My browsers have re-direct on some URLs. For Example some Urls being re-directed to extrememyspase.com from this computer only (things are fine on another computer here). It is also seems that if I run Proxy - re-direct dissapearing. Would it be IP problem? I do not spam.
I did run Malware byites - clean. Avast - does not catch any problems as well, spybot - clean.
May be it is not even a virus? Please help if you can.
Thank you very much
Here is a clea Malwarebites log:
Malwarebytes' Anti-Malware 1.42
Database version: 3381
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
12/17/2009 2:18:12 PM
mbam-log-2009-12-17 (14-18-12).txt
Scan type: Quick Scan
Objects scanned: 107561
Time elapsed: 6 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER.exe
_____________________________________________
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-17 15:23:09
Windows 6.0.6001 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea765c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcdd64
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcdd64@000276141479 0x05 0x38 0x1F 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcdd64@001cb31c8a75 0x09 0x42 0xCA 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3dea765c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbcdd64 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbcdd64@000276141479 0x05 0x38 0x1F 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbcdd64@001cb31c8a75 0x09 0x42 0xCA 0x0F ...
---- EOF - GMER 1.0.15 ----
OLT log
_____________________________________________________________________________________
OTL logfile created on: 12/17/2009 3:36:47 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\icyred\Desktop\Comp Clean
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 43.19% Memory free
4.00 Gb Paging File | 3.75 Gb Available in Paging File | 93.75% Paging File free
Paging file location(s): c:\pagefile.sys 2550 3980 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 186.75 Gb Free Space | 65.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.85 Gb Total Space | 1.73 Gb Free Space | 93.45% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 20.74 Gb Free Space | 8.91% Space Free | Partition Type: FAT32
Drive H: | 111.76 Gb Total Space | 19.37 Gb Free Space | 17.34% Space Free | Partition Type: FAT32
Drive I: | 931.28 Gb Total Space | 807.95 Gb Free Space | 86.76% Space Free | Partition Type: FAT32
Computer Name: ICYRED-PC
Current User Name: icyred
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/17 15:25:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\icyred\Desktop\Comp Clean\OTL.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 13:08:54 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/24 10:47:43 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/16 16:18:20 | 00,097,840 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2009/11/16 16:18:02 | 00,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2008/10/17 20:22:04 | 00,203,616 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/10/17 20:19:26 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/10/14 18:54:36 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/09/18 12:59:10 | 00,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 00:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/08 11:59:54 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 11:59:52 | 00,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/03 19:36:04 | 00,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1241277948\ee\aolsoftware.exe
PRC - [2008/04/03 22:32:48 | 00,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/20 21:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/01/04 21:48:50 | 00,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
========== Modules (SafeList) ==========
MOD - [2009/12/17 15:25:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\icyred\Desktop\Comp Clean\OTL.exe
MOD - [2008/11/26 23:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/20 21:51:41 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 21:50:46 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 21:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/11/16 16:18:22 | 00,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV:64bit: - [2009/11/16 16:18:02 | 00,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV:64bit: - [2009/05/02 20:17:19 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/14 18:54:34 | 00,832,552 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/10/01 20:18:48 | 00,369,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/09/29 15:06:32 | 00,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/09/25 19:02:07 | 00,901,120 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/19 12:06:24 | 00,108,832 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/05 14:00:06 | 00,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/08/20 19:16:10 | 01,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/08/20 18:39:28 | 00,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/27 19:00:38 | 00,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/04/16 21:36:45 | 00,053,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/11/24 13:08:42 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/24 10:47:43 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/05/04 10:14:58 | 00,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/21 12:52:38 | 00,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 12:52:38 | 00,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 12:52:36 | 00,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 20:22:04 | 00,203,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 05:34:36 | 00,134,656 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 12:59:10 | 00,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 00:37:36 | 00,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/08 11:59:56 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 11:59:54 | 00,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 11:59:52 | 00,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 19:36:04 | 00,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/08 23:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/01 16:31:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/20 03:51:34 | 00,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 03:49:04 | 00,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 03:29:06 | 00,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/01/04 21:48:50 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\syswow64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...r...R&bmod=SNYR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\syswow64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.73.54.61:51499
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {63b70e6a-ea9d-4de2-8166-d6c4308099ee}:1.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1.265
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.5.8
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.3
FF - prefs.js..extensions.enabledItems: {e26ba8db-a646-a44e-997c-2fafeadb50f2}:1.0.7
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {ec9CEB59-8266-438b-91D9-82F56D595E15}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/07 09:19:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/13 15:44:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/12/05 22:50:45 | 00,000,000 | ---D | M]
[2009/09/21 11:00:39 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Extensions
[2009/12/16 09:29:45 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions
[2009/08/15 07:21:29 | 00,000,000 | ---D | M] (FlashGot) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 11:37:56 | 00,000,000 | ---D | M] (Html Validator) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2009/08/07 21:37:39 | 00,000,000 | ---D | M] (LinkChecker) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2009/07/16 07:49:19 | 00,000,000 | ---D | M] (Affiliate Espionage) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
[2009/06/05 16:21:17 | 00,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009/06/05 16:21:17 | 00,000,000 | ---D | M] (No name found) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/08/20 08:23:45 | 00,000,000 | ---D | M] (OnlyWire) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2009/06/05 16:21:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2009/08/05 11:37:52 | 00,000,000 | ---D | M] (GooglePreview) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/08/20 08:11:20 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/12/02 17:10:30 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/08/05 11:37:52 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/12/02 09:13:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/05/07 16:27:36 | 00,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmusicn.dll
O1 HOSTS File: (802 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 72.167.174.84 www.senuke.com
O1 - Hosts: 72.167.174.84 senuke.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: () - {CBB66A7C-D257-4A02-A8D5-6C9355F91308} - C:\Program Files (x86)\OnlyWireToolbar\onlywiretoolbar.dll (http://www.plugins-soft.com)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Onlywire Toolbar) - {73E71843-3A3D-4B26-AB6E-0ADCEE4B5FA7} - C:\Program Files (x86)\OnlyWireToolbar\onlywiretoolbar.dll (http://www.plugins-soft.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1241277948\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (EM\) - File not found
O30:64bit: - LSA: Security Packages - (hared\DLLShared\y Packages settin) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (hared\DLLShared\y Packages settin) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/06 17:34:36 | 00,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\{4e018749-383e-11de-a804-00214fbcdd64}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009/12/17 14:10:23 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/17 14:09:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/12/17 14:08:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\icyred\Desktop\erunt_setup.exe
[2009/12/16 19:54:49 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Apple Computer
[2009/12/16 19:12:24 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\Rose
[2009/12/16 18:27:11 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/16 17:21:36 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\The_Expert_Guide_To_Affiliate_Marketing
[2009/12/16 17:20:04 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\CompleteHouse_PLR
[2009/12/07 08:12:04 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/12/07 08:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/06 00:49:08 | 00,000,000 | ---D | C] -- C:\Users\icyred\Documents\Books
[2009/12/05 23:18:20 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Sony
[2009/12/05 23:18:07 | 00,000,000 | ---D | C] -- C:\Users\icyred\Podcasts
[2009/12/05 23:18:07 | 00,000,000 | ---D | C] -- C:\Users\icyred\Documents\Media Go
[2009/12/05 22:51:08 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Downloaded Installations
[2009/12/05 22:49:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/12/05 22:49:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/12/05 22:49:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2009/12/05 22:49:22 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Apple
[2009/12/05 22:49:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/12/05 22:49:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/12/05 20:33:28 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Roaming\Sony Setup
[2009/12/05 20:33:28 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Roaming\Sony
[2009/12/05 20:33:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2009/12/05 10:35:22 | 00,134,656 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2009/12/05 10:16:23 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\ICS
[2009/12/04 19:28:45 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/04 08:59:31 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/06/03 23:09:46 | 00,495,616 | ---- | C] (Mass Article Submitter) -- C:\Program Files (x86)\MassArticleSubmitter.exe
[2009/01/15 19:54:50 | 00,024,576 | ---- | C] (CreatorCo) -- C:\Program Files (x86)\HttpLibrary.dll
========== Files - Modified Within 14 Days ==========
[2009/12/17 15:39:05 | 03,932,160 | ---- | M] () -- C:\Users\icyred\ntuser.dat
[2009/12/17 15:38:56 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ABF28A3D-A0D6-48C8-88A5-CB6AC5CA154E}.job
[2009/12/17 14:39:34 | 00,002,651 | ---- | M] () -- C:\Users\icyred\Desktop\Microsoft Office Word 2007.lnk
[2009/12/17 14:09:17 | 00,000,763 | ---- | M] () -- C:\Users\icyred\Desktop\NTREGOPT.lnk
[2009/12/17 14:09:17 | 00,000,744 | ---- | M] () -- C:\Users\icyred\Desktop\ERUNT.lnk
[2009/12/17 14:08:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\icyred\Desktop\erunt_setup.exe
[2009/12/17 13:45:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 13:45:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 13:45:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/17 13:45:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 13:44:34 | 42,604,05248 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/17 13:43:46 | 00,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/17 13:43:43 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/17 13:43:43 | 00,065,536 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TM.blf
[2009/12/16 20:28:06 | 00,057,856 | ---- | M] () -- C:\Users\icyred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 19:39:07 | 51,521,024 | ---- | M] () -- C:\Users\icyred\Desktop\Final Final1.ppt
[2009/12/16 19:38:06 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/16 19:38:06 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/16 19:38:06 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/16 18:26:56 | 04,775,501 | -H-- | M] () -- C:\Users\icyred\AppData\Local\IconCache.db
[2009/12/16 13:19:22 | 53,367,813 | ---- | M] () -- C:\Users\icyred\Desktop\Final Final.pptx
[2009/12/15 18:56:26 | 00,000,000 | ---- | M] () -- C:\ProgramData\646451035
[2009/12/15 11:38:38 | 05,853,608 | ---- | M] () -- C:\Users\icyred\Desktop\02 Track 02.m4a
[2009/12/13 16:20:29 | 00,144,200 | ---- | M] () -- C:\Users\icyred\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/13 16:20:08 | 03,102,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/11 11:00:00 | 01,914,880 | ---- | M] () -- C:\Users\icyred\Documents\ny appliance repair .msam
[2009/12/11 02:00:18 | 00,001,682 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L49EBFB0C18FF40C5A5A5F8CD97DE7D41.job
[2009/12/10 03:22:21 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 12:34:27 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{54e2b560-a9f3-11de-8b7d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 12:34:27 | 00,065,536 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{54e2b560-a9f3-11de-8b7d-806e6f6e6963}.TM.blf
[2009/12/09 07:47:26 | 00,283,790 | ---- | M] () -- C:\test.xml
[2009/12/08 16:18:37 | 00,072,658 | ---- | M] () -- C:\Users\icyred\Documents\image002.jpg
[2009/12/08 13:57:18 | 00,014,368 | ---- | M] () -- C:\Users\icyred\Documents\Laptop Comparison.docx
[2009/12/07 13:08:04 | 00,065,536 | ---- | M] () -- C:\Users\icyred\Desktop\all_logins1.doc
[2009/12/07 09:19:31 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/07 08:12:16 | 00,001,805 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/07 08:12:15 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/12/06 10:27:13 | 10,949,628 | ---- | M] () -- C:\Users\icyred\Desktop\Update_kindle2_gw_2.3.bin
[2009/12/05 22:51:31 | 00,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2009/12/04 23:17:54 | 00,225,604 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2009/12/17 14:09:17 | 00,000,763 | ---- | C] () -- C:\Users\icyred\Desktop\NTREGOPT.lnk
[2009/12/17 14:09:17 | 00,000,744 | ---- | C] () -- C:\Users\icyred\Desktop\ERUNT.lnk
[2009/12/16 20:16:16 | 05,853,608 | ---- | C] () -- C:\Users\icyred\Desktop\02 Track 02.m4a
[2009/12/16 19:39:03 | 51,521,024 | ---- | C] () -- C:\Users\icyred\Desktop\Final Final1.ppt
[2009/12/16 19:34:58 | 53,367,813 | ---- | C] () -- C:\Users\icyred\Desktop\Final Final.pptx
[2009/12/15 18:56:26 | 00,000,000 | ---- | C] () -- C:\ProgramData\646451035
[2009/12/10 03:00:46 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009/12/10 03:00:42 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009/12/10 03:00:42 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009/12/09 12:36:08 | 00,524,288 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 12:36:08 | 00,524,288 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 12:36:08 | 00,065,536 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TM.blf
[2009/12/09 06:21:22 | 00,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2009/12/09 06:21:00 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/12/09 06:20:58 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/12/09 06:20:52 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/12/09 06:20:51 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/12/09 06:20:50 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/12/09 06:20:50 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/12/09 06:20:50 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/12/09 06:20:48 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/12/09 06:20:47 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/12/09 06:20:46 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/12/09 06:20:46 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/12/09 06:20:45 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/12/09 06:20:45 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/12/09 06:20:45 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/09 06:20:44 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/12/09 06:20:44 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/12/09 06:20:44 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/12/09 06:20:43 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/12/09 06:20:43 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/12/09 06:20:42 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/12/09 06:20:11 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009/12/09 06:20:10 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009/12/08 16:18:37 | 00,072,658 | ---- | C] () -- C:\Users\icyred\Documents\image002.jpg
[2009/12/08 13:57:16 | 00,014,368 | ---- | C] () -- C:\Users\icyred\Documents\Laptop Comparison.docx
[2009/12/07 08:12:16 | 00,053,840 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/12/07 08:12:16 | 00,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/12/07 08:12:16 | 00,001,805 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/07 08:12:15 | 00,097,480 | ---- | C] () -- C:\Windows\SysNative\AvastSS.scr
[2009/12/07 08:12:15 | 00,089,680 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/12/07 08:12:15 | 00,065,616 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/12/07 08:12:15 | 00,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/12/07 08:12:15 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/12/07 08:12:04 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/12/06 10:27:13 | 10,949,628 | ---- | C] () -- C:\Users\icyred\Desktop\Update_kindle2_gw_2.3.bin
[2009/12/05 22:51:31 | 00,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2009/12/05 20:34:17 | 00,409,494 | ---- | C] () -- C:\Users\icyred\AppData\Local\dd_vcredistMSI6BCF.txt
[2009/12/05 20:34:17 | 00,011,682 | ---- | C] () -- C:\Users\icyred\AppData\Local\dd_vcredistUI6BCF.txt
[2009/12/04 23:17:54 | 00,225,604 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/11/17 08:30:43 | 00,004,110 | ---- | C] () -- C:\ProgramData\wsrenaae.pyv
[2009/11/17 08:30:43 | 00,000,000 | ---- | C] () -- C:\ProgramData\3810472766
[2009/11/13 10:30:06 | 00,004,110 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/08/19 13:59:07 | 00,000,000 | ---- | C] () -- C:\Users\icyred\AppData\Roaming\wklnhst.dat
[2009/07/18 16:36:18 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/10 21:45:14 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/03 19:49:34 | 00,057,856 | ---- | C] () -- C:\Users\icyred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/03 19:08:54 | 00,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/05/02 19:20:10 | 00,000,732 | ---- | C] () -- C:\Users\icyred\AppData\Local\d3d9caps64.dat
[2009/05/01 14:11:49 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/05/01 13:45:19 | 00,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/10 14:39:20 | 00,000,187 | ---- | C] () -- C:\Program Files (x86)\MassArticleSubmitter.exe.config
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2009/08/15 07:39:57 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Auslogics
[2009/05/04 20:31:05 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\GlobalSCAPE
[2009/11/19 04:16:18 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/05/04 20:35:25 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\OpenOffice.org
[2009/08/15 07:39:04 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Snappy Fax
[2009/05/18 16:50:42 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Snappy Fax Archives
[2009/12/05 23:18:06 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Sony
[2009/12/05 20:34:44 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Sony Setup
[2009/11/20 11:08:34 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Template
[2009/06/05 16:21:18 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Thunderbird
[2009/11/29 11:22:24 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\uTorrent
[2009/12/17 13:43:45 | 00,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/17 15:38:56 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ABF28A3D-A0D6-48C8-88A5-CB6AC5CA154E}.job
[2009/12/11 02:00:18 | 00,001,682 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L49EBFB0C18FF40C5A5A5F8CD97DE7D41.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2008/10/16 21:16:52 | 00,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< %systemroot%\*. /mp /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:F7862839
< End of report >
Edited by icyred, 21 December 2009 - 04:44 AM.