Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Would it be a virus? Please help


  • Please log in to reply

#1
icyred

icyred

    Member

  • Member
  • PipPip
  • 22 posts
Hi,
My browsers have re-direct on some URLs. For Example some Urls being re-directed to extrememyspase.com from this computer only (things are fine on another computer here). It is also seems that if I run Proxy - re-direct dissapearing. Would it be IP problem? I do not spam.
I did run Malware byites - clean. Avast - does not catch any problems as well, spybot - clean.
May be it is not even a virus? Please help if you can.
Thank you very much

Here is a clea Malwarebites log:

Malwarebytes' Anti-Malware 1.42
Database version: 3381
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

12/17/2009 2:18:12 PM
mbam-log-2009-12-17 (14-18-12).txt

Scan type: Quick Scan
Objects scanned: 107561
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER.exe
_____________________________________________

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-17 15:23:09
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea765c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcdd64
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x05 0x38 0x1F 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x09 0x42 0xCA 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3dea765c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbcdd64 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x05 0x38 0x1F 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x09 0x42 0xCA 0x0F ...

---- EOF - GMER 1.0.15 ----



OLT log

_____________________________________________________________________________________


OTL logfile created on: 12/17/2009 3:36:47 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\icyred\Desktop\Comp Clean
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 43.19% Memory free
4.00 Gb Paging File | 3.75 Gb Available in Paging File | 93.75% Paging File free
Paging file location(s): c:\pagefile.sys 2550 3980 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 186.75 Gb Free Space | 65.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.85 Gb Total Space | 1.73 Gb Free Space | 93.45% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 20.74 Gb Free Space | 8.91% Space Free | Partition Type: FAT32
Drive H: | 111.76 Gb Total Space | 19.37 Gb Free Space | 17.34% Space Free | Partition Type: FAT32
Drive I: | 931.28 Gb Total Space | 807.95 Gb Free Space | 86.76% Space Free | Partition Type: FAT32

Computer Name: ICYRED-PC
Current User Name: icyred
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/17 15:25:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\icyred\Desktop\Comp Clean\OTL.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 13:08:54 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/24 10:47:43 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/16 16:18:20 | 00,097,840 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2009/11/16 16:18:02 | 00,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2008/10/17 20:22:04 | 00,203,616 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/10/17 20:19:26 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/10/14 18:54:36 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/09/18 12:59:10 | 00,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 00:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/08 11:59:54 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 11:59:52 | 00,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/03 19:36:04 | 00,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1241277948\ee\aolsoftware.exe
PRC - [2008/04/03 22:32:48 | 00,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/20 21:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/01/04 21:48:50 | 00,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2009/12/17 15:25:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\icyred\Desktop\Comp Clean\OTL.exe
MOD - [2008/11/26 23:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/20 21:51:41 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 21:50:46 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 21:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/11/16 16:18:22 | 00,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV:64bit: - [2009/11/16 16:18:02 | 00,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV:64bit: - [2009/05/02 20:17:19 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/14 18:54:34 | 00,832,552 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/10/01 20:18:48 | 00,369,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/09/29 15:06:32 | 00,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/09/25 19:02:07 | 00,901,120 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/19 12:06:24 | 00,108,832 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/05 14:00:06 | 00,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/08/20 19:16:10 | 01,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/08/20 18:39:28 | 00,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/27 19:00:38 | 00,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/04/16 21:36:45 | 00,053,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/11/24 13:08:42 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/24 10:47:43 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/05/04 10:14:58 | 00,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/21 12:52:38 | 00,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 12:52:38 | 00,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 12:52:36 | 00,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 20:22:04 | 00,203,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 05:34:36 | 00,134,656 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 12:59:10 | 00,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 00:37:36 | 00,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/08 11:59:56 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 11:59:54 | 00,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 11:59:52 | 00,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 19:36:04 | 00,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/08 23:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/01 16:31:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/20 03:51:34 | 00,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 03:49:04 | 00,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 03:29:06 | 00,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/01/04 21:48:50 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\syswow64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...r...R&bmod=SNYR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\syswow64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.73.54.61:51499

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {63b70e6a-ea9d-4de2-8166-d6c4308099ee}:1.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1.265
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.5.8
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.3
FF - prefs.js..extensions.enabledItems: {e26ba8db-a646-a44e-997c-2fafeadb50f2}:1.0.7
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {ec9CEB59-8266-438b-91D9-82F56D595E15}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/07 09:19:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/13 15:44:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/12/05 22:50:45 | 00,000,000 | ---D | M]

[2009/09/21 11:00:39 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Extensions
[2009/12/16 09:29:45 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions
[2009/08/15 07:21:29 | 00,000,000 | ---D | M] (FlashGot) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 11:37:56 | 00,000,000 | ---D | M] (Html Validator) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2009/08/07 21:37:39 | 00,000,000 | ---D | M] (LinkChecker) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2009/07/16 07:49:19 | 00,000,000 | ---D | M] (Affiliate Espionage) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
[2009/06/05 16:21:17 | 00,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009/06/05 16:21:17 | 00,000,000 | ---D | M] (No name found) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/08/20 08:23:45 | 00,000,000 | ---D | M] (OnlyWire) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2009/06/05 16:21:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2009/08/05 11:37:52 | 00,000,000 | ---D | M] (GooglePreview) -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/08/20 08:11:20 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/12/02 17:10:30 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/08/05 11:37:52 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Mozilla\Firefox\Profiles\8gfw3ob8.default\extensions\[email protected]
[2009/12/02 09:13:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/05/07 16:27:36 | 00,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: (802 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 72.167.174.84 www.senuke.com
O1 - Hosts: 72.167.174.84 senuke.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: () - {CBB66A7C-D257-4A02-A8D5-6C9355F91308} - C:\Program Files (x86)\OnlyWireToolbar\onlywiretoolbar.dll (http://www.plugins-soft.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Onlywire Toolbar) - {73E71843-3A3D-4B26-AB6E-0ADCEE4B5FA7} - C:\Program Files (x86)\OnlyWireToolbar\onlywiretoolbar.dll (http://www.plugins-soft.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1241277948\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (EM\) - File not found
O30:64bit: - LSA: Security Packages - (hared\DLLShared\y Packages settin) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (hared\DLLShared\y Packages settin) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/06 17:34:36 | 00,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\{4e018749-383e-11de-a804-00214fbcdd64}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/17 14:10:23 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/17 14:09:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/12/17 14:08:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\icyred\Desktop\erunt_setup.exe
[2009/12/16 19:54:49 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Apple Computer
[2009/12/16 19:12:24 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\Rose
[2009/12/16 18:27:11 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/16 17:21:36 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\The_Expert_Guide_To_Affiliate_Marketing
[2009/12/16 17:20:04 | 00,000,000 | ---D | C] -- C:\Users\icyred\Desktop\CompleteHouse_PLR
[2009/12/07 08:12:04 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/12/07 08:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/06 00:49:08 | 00,000,000 | ---D | C] -- C:\Users\icyred\Documents\Books
[2009/12/05 23:18:20 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Sony
[2009/12/05 23:18:07 | 00,000,000 | ---D | C] -- C:\Users\icyred\Podcasts
[2009/12/05 23:18:07 | 00,000,000 | ---D | C] -- C:\Users\icyred\Documents\Media Go
[2009/12/05 22:51:08 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Downloaded Installations
[2009/12/05 22:49:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/12/05 22:49:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/12/05 22:49:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2009/12/05 22:49:22 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\Apple
[2009/12/05 22:49:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/12/05 22:49:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/12/05 20:33:28 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Roaming\Sony Setup
[2009/12/05 20:33:28 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Roaming\Sony
[2009/12/05 20:33:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2009/12/05 10:35:22 | 00,134,656 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2009/12/05 10:16:23 | 00,000,000 | ---D | C] -- C:\Users\icyred\AppData\Local\ICS
[2009/12/04 19:28:45 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/04 08:59:31 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/06/03 23:09:46 | 00,495,616 | ---- | C] (Mass Article Submitter) -- C:\Program Files (x86)\MassArticleSubmitter.exe
[2009/01/15 19:54:50 | 00,024,576 | ---- | C] (CreatorCo) -- C:\Program Files (x86)\HttpLibrary.dll

========== Files - Modified Within 14 Days ==========

[2009/12/17 15:39:05 | 03,932,160 | ---- | M] () -- C:\Users\icyred\ntuser.dat
[2009/12/17 15:38:56 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ABF28A3D-A0D6-48C8-88A5-CB6AC5CA154E}.job
[2009/12/17 14:39:34 | 00,002,651 | ---- | M] () -- C:\Users\icyred\Desktop\Microsoft Office Word 2007.lnk
[2009/12/17 14:09:17 | 00,000,763 | ---- | M] () -- C:\Users\icyred\Desktop\NTREGOPT.lnk
[2009/12/17 14:09:17 | 00,000,744 | ---- | M] () -- C:\Users\icyred\Desktop\ERUNT.lnk
[2009/12/17 14:08:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\icyred\Desktop\erunt_setup.exe
[2009/12/17 13:45:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 13:45:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 13:45:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/17 13:45:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 13:44:34 | 42,604,05248 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/17 13:43:46 | 00,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/17 13:43:43 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/17 13:43:43 | 00,065,536 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TM.blf
[2009/12/16 20:28:06 | 00,057,856 | ---- | M] () -- C:\Users\icyred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 19:39:07 | 51,521,024 | ---- | M] () -- C:\Users\icyred\Desktop\Final Final1.ppt
[2009/12/16 19:38:06 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/16 19:38:06 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/16 19:38:06 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/16 18:26:56 | 04,775,501 | -H-- | M] () -- C:\Users\icyred\AppData\Local\IconCache.db
[2009/12/16 13:19:22 | 53,367,813 | ---- | M] () -- C:\Users\icyred\Desktop\Final Final.pptx
[2009/12/15 18:56:26 | 00,000,000 | ---- | M] () -- C:\ProgramData\646451035
[2009/12/15 11:38:38 | 05,853,608 | ---- | M] () -- C:\Users\icyred\Desktop\02 Track 02.m4a
[2009/12/13 16:20:29 | 00,144,200 | ---- | M] () -- C:\Users\icyred\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/13 16:20:08 | 03,102,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/11 11:00:00 | 01,914,880 | ---- | M] () -- C:\Users\icyred\Documents\ny appliance repair .msam
[2009/12/11 02:00:18 | 00,001,682 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L49EBFB0C18FF40C5A5A5F8CD97DE7D41.job
[2009/12/10 03:22:21 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 12:34:27 | 00,524,288 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{54e2b560-a9f3-11de-8b7d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 12:34:27 | 00,065,536 | -HS- | M] () -- C:\Users\icyred\ntuser.dat{54e2b560-a9f3-11de-8b7d-806e6f6e6963}.TM.blf
[2009/12/09 07:47:26 | 00,283,790 | ---- | M] () -- C:\test.xml
[2009/12/08 16:18:37 | 00,072,658 | ---- | M] () -- C:\Users\icyred\Documents\image002.jpg
[2009/12/08 13:57:18 | 00,014,368 | ---- | M] () -- C:\Users\icyred\Documents\Laptop Comparison.docx
[2009/12/07 13:08:04 | 00,065,536 | ---- | M] () -- C:\Users\icyred\Desktop\all_logins1.doc
[2009/12/07 09:19:31 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/07 08:12:16 | 00,001,805 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/07 08:12:15 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/12/06 10:27:13 | 10,949,628 | ---- | M] () -- C:\Users\icyred\Desktop\Update_kindle2_gw_2.3.bin
[2009/12/05 22:51:31 | 00,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2009/12/04 23:17:54 | 00,225,604 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009/12/17 14:09:17 | 00,000,763 | ---- | C] () -- C:\Users\icyred\Desktop\NTREGOPT.lnk
[2009/12/17 14:09:17 | 00,000,744 | ---- | C] () -- C:\Users\icyred\Desktop\ERUNT.lnk
[2009/12/16 20:16:16 | 05,853,608 | ---- | C] () -- C:\Users\icyred\Desktop\02 Track 02.m4a
[2009/12/16 19:39:03 | 51,521,024 | ---- | C] () -- C:\Users\icyred\Desktop\Final Final1.ppt
[2009/12/16 19:34:58 | 53,367,813 | ---- | C] () -- C:\Users\icyred\Desktop\Final Final.pptx
[2009/12/15 18:56:26 | 00,000,000 | ---- | C] () -- C:\ProgramData\646451035
[2009/12/10 03:00:46 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009/12/10 03:00:42 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009/12/10 03:00:42 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009/12/09 12:36:08 | 00,524,288 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 12:36:08 | 00,524,288 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 12:36:08 | 00,065,536 | -HS- | C] () -- C:\Users\icyred\ntuser.dat{e5a69b3e-e4e8-11de-a54b-806e6f6e6963}.TM.blf
[2009/12/09 06:21:22 | 00,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2009/12/09 06:21:00 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/12/09 06:20:58 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/12/09 06:20:52 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/12/09 06:20:51 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/12/09 06:20:50 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/12/09 06:20:50 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/12/09 06:20:50 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/12/09 06:20:48 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/12/09 06:20:47 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/12/09 06:20:46 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/12/09 06:20:46 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/12/09 06:20:45 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/12/09 06:20:45 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/12/09 06:20:45 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/09 06:20:44 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/12/09 06:20:44 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/12/09 06:20:44 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/12/09 06:20:43 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/12/09 06:20:43 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/12/09 06:20:42 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/12/09 06:20:11 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009/12/09 06:20:10 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009/12/08 16:18:37 | 00,072,658 | ---- | C] () -- C:\Users\icyred\Documents\image002.jpg
[2009/12/08 13:57:16 | 00,014,368 | ---- | C] () -- C:\Users\icyred\Documents\Laptop Comparison.docx
[2009/12/07 08:12:16 | 00,053,840 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/12/07 08:12:16 | 00,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/12/07 08:12:16 | 00,001,805 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/07 08:12:15 | 00,097,480 | ---- | C] () -- C:\Windows\SysNative\AvastSS.scr
[2009/12/07 08:12:15 | 00,089,680 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/12/07 08:12:15 | 00,065,616 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/12/07 08:12:15 | 00,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/12/07 08:12:15 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/12/07 08:12:04 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/12/06 10:27:13 | 10,949,628 | ---- | C] () -- C:\Users\icyred\Desktop\Update_kindle2_gw_2.3.bin
[2009/12/05 22:51:31 | 00,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2009/12/05 20:34:17 | 00,409,494 | ---- | C] () -- C:\Users\icyred\AppData\Local\dd_vcredistMSI6BCF.txt
[2009/12/05 20:34:17 | 00,011,682 | ---- | C] () -- C:\Users\icyred\AppData\Local\dd_vcredistUI6BCF.txt
[2009/12/04 23:17:54 | 00,225,604 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/11/17 08:30:43 | 00,004,110 | ---- | C] () -- C:\ProgramData\wsrenaae.pyv
[2009/11/17 08:30:43 | 00,000,000 | ---- | C] () -- C:\ProgramData\3810472766
[2009/11/13 10:30:06 | 00,004,110 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/08/19 13:59:07 | 00,000,000 | ---- | C] () -- C:\Users\icyred\AppData\Roaming\wklnhst.dat
[2009/07/18 16:36:18 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/10 21:45:14 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/03 19:49:34 | 00,057,856 | ---- | C] () -- C:\Users\icyred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/03 19:08:54 | 00,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/05/02 19:20:10 | 00,000,732 | ---- | C] () -- C:\Users\icyred\AppData\Local\d3d9caps64.dat
[2009/05/01 14:11:49 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/05/01 13:45:19 | 00,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/10 14:39:20 | 00,000,187 | ---- | C] () -- C:\Program Files (x86)\MassArticleSubmitter.exe.config
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/08/15 07:39:57 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Auslogics
[2009/05/04 20:31:05 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\GlobalSCAPE
[2009/11/19 04:16:18 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/05/04 20:35:25 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\OpenOffice.org
[2009/08/15 07:39:04 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Snappy Fax
[2009/05/18 16:50:42 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Snappy Fax Archives
[2009/12/05 23:18:06 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Sony
[2009/12/05 20:34:44 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Sony Setup
[2009/11/20 11:08:34 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Template
[2009/06/05 16:21:18 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\Thunderbird
[2009/11/29 11:22:24 | 00,000,000 | ---D | M] -- C:\Users\icyred\AppData\Roaming\uTorrent
[2009/12/17 13:43:45 | 00,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/17 15:38:56 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ABF28A3D-A0D6-48C8-88A5-CB6AC5CA154E}.job
[2009/12/11 02:00:18 | 00,001,682 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L49EBFB0C18FF40C5A5A5F8CD97DE7D41.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/10/16 21:16:52 | 00,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:F7862839
< End of report >

Edited by icyred, 21 December 2009 - 04:44 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP