Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus

Started by Mandarie , Sep 26 2010 05:58 PM

  • Please log in to reply

#1
Mandarie
Posted 26 September 2010 - 05:58 PM

Mandarie

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I am encountering a redirect virus. It is continually getting worse. I am running Firefox and using Windows 7. Thank you in advance for you help. Here are all the logs I pulled.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/26/2010 7:21:55 PM
mbam-log-2010-09-26 (19-21-55).txt

Scan type: Quick Scan
Objects scanned: 95153
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
OTL

OTL logfile created on: 9/26/2010 7:17:27 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mandarie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.37 Gb Total Space | 203.05 Gb Free Space | 69.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.11% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANDARIE-VAIO
Current User Name: Mandarie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/26 19:16:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mandarie\Downloads\OTL.exe
PRC - [2010/09/18 14:49:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/18 14:49:25 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/07 17:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Mandarie\AppData\Local\Temp\jZip\jZip2128B\jZip31249\gmer.exe
PRC - [2009/09/03 15:07:12 | 002,782,656 | ---- | M] (Discordia Limited) -- C:\Program Files (x86)\jZip\jZip.exe
PRC - [2009/07/27 19:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/27 19:58:38 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/27 19:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/27 19:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/27 19:58:36 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/27 19:58:36 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009/07/23 13:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 13:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 18:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/01 14:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/01 14:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/26 17:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/09/26 19:16:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mandarie\Downloads\OTL.exe
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/13 21:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/22 17:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/24 00:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/26 17:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 17:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 21:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/29 19:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/31 16:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/27 19:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 19:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 19:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 19:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 19:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 13:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 13:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 13:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 18:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 14:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 14:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 14:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/08/04 21:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/08/04 21:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 16:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 16:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 16:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 16:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 16:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 16:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 16:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/27 16:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 01:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hotbar\bin\11.0.117.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/20 19:50:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/20 19:50:49 | 000,000,000 | ---D | M]

[2010/07/04 17:01:22 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Mozilla\Extensions
[2010/07/04 17:01:22 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Mozilla\Firefox\Profiles\88yauv3p.default\extensions
[2010/07/04 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Mozilla\Firefox\Profiles\jfv3kk43.default\extensions
[2010/07/04 16:53:56 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Mandarie\AppData\Roaming\Mozilla\Firefox\Profiles\jfv3kk43.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/09/17 20:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/25 07:50:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{523e0918-12a1-11df-9069-0024be7812ff}\Shell - "" = AutoRun
O33 - MountPoints2\{523e0918-12a1-11df-9069-0024be7812ff}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{523e0918-12a1-11df-9069-0024be7812ff}\Shell\directx\command - "" = D:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{523e0918-12a1-11df-9069-0024be7812ff}\Shell\setup\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 19:13:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/26 19:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/26 19:07:51 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mandarie\Desktop\TFC.exe
[2010/09/25 16:00:42 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\Desktop\reeval
[2010/09/24 21:39:16 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Playtinum
[2010/09/23 19:33:56 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\FamilyRestaurant
[2010/09/23 17:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Restaurant
[2010/09/23 17:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Artifex Mundi
[2010/09/23 17:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hospital Haste
[2010/09/19 20:08:20 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\BigFish
[2010/09/19 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFish
[2010/09/12 12:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/09/11 21:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWinner.com
[2010/09/06 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/09/06 12:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/09/05 16:41:49 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Silverback Productions
[2010/09/05 16:35:51 | 000,000,000 | ---D | C] -- C:\Windows\Secrets of the Dragon Wheel
[2010/09/05 09:43:53 | 000,000,000 | ---D | C] -- C:\Windows\Robin's Quest
[2010/09/04 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Gogii
[2010/09/03 20:32:20 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\vlc
[2010/08/30 19:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/29 11:02:53 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\WinZip
[2010/08/28 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Jumb-O-Fun Games
[2010/08/28 11:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\backups
[2010/08/28 10:51:28 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe
[2010/08/25 18:28:24 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2010/08/25 18:25:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/25 07:23:58 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2010/08/25 07:23:58 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2010/08/25 07:23:58 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2010/08/25 07:23:58 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2010/08/19 11:45:25 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\Desktop\Portfolio
[2010/08/07 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\IrfanView
[2010/08/07 13:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/08/07 13:14:24 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Pixmantec
[2010/08/01 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\WinRAR
[2010/08/01 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\Graboid_Inc
[2010/08/01 18:50:39 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\Graboid
[2010/08/01 18:50:38 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\MozillaControl
[2010/08/01 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2010/08/01 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/28 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\YoudaGames JanesZOO
[2010/07/28 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VogueTales
[2010/07/28 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Shape games
[2010/07/27 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\EleFun Games
[2010/07/27 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Namco Networks
[2010/07/27 21:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Namco Networks
[2010/07/27 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Namco
[2010/07/27 21:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Namco
[2010/07/27 20:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/07/27 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Youdagames
[2010/07/27 19:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
[2010/07/27 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youdagames
[2010/07/23 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\IBAGroup
[2010/07/17 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\skypePM
[2010/07/17 12:51:36 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\Skype
[2010/07/17 12:51:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/07/17 12:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/16 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Vasilek Games
[2010/07/14 23:09:03 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\PlayFirst
[2010/07/14 23:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010/07/14 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Roaming\ViquaSoft
[2010/07/14 22:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2010/07/14 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\Desktop\Apple Core
[2010/07/10 01:24:53 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\CrashDumps
[2010/07/04 17:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/07/04 17:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/30 21:49:28 | 000,000,000 | ---D | C] -- C:\Users\Mandarie\AppData\Local\WildPockets
[2010/06/29 21:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softendo.com
[2010/06/29 18:57:07 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/29 18:57:07 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/29 18:57:07 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/29 18:57:05 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/29 18:57:04 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/29 18:56:36 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/06/29 18:56:35 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/29 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/29 18:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

========== Files - Modified Within 90 Days ==========

[2010/09/26 19:22:28 | 002,621,440 | -HS- | M] () -- C:\Users\Mandarie\ntuser.dat
[2010/09/26 19:18:43 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 19:18:43 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 19:12:39 | 000,000,888 | ---- | M] () -- C:\Users\Mandarie\Desktop\NTREGOPT.lnk
[2010/09/26 19:12:39 | 000,000,869 | ---- | M] () -- C:\Users\Mandarie\Desktop\ERUNT.lnk
[2010/09/26 19:10:30 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/09/26 19:10:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/26 19:10:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/26 19:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 19:09:54 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/26 19:09:16 | 005,184,539 | -H-- | M] () -- C:\Users\Mandarie\AppData\Local\IconCache.db
[2010/09/26 19:07:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mandarie\Desktop\TFC.exe
[2010/09/25 19:24:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/25 19:24:14 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/25 19:24:14 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/25 17:44:58 | 000,000,926 | ---- | M] () -- C:\Users\Mandarie\Desktop\keep - Shortcut.lnk
[2010/09/25 15:04:59 | 000,116,224 | ---- | M] () -- C:\Users\Mandarie\Desktop\businesscard.jpg
[2010/09/24 21:39:08 | 000,000,044 | ---- | M] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/09/24 21:38:45 | 000,000,760 | ---- | M] () -- C:\Users\Mandarie\Desktop\Plan N Plant.lnk
[2010/09/23 17:32:48 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Play Family Restaurant.lnk
[2010/09/23 17:32:48 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/23 17:31:10 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Play Hospital Haste.lnk
[2010/09/19 18:38:36 | 000,001,903 | ---- | M] () -- C:\Users\Mandarie\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/09/19 18:38:36 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/09/15 20:06:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/12 12:32:23 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/06 12:18:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Pixillion Image Converter.lnk
[2010/08/29 11:20:50 | 001,118,200 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/28 10:51:28 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe
[2010/08/25 18:30:38 | 000,000,000 | -H-- | M] () -- C:\Users\Mandarie\Documents\Default.rdp
[2010/08/25 07:51:30 | 000,524,288 | -HS- | M] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TMContainer00000000000000000002.regtrans-ms
[2010/08/25 07:51:30 | 000,524,288 | -HS- | M] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TMContainer00000000000000000001.regtrans-ms
[2010/08/25 07:51:30 | 000,065,536 | -HS- | M] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TM.blf
[2010/08/25 07:50:30 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/17 18:12:33 | 001,025,194 | ---- | M] () -- C:\Users\Mandarie\Desktop\childplacketsweater.pdf
[2010/08/08 12:17:04 | 001,469,426 | ---- | M] () -- C:\Users\Mandarie\Desktop\FC00198.pdf
[2010/07/17 12:52:37 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/07/04 14:06:43 | 000,001,927 | ---- | M] () -- C:\Users\Mandarie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/09/26 19:12:39 | 000,000,888 | ---- | C] () -- C:\Users\Mandarie\Desktop\NTREGOPT.lnk
[2010/09/26 19:12:39 | 000,000,869 | ---- | C] () -- C:\Users\Mandarie\Desktop\ERUNT.lnk
[2010/09/25 17:44:58 | 000,000,926 | ---- | C] () -- C:\Users\Mandarie\Desktop\keep - Shortcut.lnk
[2010/09/25 15:04:57 | 000,116,224 | ---- | C] () -- C:\Users\Mandarie\Desktop\businesscard.jpg
[2010/09/24 21:39:07 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/09/24 21:38:45 | 000,000,760 | ---- | C] () -- C:\Users\Mandarie\Desktop\Plan N Plant.lnk
[2010/09/23 17:32:48 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Play Family Restaurant.lnk
[2010/09/23 17:32:48 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/23 17:31:10 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Play Hospital Haste.lnk
[2010/09/12 12:32:23 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/06 12:18:39 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Pixillion Image Converter.lnk
[2010/08/28 15:03:11 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/08/28 10:51:46 | 000,010,499 | ---- | C] () -- C:\Program Files (x86)\hijackthis.log
[2010/08/25 18:30:38 | 000,000,000 | -H-- | C] () -- C:\Users\Mandarie\Documents\Default.rdp
[2010/08/17 18:12:31 | 001,025,194 | ---- | C] () -- C:\Users\Mandarie\Desktop\childplacketsweater.pdf
[2010/08/08 12:17:02 | 001,469,426 | ---- | C] () -- C:\Users\Mandarie\Desktop\FC00198.pdf
[2010/07/25 09:49:42 | 000,524,288 | -HS- | C] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TMContainer00000000000000000002.regtrans-ms
[2010/07/25 09:49:42 | 000,524,288 | -HS- | C] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 09:49:42 | 000,065,536 | -HS- | C] () -- C:\Users\Mandarie\ntuser.dat{4bd2b777-97f3-11df-a51a-0024be7812ff}.TM.blf
[2010/07/17 12:52:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/04 17:52:29 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/07/04 17:52:29 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/07/04 17:52:29 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/07/04 17:52:29 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/07/04 14:06:43 | 000,001,927 | ---- | C] () -- C:\Users\Mandarie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/29 18:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/01/24 13:05:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/08 21:29:44 | 000,003,298 | ---- | C] () -- C:\Users\Mandarie\AppData\Roaming\com.kennettnet.MusicRescue.plist
[2010/01/08 21:29:41 | 000,000,660 | ---- | C] () -- C:\Users\Mandarie\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
[2009/11/27 15:37:49 | 000,000,000 | ---- | C] () -- C:\Users\Mandarie\AppData\Roaming\wklnhst.dat
[2009/09/03 02:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/24 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\.purple
[2010/05/02 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Alawar
[2010/09/23 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Artifex Mundi
[2010/03/27 01:38:31 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Azureus
[2010/06/25 01:25:17 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\BitComet
[2010/08/01 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\BitTorrent
[2009/12/19 16:24:44 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Boolat Games
[2010/02/05 18:16:58 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\DAEMON Tools Lite
[2010/07/28 22:01:38 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\EleFun Games
[2010/03/10 23:04:18 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Farm Mania 2
[2010/06/25 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\freshgames
[2010/06/29 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Fugazo
[2010/09/05 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Gogii
[2010/07/04 14:43:32 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\gtk-2.0
[2010/06/25 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Hotdog Hotshot
[2010/07/23 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\IBAGroup
[2010/08/07 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\IrfanView
[2010/08/28 16:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Jumb-O-Fun Games
[2010/03/10 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Ladia Group
[2010/05/02 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Meridian93
[2010/03/11 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Merscom
[2010/07/27 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Namco
[2010/07/27 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Namco Networks
[2010/07/28 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\NevoSoft Games
[2010/02/28 13:52:26 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Peace Craft
[2010/08/07 13:14:24 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Pixmantec
[2010/09/01 21:40:43 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\PlayFirst
[2009/12/14 21:53:04 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Playrix Entertainment
[2010/09/24 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Playtinum
[2010/06/20 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Pogo
[2010/02/09 17:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Pogo Games
[2010/07/28 11:58:46 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Shape games
[2010/03/25 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\ShinyTales
[2010/09/05 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Silverback Productions
[2010/02/06 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Sudden Games LLC
[2010/06/26 00:32:45 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\SulusGames
[2009/12/02 22:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Template
[2010/05/03 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\UClick
[2010/07/14 22:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\ViquaSoft
[2010/02/07 11:22:24 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\World-Loom
[2010/07/29 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\Youdagames
[2010/07/28 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Mandarie\AppData\Roaming\YoudaGames JanesZOO
[2009/07/14 01:08:49 | 000,022,924 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/11 21:26:56 | 000,001,394 | ---- | M] () -- C:\DTLog.txt
[2010/09/26 19:09:54 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/03 02:37:22 | 000,304,760 | ---- | M] () -- C:\lv.log
[2010/09/26 19:09:58 | 4126,167,040 | -HS- | M] () -- C:\pagefile.sys
[2009/08/18 20:24:12 | 000,002,849 | ---- | M] () -- C:\RHDSetup.log
[2009/09/03 02:37:16 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2009/07/14 14:41:16 | 000,003,792 | -H-- | M] () -- C:\version

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:01BEC24A
@Alternate Data Stream - 85 bytes -> C:\ProgramData\Namco Networks:$ES_DESCRIPTOR_PBPUV9VK9V89FMRVCL9YERB3CKN64EKC480B9CKNSGKTBRK4RHETVVJVKVVVVV4VM
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9FFN4TK1RVDNGCMN1G5DNSWGLJAKPTJ2TB2W21J5MVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMV89V8NYTKBRVLNJCMPLYJE4Y82LHKKNBJ2TBBWP1HAMVVPVVVVTVVJVT
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TKBRVDNJCMFRJ5M9RTDPJCMVV4VLVFVVLJVM
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9V8N4TK1RVDNJCMPLY9D9YHGMHKMVF4VKVFVVLJVE
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFNYTKBRVLNGCMPL9EKVRF1XYCDVLJVKVK5V14TJ
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFN4TK1RVDNGCMFL9EK1S57NGCKVL9VEVK5VXJTD
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMVF9FFNYTK1RVLNJCMLKYELB88XL0UKVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMVF9FFNYTK1RVDNJCMPLJ2K4AU21457VVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMVF9FFN4TK1RVDNJCMLP4AMBXFSM0JKVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMVF9F8N4TK1RVLNJCMRLY9D18F2MHKMVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMV89FFNYTK1RVLNGCMSLY4M4YKPN4T7VV4VKVV6VVJVK
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMV89FFN4TK1RVDNJCMLP4AMBXFSM0JKVVBVTVVBVVVVT
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GKMV89F8N4TK1RVLNJCML1HEKCXEPL447VV4VTVVTVFJVM
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVF2VCGFMV89KFN4TK1RVDNGCMLRHWM48FBLHDTPL9TK2SYFN0DEPMHJT98WPL3WKVL4KDVYTXSJC7
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:654D8415
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:978345F0
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9D5BB34A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6FD36C4B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B0193F8E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0E67073E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F35AE645
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C962B363
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:99C301D0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:88AE8AB0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:BCDC6E07
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9E9A3410
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:76466F4C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:413E2927
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5F8E280
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:16F2A6FF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07D9FF25
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:393F7B1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A7B70C4E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3F8CDC43
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2CE15176
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:288A91F8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EB69CC19
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:73461BFA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A4BF246C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:04BB186B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DA18D4E3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31A2B3E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E2B84483
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB779A93
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:71F04C26
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6813E7F4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AC0528D9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E0EBA003
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:11EFE63D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:971DCCE2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A2862FF
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:966CEAE7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:15752405
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D02FBAEC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F50A55A
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F9E10A82
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8B51CAAE
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:126591AF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:74091520
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:95198126
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP