Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows will not boot and some nasty stuff found with Kaspersky Rescue

Started by moussaka , Mar 12 2012 01:35 AM

  • Please log in to reply

#1
moussaka
Posted 12 March 2012 - 01:35 AM

moussaka

    Member

  • Member
  • PipPip
  • 12 posts
So a family friend called me earlier today saying their computer was going slow so they tried to restart it. After restarting, the computer would no longer boot into windows. It stops right after the BIOS screen. I've ran a few tests and found the Olmarik.axy.trojan with one and another that I'm running now has found all the crap in this screen shot.

Posted Image

Does this thing have any hope at all? I really don't know where to start because I've googled some of these things and they look pretty awful. I don't know if the MBR is too broke to fix... Any help is greatly appreciated. I'd like to get this fixed asap as the kids have some projects they need off the PC for school.
  • 0

Advertisements

#2
moussaka
Posted 12 March 2012 - 12:50 PM

moussaka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK... I repaired the MBR and it allowed me to get into windows. I ran the OTL program, so here is the log from that.


OTL logfile created on: 3/12/2012 1:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = I:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.29% Memory free
11.98 Gb Paging File | 9.77 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 587.91 Gb Total Space | 297.33 Gb Free Space | 50.57% Space Free | Partition Type: NTFS
Drive D: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 989.94 Mb Total Space | 989.36 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: GIDEONANDETHAN | User Name: Gideon and Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 13:23:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2011/11/11 19:25:36 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2011/11/11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/08/14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/10/05 15:28:12 | 001,060,352 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/07/21 20:56:57 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/01/20 10:27:42 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/01/20 10:27:12 | 000,061,256 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/01/20 10:17:04 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 17:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/27 14:19:12 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 04:34:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/17 04:34:08 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/17 04:29:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 04:29:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/17 04:29:42 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/17 04:29:02 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:28:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/17 04:28:33 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/17 04:28:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 04:27:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 04:27:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 04:27:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 03:31:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/17 18:47:22 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.87.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/03/17 18:47:22 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.87.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/03/17 18:47:22 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.87.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/03/17 18:47:22 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.87.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/03/17 18:47:22 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/03/17 18:47:22 | 000,036,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2010/03/17 18:47:22 | 000,036,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/03/17 18:47:22 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/03/17 18:47:22 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/03/17 18:47:22 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.87.0__bebb3c8816410241\LightFX.dll
MOD - [2010/03/17 18:47:22 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll
MOD - [2010/03/17 18:47:22 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.87.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/03/17 18:47:22 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.87.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/03/17 18:47:22 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2010/03/17 18:47:22 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.87.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/03/17 18:47:22 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.87.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/03/17 18:47:22 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2010/03/17 18:47:22 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2010/01/20 10:17:08 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
MOD - [2010/01/20 10:17:04 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/28 16:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/05 15:25:34 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/01/20 10:17:20 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/12/24 08:55:30 | 002,430,304 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/10/27 14:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/06/03 18:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/03/09 23:36:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/10/05 15:28:12 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/10/05 15:27:44 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/07/21 20:56:57 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/27 14:19:12 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/03 20:04:05 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/28 17:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 17:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 15:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/06 17:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/03/17 18:37:48 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2010/01/20 17:26:22 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/10 14:48:44 | 000,051,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 15:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/03 05:54:06 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS -- (NAVEX15)
DRV - [2012/03/03 05:54:06 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS -- (NAVENG)
DRV - [2012/03/02 13:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/03 21:57:35 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 21:57:35 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/09 10:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)
DRV - [2009/04/15 23:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/17 19:30:15] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000025648baa83
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000025648baa83
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = browseforchange/search/redirect/?type=default&user_id=04155a32-4e75-4994-acc8-a6b4c972b944&query={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Gideon and Ethan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gideon and Ethan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/23 23:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/01 04:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/03/12 13:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 10:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/31 12:26:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/23 23:22:20 | 000,000,000 | ---D | M]

[2010/04/08 17:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Extensions
[2010/04/08 17:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/11 17:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions
[2011/12/16 17:00:48 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\{0e2b2240-6b9f-4545-8ab3-15df82bcc692}
[2012/03/02 23:56:35 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/03/02 23:56:32 | 000,000,000 | ---D | M] (Browse For Change) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\[email protected]
[2012/03/11 17:44:35 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\[email protected]
[2010/05/21 15:21:58 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\[email protected]
[2011/05/10 17:37:48 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Gideon and Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\3e6udoo6.default\extensions\[email protected]
[2011/11/09 18:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/13 20:46:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/08 17:42:21 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:21 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:21 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:21 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:20 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:20 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/04/08 17:42:20 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/19 10:07:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/02 23:55:45 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/19 10:07:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/19 10:07:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Gideon and Ethan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Gideon and Ethan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: I Want This = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.15.26_0\
CHR - Extension: Gmail = C:\Users\Gideon and Ethan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/02/06 20:10:43 | 000,000,826 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Gideon and Ethan\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Gideon and Ethan\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iBryte browseforchange Desktop] C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .3dml - C:\Program Files (x86)\Flatland\NPRover.dll (Flatland Online Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2DB49E-0B44-43C5-9C04-DDCACBBE4900}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:06:35 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f189f6e5-322d-11df-903b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f189f6e5-322d-11df-903b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 16:11:48 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/03/10 11:59:51 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Roaming\Origin
[2012/03/10 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Local\Origin
[2012/03/10 11:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/03/10 11:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/03/10 11:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/03/03 00:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
[2012/03/03 00:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facade
[2012/03/02 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Local\I Want This
[2012/03/02 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I Want This
[2012/03/02 23:56:24 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Roaming\Complitly
[2012/03/02 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Complitly
[2012/03/02 23:55:44 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Local\Babylon
[2012/03/02 23:55:42 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Roaming\Babylon
[2012/03/02 23:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/02 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
[2012/03/02 23:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
[2012/03/02 23:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABC
[2012/02/27 20:21:41 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\Desktop\Sims 3
[2012/02/27 07:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/27 07:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/27 07:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/18 20:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/02/17 17:09:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/13 13:27:27 | 000,000,000 | ---D | C] -- C:\Users\Gideon and Ethan\AppData\Local\ElevatedDiagnostics
[1 C:\Users\Gideon and Ethan\Documents\*.tmp files -> C:\Users\Gideon and Ethan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 13:28:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 13:28:48 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 13:28:48 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/12 13:21:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 13:21:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 13:14:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 13:13:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 13:13:49 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 17:37:09 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/11 13:34:23 | 000,247,296 | ---- | M] () -- C:\Users\Gideon and Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/10 15:27:47 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/10 15:26:14 | 000,000,218 | ---- | M] () -- C:\Users\Gideon and Ethan\Desktop\The Sims™ 3 Showtime.lnk
[2012/03/08 14:37:29 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/06 10:09:51 | 000,002,184 | ---- | M] () -- C:\{7308F79C-A015-4670-9143-40E30E7E20EA}
[2012/03/03 00:22:37 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\Façade.lnk
[2012/03/02 23:55:53 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/02/28 06:22:12 | 000,002,288 | ---- | M] () -- C:\{E02DBCE2-D423-4DEB-8EAB-B289D7250C22}
[2012/02/28 06:19:19 | 000,002,184 | ---- | M] () -- C:\{E20C5CEC-5D5D-4FD0-9C68-CE0B70CA3AA3}
[2012/02/27 07:50:28 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/21 03:51:40 | 000,002,168 | ---- | M] () -- C:\{70AB1C50-AC1F-47F7-9126-EFD904A4107D}
[2012/02/21 03:49:45 | 000,002,288 | ---- | M] () -- C:\{3BB77B87-D080-436A-B6F8-80ED4EFCD4BD}
[2012/02/21 03:45:26 | 000,002,184 | ---- | M] () -- C:\{4ECD4B6C-1A00-4226-A4FF-D82427F7AA4F}
[2012/02/20 17:43:17 | 000,001,144 | ---- | M] () -- C:\Users\Gideon and Ethan\Documents\Documents - Shortcut.lnk
[2012/02/19 10:07:34 | 000,002,050 | ---- | M] () -- C:\Users\Gideon and Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/17 04:25:48 | 004,862,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/17 04:03:10 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 00:53:45 | 000,002,184 | ---- | M] () -- C:\{2E38CBC2-FABB-4F87-9FAC-2E04070F32DF}
[2012/02/12 11:27:21 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Unfinished Business.lnk
[2012/02/12 11:27:21 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Tomb Raider.lnk
[1 C:\Users\Gideon and Ethan\Documents\*.tmp files -> C:\Users\Gideon and Ethan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 15:26:14 | 000,000,218 | ---- | C] () -- C:\Users\Gideon and Ethan\Desktop\The Sims™ 3 Showtime.lnk
[2012/03/10 11:59:47 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/10 11:18:02 | 000,002,566 | ---- | C] () -- C:\Users\Gideon and Ethan\Desktop\Norton 360.lnk
[2012/03/10 11:18:02 | 000,002,169 | ---- | C] () -- C:\Users\Gideon and Ethan\Desktop\HP Photosmart Essential 3.5 - Copy.lnk
[2012/03/10 11:18:02 | 000,001,299 | ---- | C] () -- C:\Users\Gideon and Ethan\Desktop\AVS4YOU Software Navigator - Copy.lnk
[2012/03/06 10:09:51 | 000,002,184 | ---- | C] () -- C:\{7308F79C-A015-4670-9143-40E30E7E20EA}
[2012/03/03 00:22:32 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\Façade.lnk
[2012/03/02 23:55:56 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/03/02 23:55:51 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/02/28 06:22:11 | 000,002,288 | ---- | C] () -- C:\{E02DBCE2-D423-4DEB-8EAB-B289D7250C22}
[2012/02/28 06:19:18 | 000,002,184 | ---- | C] () -- C:\{E20C5CEC-5D5D-4FD0-9C68-CE0B70CA3AA3}
[2012/02/27 07:50:28 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/21 03:51:37 | 000,002,168 | ---- | C] () -- C:\{70AB1C50-AC1F-47F7-9126-EFD904A4107D}
[2012/02/21 03:49:43 | 000,002,288 | ---- | C] () -- C:\{3BB77B87-D080-436A-B6F8-80ED4EFCD4BD}
[2012/02/21 03:45:25 | 000,002,184 | ---- | C] () -- C:\{4ECD4B6C-1A00-4226-A4FF-D82427F7AA4F}
[2012/02/20 17:43:17 | 000,001,144 | ---- | C] () -- C:\Users\Gideon and Ethan\Documents\Documents - Shortcut.lnk
[2012/02/17 04:03:10 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 00:53:44 | 000,002,184 | ---- | C] () -- C:\{2E38CBC2-FABB-4F87-9FAC-2E04070F32DF}
[2011/12/29 20:58:57 | 000,004,320 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\277wuo61s056hr14l0vfq2v228316x46v6674
[2011/12/29 20:58:57 | 000,004,320 | -HS- | C] () -- C:\ProgramData\277wuo61s056hr14l0vfq2v228316x46v6674
[2011/12/28 23:12:47 | 000,003,736 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\l1753si1607dp7b5i638557ttqfuf7gkc4pe32
[2011/12/28 23:12:47 | 000,003,736 | -HS- | C] () -- C:\ProgramData\l1753si1607dp7b5i638557ttqfuf7gkc4pe32
[2011/12/27 12:49:50 | 000,005,794 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\4k01037684kid866
[2011/12/27 12:49:50 | 000,005,794 | -HS- | C] () -- C:\ProgramData\4k01037684kid866
[2011/12/25 13:35:14 | 000,001,454 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/12/25 13:35:14 | 000,001,454 | -HS- | C] () -- C:\ProgramData\ob67akwv7ou5114we4760jn1oi7nx4o7
[2011/12/19 17:20:42 | 000,001,050 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\583245u2n608s086t778j7xav0k2
[2011/12/19 17:20:42 | 000,001,050 | -HS- | C] () -- C:\ProgramData\583245u2n608s086t778j7xav0k2
[2011/12/17 20:07:41 | 000,010,706 | -HS- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\k1br65e4mg5xxg
[2011/12/17 20:07:41 | 000,010,706 | -HS- | C] () -- C:\ProgramData\k1br65e4mg5xxg
[2011/09/14 18:45:25 | 000,114,731 | ---- | C] () -- C:\Windows\SysWow64\ssdh.dll
[2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/02 13:10:53 | 000,000,132 | ---- | C] () -- C:\Users\Gideon and Ethan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/12 14:20:25 | 000,001,940 | ---- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/26 12:55:40 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/05 21:02:07 | 000,000,132 | ---- | C] () -- C:\Users\Gideon and Ethan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/04 13:01:07 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/07/23 17:22:44 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/21 20:56:58 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/21 20:56:57 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/07/21 20:56:57 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/19 16:32:36 | 000,000,000 | ---- | C] () -- C:\Windows\Twister.INI
[2010/06/22 20:52:00 | 000,000,554 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/15 16:58:31 | 000,000,000 | ---- | C] () -- C:\Windows\Ransom.INI
[2010/06/15 15:00:12 | 000,001,667 | ---- | C] () -- C:\Windows\Game.ini
[2010/06/14 17:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2010/05/22 11:22:14 | 000,001,456 | ---- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/04/23 23:41:12 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\Sims2Pack Clean Installer.ini
[2010/04/12 17:54:10 | 000,247,296 | ---- | C] () -- C:\Users\Gideon and Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 23:18:54 | 000,202,389 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/03/23 23:18:54 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/03/23 22:49:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/23 20:27:13 | 000,974,848 | R--- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2010/03/23 20:27:13 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ogg.dll
[2010/03/23 20:27:13 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\vorbisfile.dll
[2010/03/23 18:20:55 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2010/03/17 20:32:50 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/17 20:32:50 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/03/17 20:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/03/04 16:33:34 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\.minecraft
[2010/08/01 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Atari
[2012/01/08 20:28:27 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Audacity
[2012/03/02 23:55:42 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Babylon
[2011/06/10 14:55:07 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/02 23:56:24 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Complitly
[2010/06/17 15:24:23 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Facebook
[2010/06/30 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\GetRightToGo
[2010/04/08 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Greyfirst
[2011/09/16 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\gtk-2.0
[2011/07/26 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\ImgBurn
[2010/08/01 20:39:19 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Leadertech
[2011/11/20 14:20:41 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Lionhead Studios
[2011/10/06 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\ooVoo Details
[2012/03/10 11:59:51 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Origin
[2012/02/25 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Publish Providers
[2012/02/25 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Sony
[2011/12/11 13:12:14 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Sony Creative Software
[2010/05/22 11:34:37 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\SPORE
[2010/06/02 18:56:43 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/29 15:56:04 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Stella
[2012/01/03 20:04:59 | 000,000,000 | ---D | M] -- C:\Users\Gideon and Ethan\AppData\Roaming\Tific
[2011/07/26 12:15:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP