2010/07/13 11:29:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\axamogavimov.dll
[2010/07/13 09:27:36 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uxuvadazaderirif.dll
[2010/07/13 07:25:12 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\utegadaga.dll
[2010/07/13 01:42:18 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\idafawiwi.dll
[2010/07/12 23:40:27 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\owedejuz.dll
[2010/07/12 21:38:20 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uvodahigusudiho.dll
[2010/07/12 19:36:20 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\iladisayi.dll
[2010/07/12 16:10:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\esilenaro.dll
[2010/07/12 14:08:42 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\inevokom.dll
[2010/07/11 18:37:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\esicusez.dll
[2010/07/11 10:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\uracuyaf.dll
[2010/07/11 08:53:31 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ucegodini.dll
[2010/07/11 06:51:33 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ibaxijoyi.dll
[2010/07/11 00:52:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\inucugofu.dll
[2010/07/10 22:50:11 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\ozerabatid.dll
[2010/07/10 17:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\acicecis.dll
[2010/07/10 14:59:22 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\awonitesuzup.dll
[2010/05/31 18:00:19 | 000,014,511 | ---- | C] () -- C:\Users\Matt\AppData\Local\Gqepepovaxesak.dat
[2010/05/31 18:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\Ejaranofowaceh.bin
[2010/05/28 14:37:53 | 000,000,020 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\vqdlkr.dat
[2010/02/23 22:47:53 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/07 14:16:30 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010/01/07 10:55:51 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\Mswrkdmk.dll
[2010/01/07 10:55:40 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\Hlinkprx.dll
[2010/01/07 10:55:36 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\SageKeyx.dll
[2009/09/08 14:59:00 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/07 13:50:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/02 21:20:11 | 000,000,760 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\setup_ldm.iss
[2009/07/18 23:23:03 | 000,000,031 | ---- | C] () -- C:\Windows\ultimatecd.ini
[2009/06/19 15:01:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/06/02 12:47:41 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/04/04 08:56:20 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2009/02/27 00:22:35 | 000,221,184 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 11:29:43 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/22 12:39:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/22 01:17:29 | 000,001,460 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat
[2009/01/08 17:45:42 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/01/08 17:45:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 19:49:14 | 000,016,280 | ---- | C] () -- C:\Users\Matt\AppData\Local\ohaguxab.dll
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 16th, 2011, 3:18 pm

---------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 3/16/2011 11:39:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.32 Gb Total Space | 77.20 Gb Free Space | 26.77% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4250599012-288616337-2587635617-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1A1B0A-6277-4F5D-9FDA-7917A40E26EF}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher |
"{701879EC-7160-4652-A62E-A4C210784ABE}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{76632AD2-CAC1-4E7E-8740-88F7D183BA8F}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{813B846C-8383-4116-95F6-211C7670A4D4}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{81FA1127-AB9C-4D7F-9EFE-2ECEC37B3048}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92BDE51C-84BE-4D23-A2D0-8E1AC288E4B4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{9DDE3B9B-B388-4CC8-AE31-ECD6C02CC240}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{A66A70F3-01FA-4FC2-BC90-6326A821B2F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC1051D0-CDF4-4A08-810D-84C15EB07DC1}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{B3AC2FBE-6195-4489-B4AF-261CC49A30B1}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{B4E3DFAD-2ACF-490A-9F3D-1C01767045B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DBE96CAF-78BA-4D89-A85E-1BF0C49F3285}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DE70CD44-9BAA-43F9-B5D1-C0D7B81F1EEB}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher |
"{E9771D09-ECF3-4C5D-933B-AC03C4CF2792}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{EF52BE70-4046-4CE8-9133-DD6B484DF1AD}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{F2FC2BF3-888C-4E79-9FD4-09888BE3C742}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{F97EEC20-6ED7-413A-8C68-9BA3D809FEED}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02330AAA-22D4-4193-9ED0-4C529A80A011}" = protocol=6 | dir=in | app=c:\steamy\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{03B81ABD-D0A8-43BA-B6E6-157C3F58EC9D}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{06D06CA7-E9D2-4848-90D7-EA5EAC376247}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{0EB443CF-A2BC-48CB-B97F-614B9506EA45}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{10EC7B98-2C80-4EA2-A995-BC4460AC4D70}" = protocol=17 | dir=in | app=c:\steamy\steam.exe |
"{14730ACE-0A77-4575-A893-07BAF1F8429A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{16174CA4-6EDF-4A90-A2FE-9E1EC5618023}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{174AE5EA-EBC2-48DB-B3C9-B4235E15AD26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{1C134C03-75EA-4C9C-AA44-DFAC87E06B0B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1F482F6E-75D5-49AD-891C-29766F7BE46B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{205B0069-78A8-4CCA-8466-DF3610033B00}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{2F5C7602-7BF1-4B11-A2CC-FFE7680CBCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{352C87FF-9628-4678-A5EA-1E4A3BFAFC6B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{43CC80AB-AFF5-44AB-ACFF-EDE7D0241ABF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45F05EA7-8E7B-4A71-B19F-E354E5B182DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{4A468D51-8931-4432-9312-C643B353FF12}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AD03C03-E66D-4C2C-BD81-D8AE967DFBF6}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4D9CDE26-A8A9-42ED-B775-AA1D8997A0EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4F5DFF78-7241-41D1-8746-0553243919EA}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{527CD0E4-E3AF-49F1-B0DD-AA178F4D3F22}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52D0F16C-1202-43D1-8281-C16DF4FD7346}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{5964897F-F546-47F9-A605-0721A6083CCA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{59C67890-F43C-4ACF-BE53-65D8711E9761}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{59D358FA-8295-4545-8CE8-80F53D279066}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{5D40374F-1230-469B-ABF9-35E2570493CE}" = protocol=17 | dir=in | app=c:\steamy\steamapps\common\rift\riftpatchlive.exe |
"{5D97D965-556A-4353-B2F3-9CB881B24E8D}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{69E32DEE-9FBF-4BF0-97FA-6F68F429D181}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{70867B56-DFC9-4907-B818-25F35E45A450}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7269B8B6-0F47-40CA-A138-61611309C902}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{738574E9-F187-432D-8CD2-DA1C6C662948}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{74553474-7D9C-4929-90DC-0C87D347AA44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74E1E353-987B-4BE7-BC6D-85A60C130388}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{76102857-CE1D-49E5-BE42-6B8FAC529B12}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{77E2B08A-6203-46DD-ABB6-24A4A649C8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{789C7B95-1E59-468A-91C7-734D9502BDA7}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{7BD9024A-2EB8-4373-887F-34464B60057E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D01205D-FB73-4A81-941C-89E42A2B7724}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8B327EBD-4210-44CD-AEF9-1C2F6F23A6D2}" = protocol=6 | dir=in | app=c:\steamy\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8CE1A23A-E65B-4D17-BFEE-D3454B19ABE9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{8E838567-EDF4-4EBB-876B-A173747DD993}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{8FA21BA4-18E1-4E64-9D7C-26045F8B71D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{91FBCE34-F298-4E77-A6AD-569366FF9E43}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{942AD9C3-F3F7-4F69-94D3-210DD1F20F07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F046CC6-C02E-48AD-A1B0-760183966664}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{9F90F076-1BA0-4F7E-A130-ED475C5A69CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{A04D21EF-4496-43F3-BFC3-90410C38E8C6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A1008655-8106-49E2-91F4-4D1276D8D9B7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{A35C0821-3A1F-491F-9AD4-1EB435293475}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{AB8AACAC-F39A-4874-A090-BE736961A10E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AD985CD7-A785-4FE0-9FAE-987D7D65BA3F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{AF0F66F5-61AA-4909-8EFC-7FB4F871E795}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{B129ACAD-E65A-4FE5-826F-2CE033E20E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B5923E82-32B9-4E89-AA01-BBC796131E5A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B8FC5F43-F822-4B4C-A3F9-E03BC33031BC}" = protocol=6 | dir=in | app=c:\steamy\steamapps\common\rift\riftpatchlive.exe |
"{BA6F7333-DB7D-401A-94DF-AFA4157518C5}" = protocol=17 | dir=in | app=c:\steamy\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C48C1254-9C23-491E-9636-61AECB7115C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{C498CC7A-5A41-4792-BC97-6BF1BF96F889}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{C99E3A70-4BBC-4C53-A76D-D6557565D1BF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{CB1F8CB8-E403-4B64-8414-7FABB48DF4D5}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{CDB611B1-2F10-439F-ABDC-9873B26DAF3B}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\apps\2.0\wkjwgv7t.gkk\r4opwmj4.nkl\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{CDE32233-6AEF-4300-B158-0FD5C6F04DA8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D1B2855A-2676-4470-81E6-93F3BAB1E943}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D83D975D-5F85-44DE-AAEF-9D3BD3B35DFC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DB02C6E3-DACC-4C48-8925-379481A552D8}" = protocol=17 | dir=in | app=c:\steamy\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{E0FBCB3C-7085-492D-8830-85BC41624A03}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2413359-8EA1-4830-9FFF-5A4D5E3ECC38}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E515678A-6D1D-440B-BF38-ADEDF5A3683C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9280969-122C-484E-B4B3-13453E42865C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{EBCD4AE2-8775-427C-BA38-ED2881F5C482}" = protocol=6 | dir=in | app=c:\steamy\steam.exe |
"{FE4A859D-E559-483F-B6EC-60A0739FB1D2}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"TCP Query User{31D28A01-DCA8-451F-810F-BC51C4AAADD1}C:\ghost\ghost.exe" = protocol=6 | dir=in | app=c:\ghost\ghost.exe |
"TCP Query User{36727067-DA5A-4AB9-BDAA-3F77919ACB96}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3F00C66E-5EDC-4675-A304-AC4A62FAFEC1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4355151B-43FE-4885-81DE-4307403832AC}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{47BC0B47-0592-4C03-8759-A23EEC4CA13A}C:\program files (x86)\steam\steamapps\tonyhoyle\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tonyhoyle\counter-strike source\hl2.exe |
"TCP Query User{A41CC865-1B60-4A04-86FD-E7C0DD79074E}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{A5FF1BB2-6722-4056-807B-0742904F2920}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{EDBDD0BA-64EF-4051-AC58-775E1BF631EE}C:\steamy\steamapps\tonyhoyle\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\steamy\steamapps\tonyhoyle\counter-strike source\hl2.exe |
"TCP Query User{FA24D144-3B75-426D-8810-3829DC284F31}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2522FB91-54E6-44F9-B464-A81F73CFF9A3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{252DB976-485A-4216-B2C4-0A2748B42FA5}C:\ghost\ghost.exe" = protocol=17 | dir=in | app=c:\ghost\ghost.exe |
"UDP Query User{4163247B-30B1-4884-9A0C-C9F069160073}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{44B4A03B-881F-4BCD-B8EE-AAEA20B66921}C:\steamy\steamapps\tonyhoyle\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\steamy\steamapps\tonyhoyle\counter-strike source\hl2.exe |
"UDP Query User{4B7F5E74-FC99-4E30-82EA-4E8477D8EC8A}C:\program files (x86)\steam\steamapps\tonyhoyle\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tonyhoyle\counter-strike source\hl2.exe |
"UDP Query User{AEFBD80B-D3A7-4D11-B7B5-53E06D38F107}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{B7C42D0F-B988-45A2-8655-A54EF1529D78}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{BB37E43F-2216-4877-A1CD-F3330D4A1682}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CDC324C7-5801-4E84-AFB6-B758E34AA581}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E6C415F-7708-4A8F-9509-11C98988BDCA}" = Apple Mobile Device Support
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5AB0C6D3-E546-44C2-8B63-C9044FCC9AC0}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7516254D-7F98-49DD-8209-5D2208BD1033}" = Nero 7 Ultra Edition
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDLabs in C__Program_Files_(x86)_ACDFREE12_" = ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Crack DAT PAT" = Crack DAT PAT 2010-2011
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MestReC_is1" = MestReC 4.7.0
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Steam App 240" = Counter-Strike: Source
"Steam App 39120" = RIFT
"Steam App 400" = Portal
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TSPDAT" = TSPDAT
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4250599012-288616337-2587635617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2010 2:41:25 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2010 4:35:04 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 7:16:28 AM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 3:09:32 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2010 4:34:04 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2010 11:52:39 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2010 6:03:08 AM | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/22/2010 6:03:08 AM | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/22/2010 12:42:32 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/23/2010 1:20:17 AM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/15/2011 5:35:12 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 3/15/2011 11:20:50 PM | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =

Error - 3/15/2011 11:22:19 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/16/2011 4:06:17 AM | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =

Error - 3/16/2011 4:07:29 AM | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =

Error - 3/16/2011 4:08:59 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/16/2011 2:31:45 PM | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =

Error - 3/16/2011 2:33:14 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/16/2011 2:36:58 PM | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =

Error - 3/16/2011 2:38:27 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
-----------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-16 12:08:41
Windows 6.0.6001 Service Pack 1
Running: m8w9znde.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0xF9 0x0F 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCE 0x97 0x08 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xA5 0x81 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2A 0xDC 0x4D 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0xF9 0x0F 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCE 0x97 0x08 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xA5 0x81 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2A 0xDC 0x4D 0x1F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F33A80B4-8C16-4083-41E9-88D571F3E608}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F33A80B4-8C16-4083-41E9-88D571F3E608}@kafjlejoopjgbmkkmmllhi 0x66 0x61 0x63 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F33A80B4-8C16-4083-41E9-88D571F3E608}@mafehpnkflodbhlalgfeeodjbc 0x62 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F33A80B4-8C16-4083-41E9-88D571F3E608}@kafjlejoopjgbmkkmmllei 0x67 0x61 0x66 0x6A ...

---- EOF - GMER 1.0.15 ----
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 16th, 2011, 3:38 pm

Hi hoylematt,

Download and Run ComboFix

Download Combofix by sUBs from one of these links and save it to your Desktop.
Link 1 | Link 2

**Ensure you have disabled ALL anti-virus, anti-malware and firewall programs so they do not interfere with ComboFix.**
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

  • Double-click ComboFix.exe to start Combofix (If you get a User Account Control warning, click Allow)
  • If you get a message from ComboFix that a rootkit is detected and it needs to reboot the computer, allow it to do so.
  • Wait for scan to complete. It can take tens of minutes.
  • Do not run any programs or do anything to interfere with ConboFix as it is running.
  • Once finished, a log should open. If not, the log can be located at C:\ComboFix.txt

Please include the ComboFix log (C:\ComboFix.txt) in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 16th, 2011, 6:21 pm

Here is the combofix file:

ComboFix 11-03-16.01 - Matt 03/16/2011 15:09:19.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4090.2914 [GMT -7:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C}
c:\users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C}\chrome.manifest
c:\users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C}\chrome\content\_cfg.js
c:\users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C}\chrome\content\overlay.xul
c:\users\Matt\AppData\Local\{99F541FB-2258-4FDE-A63E-78F792E49E6C}\install.rdf
c:\users\Matt\AppData\Local\ohaguxab.dll
c:\windows\run.log
c:\windows\SysWow64\midas.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-16 22:16 . 2011-03-16 22:16 -------- d-----w- c:\users\Matt\AppData\Local\temp
2011-03-16 22:16 . 2011-03-16 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 22:06 . 2011-03-16 22:07 -------- d-----w- C:\32788R22FWJFW
2011-03-16 22:01 . 2011-03-16 22:01 -------- d-----w- C:\found.000
2011-03-15 21:51 . 2011-03-15 21:51 -------- d-----w- C:\MGADiagToolOutput
2011-03-15 21:50 . 2011-03-15 21:50 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-03-15 21:34 . 2011-03-15 21:34 -------- d-----w- c:\program files (x86)\Avira
2011-03-03 11:43 . 2011-03-03 11:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-03-03 11:35 . 2011-03-03 11:35 -------- d-----w- C:\NVIDIA
2011-03-03 11:25 . 2011-03-03 11:25 -------- d-----w- c:\users\Matt\AppData\Roaming\SystemRequirementsLab
2011-03-03 11:25 . 2011-03-03 11:25 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-02-21 22:28 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-21 22:27 . 2011-03-03 10:32 -------- d-----w- c:\users\Matt\AppData\Roaming\RIFT
2011-02-21 22:27 . 2011-03-04 15:23 -------- d-----w- c:\users\Matt\AppData\Local\RIFT Beta
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 04:50 . 2011-01-08 04:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 04:50 . 2011-01-08 04:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 04:49 . 2011-01-08 04:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 04:49 . 2011-01-08 04:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 04:49 . 2011-01-08 04:49 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-01-08 04:49 . 2011-01-08 04:49 313448 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-08 04:49 . 2011-01-08 04:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-08 04:49 . 2011-01-08 04:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2010-12-21 02:09 . 2010-03-13 05:58 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-03-13 05:58 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Steam"="c:\steamy\Steam.exe" [2010-11-16 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2008-03-29 638976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-12 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-27 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R3 CXRAPHD;Conexant Raptor HD Video Capture (Philips TUV 1236D);c:\windows\system32\drivers\cxraphd_IBV64.sys [x]
R3 WisINT15;WisINT15;c:\windows\System32\OEM\factory\WisINT15.SYS [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avipbb
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ne5i6q3d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.riftgame.com/en/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-uTorrentBar Toolbar - c:\progra~2\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4250599012-288616337-2587635617-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F33A80B4-8C16-4083-41E9-88D571F3E608}*]
"kafjlejoopjgbmkkmmllhi"=hex:66,61,63,66,6b,66,68,62,6f,6b,61,67,00,00
"mafehpnkflodbhlalgfeeodjbc"=hex:62,61,69,6a,00,94
"kafjlejoopjgbmkkmmllei"=hex:67,61,66,6a,63,62,66,6f,62,65,6c,6f,68,66,00,00
.
[HKEY_USERS\S-1-5-21-4250599012-288616337-2587635617-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:61,06,f9,16,40,a1,6a,98,63,b0,d0,72,84,20,ee,92,1c,3c,01,bd,68,ec,92,
6e,c7,8b,35,ee,db,fb,48,22,ea,04,bc,44,f8,25,a6,cb,09,3a,61,a5,d0,11,e8,8e,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-16 15:18:28
ComboFix-quarantined-files.txt 2011-03-16 22:18
.
Pre-Run: 83,218,870,272 bytes free
Post-Run: 82,694,176,768 bytes free
.
- - End Of File - - 627B574C256A5A630839D6FCF791E440
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 16th, 2011, 7:00 pm

Hi hoylematt,

Do you still have Avira AntiVir installed?

Do you still have redirects? If not then let me know.

If you still have redirects then –

Please follow the instructions here to set you computer to use OpenDNS.

Now Reboot and let me know if the browser redirects have stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby hoylematt » March 16th, 2011, 11:49 pm

Thanks again!

Yes i do have AntiVir installed. I uninstalled it cause i thought it would interfere with combofix like you said antivirus software might and for some reason i couldnt close AntiVir in the system tray. I reinstalled it though for future protection.

FINALLY! I tried about 5 searches that usually get misdirected and all 5 of them went to the right site! Looks like combofix did the trick. Is there any way that you can explain in a nutshell what the heck the misdirect virus was and how it was so impossible to get rid of? And how did Combofix get rid of it? I would greatly appreciate the info.

Thanks for all the help, this has really been bothering me for a long time. :lol:
hoylematt
Regular Member
 
Posts: 18
Joined: February 27th, 2008, 11:12 am

Re: Google Misdirect Virus, Need your help!

Unread postby deltalima » March 17th, 2011, 4:59 am

Hi hoylematt,

Yes i do have AntiVir installed.


Good.

Is there any way that you can explain in a nutshell what the heck the misdirect virus was and how it was so impossible to get rid of?


Not easy to explain quickly, essentially Combofix removed infected library files that the antivirus program had missed.

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

IMPORTANT – you need to update Windows Vista to SP2 and Internet Explorer to version 8
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Misdirect Virus, Need your help!

Unread postby Cypher » March 18th, 2011, 5:31 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 308 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware