[therican]

I had previously posted this in the Operating System>Windows 7 forum here. Thanks to Macboatmaster for all his help, he has determined that a post in the malware forum should better take care of my problem.

Hello everyone

I have a friends Sony Vaio laptop,Core 2 Duo and running Windows 7 Home Premium. The problem is that I once I login to the users account I get "Windows Explorer has stopped working". Then when I open the "Task Manager" and try to run explorer.exe "Task Manager has stopped working" pops up. I can get into safe mode but I am unable to access the usb or dvd drive. Also I am unable to a click on any icon or run an OTL.

Microsoft Help and Support pops up:
C:\Users\Zulainy\AppData\Local\Temp\WER7F9A.tmp.WERInternalMetadata.xml
C:\Users\Zulainy\AppData\Local\Temp\WER95AB.tmp.appcompat.txt
C:\Users\Zulainy\AppData\Local\Temp\WER9619.tmp.mdmp

I tried using the recovery cd to find a restore point but none were available. I hope a factory restore is not the only option I have.



Many thanks in advanced

Edited by therican, 05 April 2012 - 12:42 PM.

[Advertisements]

Hello, therican!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for therican only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Please print out these instructions so that you know what you are doing.

• Download OTLPEStd.exe to your desktop.
• Ensure that you have a blank CD in the drive.
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  
• Reboot your system using the boot CD you just created.
  Note: If you do not know how to set your computer to boot from CD follow the steps here.
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads.
  
• Your system should now display a Reatogo desktop.
  Note: As you are running from CD it is not exactly speedy.
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location.
• When asked "Do you wish to load the remote registry", select Yes.
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
• OTL should now start.
• Press Quick Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt.
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it.
• You can backup any files that you wish from this OS.
• Please post the contents of the C:\OTL.txt file in your reply.

[Nedklaw]

Hello, therican!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for therican only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Please print out these instructions so that you know what you are doing.

• Download OTLPEStd.exe to your desktop.
• Ensure that you have a blank CD in the drive.
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  
• Reboot your system using the boot CD you just created.
  Note: If you do not know how to set your computer to boot from CD follow the steps here.
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads.
  
• Your system should now display a Reatogo desktop.
  Note: As you are running from CD it is not exactly speedy.
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location.
• When asked "Do you wish to load the remote registry", select Yes.
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
• OTL should now start.
• Press Quick Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt.
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it.
• You can backup any files that you wish from this OS.
• Please post the contents of the C:\OTL.txt file in your reply.

[therican]

Here is the OTL log you requested

OTL logfile created on: 4/6/2012 9:36:14 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.39 Mb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 455.23 Gb Total Space | 406.11 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/22 18:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/31 16:02:00 | 000,382,976 | ---- | M] (Marvell) [Auto] -- D:\Windows\System32\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 18:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 18:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 22:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/29 20:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand] -- D:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/27 20:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 20:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 20:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 20:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 20:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 14:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 14:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 14:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 19:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 15:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 15:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 15:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- D:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- D:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/03 17:40:05 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2012/01/26 09:43:31 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/27 02:41:48 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/12/27 02:41:48 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/12/27 02:41:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/12/27 02:41:48 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/06 16:20:13 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/31 16:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 16:10:23 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\system32\DRIVERS\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/07/31 16:10:18 | 000,091,648 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\system32\DRIVERS\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/07/31 16:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/05 16:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/05/26 18:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/17 00:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- D:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/27 13:57:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\EX64.SYS -- (NAVEX15)
DRV - [2012/01/27 13:57:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\ENG64.SYS -- (NAVENG)
DRV - [2012/01/26 05:30:42 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120224.002\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





IE - HKU\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKU\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
IE - HKU\Zulainy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/02/03 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/07 19:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/02/07 19:26:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\Zulainy_ON_D\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Zulainy_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] D:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] D:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] D:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\Administrator_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Zulainy_ON_D..\Run: [Facebook Update] D:\Users\Zulainy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Zulainy_ON_D..\Run: [ooVoo.exe] D:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\Administrator_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - D:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 03:00:33 | 000,000,000 | ---D | C] -- D:\Windows\CheckSur
[2012/03/10 22:25:45 | 000,000,000 | ---D | C] -- D:\Users\Zulainy\AppData\Roaming\U3

========== Files - Modified Within 30 Days ==========

[2012/04/06 08:21:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/04/06 08:20:52 | 3195,297,792 | -HS- | M] () -- D:\hiberfil.sys
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 14:29:05 | 000,000,916 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 08:07:34 | 000,009,888 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 08:07:34 | 000,009,888 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 08:07:11 | 000,624,178 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/04 08:07:11 | 000,106,522 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/04/03 21:14:44 | 000,002,411 | ---- | M] () -- D:\Users\Zulainy\Desktop\Google Chrome.lnk
[2012/04/03 21:13:00 | 000,000,864 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/03 16:57:20 | 000,450,800 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/03/16 17:31:41 | 000,001,437 | ---- | M] () -- D:\Users\Zulainy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2012/03/10 22:25:13 | 000,000,400 | ---- | M] () -- D:\Users\Zulainy\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/03/19 09:53:36 | 001,390,080 | ---- | C] () -- D:\Windows\System32\wininet.dll
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2012/03/14 20:27:30 | 000,000,936 | ---- | C] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/03/14 20:27:30 | 000,000,914 | ---- | C] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/02/25 20:38:28 | 000,000,000 | ---- | C] () -- D:\Windows\pcfriend.INI
[2012/02/05 22:00:19 | 000,000,400 | ---- | C] () -- D:\Users\Zulainy\AppData\Roaming\wklnhst.dat
[2012/02/04 18:08:39 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/12/27 02:31:47 | 000,000,000 | ---- | C] () -- D:\Windows\VAIOUpdt.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- D:\Windows\SysWow64\Iticheck.dll

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/02/17 10:59:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/12/27 02:15:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Uninstall
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2009/07/14 01:08:49 | 000,023,334 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

[Nedklaw]

Hi.


Step 1

• Start OTLPE as you did previously from the CD.
• Copy the text in the code box below into the Custom scans and fixes box.

:OTL 
IE - HKU\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
O3 - HKU\Zulainy_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

• Let the program run unhindered and reboot your computer.
• A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in your next reply.

Step 2

• Open OTL again.
• Select Scan All Users.
• Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt.
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it.
• You can backup any files that you wish from this OS.
• Please post the contents of the C:\OTL.txt file in your reply.

Things I want to see in your next reply

• OTL Fix Log
• OTL.txt

[therican]

Hello again,

Here are the logs you requested

OTL Fix Log

OTL logfile created on: 4/7/2012 12:23:07 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.39 Mb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.23% Space Free | Partition Type: FAT
Drive E: | 455.23 Gb Total Space | 406.21 Gb Free Space | 89.23% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/22 18:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/31 16:02:00 | 000,382,976 | ---- | M] (Marvell) [Auto] -- E:\Windows\System32\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 18:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 18:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 22:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/29 20:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto] -- E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- E:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/27 20:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 20:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 20:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 20:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 20:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 14:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 14:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 14:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 19:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 15:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 15:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 15:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- E:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- E:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/03 17:40:05 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2012/01/26 09:43:31 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/27 02:41:48 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/12/27 02:41:48 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot] -- E:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/12/27 02:41:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/12/27 02:41:48 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/06 16:20:13 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/31 16:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 16:10:23 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\system32\DRIVERS\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/07/31 16:10:18 | 000,091,648 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\system32\DRIVERS\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/07/31 16:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand] -- E:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/05 16:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/05/26 18:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/17 00:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- E:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/27 13:57:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\EX64.SYS -- (NAVEX15)
DRV - [2012/01/27 13:57:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\ENG64.SYS -- (NAVENG)
DRV - [2012/01/26 05:30:42 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120224.002\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





IE - HKU\Zulainy_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKU\Zulainy_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
IE - HKU\Zulainy_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/02/03 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/07 19:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/02/07 19:26:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\Zulainy_ON_E\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Zulainy_ON_E\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] E:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] E:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] E:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] E:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\Administrator_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Zulainy_ON_E..\Run: [Facebook Update] E:\Users\Zulainy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Zulainy_ON_E..\Run: [ooVoo.exe] E:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\Administrator_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - E:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 22:59:01 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/04/06 22:56:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2012/04/06 22:56:06 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/04/04 03:00:33 | 000,000,000 | ---D | C] -- E:\Windows\CheckSur
[2012/03/19 09:53:41 | 000,096,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/03/19 09:53:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/03/19 09:53:39 | 002,308,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/03/19 09:53:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/03/19 09:53:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2012/03/19 09:53:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/03/19 09:53:38 | 001,798,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2012/03/19 09:53:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/03/19 09:53:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript.dll
[2012/03/19 09:53:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/03/19 09:53:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/03/19 09:53:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2012/03/16 03:02:34 | 000,162,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2012/03/16 03:02:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msls31.dll
[2012/03/16 03:02:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dat
[2012/03/16 03:02:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/03/16 03:02:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/03/16 03:02:33 | 000,603,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2012/03/16 03:02:33 | 000,580,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/03/16 03:02:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/03/16 03:02:33 | 000,452,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/03/16 03:02:33 | 000,448,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/03/16 03:02:33 | 000,434,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2012/03/16 03:02:33 | 000,367,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\html.iec
[2012/03/16 03:02:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2012/03/16 03:02:33 | 000,282,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/03/16 03:02:33 | 000,267,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/03/16 03:02:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieaksie.dll
[2012/03/16 03:02:33 | 000,223,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2012/03/16 03:02:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/03/16 03:02:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/03/16 03:02:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/03/16 03:02:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/03/16 03:02:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakui.dll
[2012/03/16 03:02:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/03/16 03:02:33 | 000,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/03/16 03:02:33 | 000,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/03/16 03:02:33 | 000,152,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\wextract.exe
[2012/03/16 03:02:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iexpress.exe
[2012/03/16 03:02:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\occache.dll
[2012/03/16 03:02:33 | 000,145,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/03/16 03:02:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2012/03/16 03:02:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakeng.dll
[2012/03/16 03:02:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\occache.dll
[2012/03/16 03:02:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iepeers.dll
[2012/03/16 03:02:33 | 000,114,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/03/16 03:02:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/03/16 03:02:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/03/16 03:02:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\admparse.dll
[2012/03/16 03:02:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/03/16 03:02:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesysprep.dll
[2012/03/16 03:02:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/03/16 03:02:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\icardie.dll
[2012/03/16 03:02:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inseng.dll
[2012/03/16 03:02:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tdc.ocx
[2012/03/16 03:02:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2012/03/16 03:02:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ie4uinit.exe
[2012/03/16 03:02:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\icardie.dll
[2012/03/16 03:02:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/03/16 03:02:33 | 000,063,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\tdc.ocx
[2012/03/16 03:02:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\pngfilt.dll
[2012/03/16 03:02:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmler.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/03/16 03:02:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/03/16 03:02:33 | 000,035,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\imgutil.dll
[2012/03/16 03:02:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2012/03/16 03:02:33 | 000,030,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/03/16 03:02:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\licmgr10.dll
[2012/03/16 03:02:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshta.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeedssync.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/03/13 23:07:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2012/03/13 23:07:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 23:07:42 | 003,913,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 20:56:52 | 001,544,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DWrite.dll
[2012/03/13 20:56:52 | 001,077,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\DWrite.dll
[2012/03/13 14:57:34 | 001,031,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcore.dll
[2012/03/13 14:57:34 | 000,826,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\rdpcore.dll
[2012/03/13 14:57:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2012/03/13 14:57:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpwsx.dll
[2012/03/13 14:57:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdrmemptylst.exe
[2012/03/10 22:25:45 | 000,000,000 | ---D | C] -- E:\Users\Zulainy\AppData\Roaming\U3

========== Files - Modified Within 30 Days ==========

[2012/04/06 21:45:38 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/04/06 21:43:47 | 3195,297,792 | -HS- | M] () -- E:\hiberfil.sys
[2012/04/06 21:39:27 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 21:39:27 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 14:29:05 | 000,000,916 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 08:07:11 | 000,624,178 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/04/04 08:07:11 | 000,106,522 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/04/03 21:14:44 | 000,002,411 | ---- | M] () -- E:\Users\Zulainy\Desktop\Google Chrome.lnk
[2012/04/03 21:13:00 | 000,000,864 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/03 16:57:20 | 000,450,800 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/03/16 17:31:41 | 000,001,437 | ---- | M] () -- E:\Users\Zulainy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/16 03:02:34 | 000,162,304 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2012/03/16 03:02:34 | 000,161,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msls31.dll
[2012/03/16 03:02:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dat
[2012/03/16 03:02:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/03/16 03:02:33 | 000,697,344 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/03/16 03:02:33 | 000,603,648 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2012/03/16 03:02:33 | 000,580,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/03/16 03:02:33 | 000,534,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/03/16 03:02:33 | 000,452,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/03/16 03:02:33 | 000,448,512 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/03/16 03:02:33 | 000,434,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2012/03/16 03:02:33 | 000,367,104 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\html.iec
[2012/03/16 03:02:33 | 000,353,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2012/03/16 03:02:33 | 000,282,112 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/03/16 03:02:33 | 000,267,776 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/03/16 03:02:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieaksie.dll
[2012/03/16 03:02:33 | 000,223,232 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2012/03/16 03:02:33 | 000,222,208 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/03/16 03:02:33 | 000,197,120 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/03/16 03:02:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/03/16 03:02:33 | 000,165,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/03/16 03:02:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakui.dll
[2012/03/16 03:02:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/03/16 03:02:33 | 000,160,256 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/03/16 03:02:33 | 000,160,256 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/03/16 03:02:33 | 000,152,064 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\wextract.exe
[2012/03/16 03:02:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iexpress.exe
[2012/03/16 03:02:33 | 000,149,504 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\occache.dll
[2012/03/16 03:02:33 | 000,145,920 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/03/16 03:02:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2012/03/16 03:02:33 | 000,135,168 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakeng.dll
[2012/03/16 03:02:33 | 000,123,392 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\occache.dll
[2012/03/16 03:02:33 | 000,118,784 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iepeers.dll
[2012/03/16 03:02:33 | 000,114,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/03/16 03:02:33 | 000,111,616 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/03/16 03:02:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/03/16 03:02:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\admparse.dll
[2012/03/16 03:02:33 | 000,091,648 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/03/16 03:02:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iesysprep.dll
[2012/03/16 03:02:33 | 000,085,504 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/03/16 03:02:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\icardie.dll
[2012/03/16 03:02:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\inseng.dll
[2012/03/16 03:02:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\tdc.ocx
[2012/03/16 03:02:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2012/03/16 03:02:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ie4uinit.exe
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- E:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- E:\Windows\System32\ieuinit.inf
[2012/03/16 03:02:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\icardie.dll
[2012/03/16 03:02:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/03/16 03:02:33 | 000,063,488 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\tdc.ocx
[2012/03/16 03:02:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\pngfilt.dll
[2012/03/16 03:02:33 | 000,049,664 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmler.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/03/16 03:02:33 | 000,039,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/03/16 03:02:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\imgutil.dll
[2012/03/16 03:02:33 | 000,031,744 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2012/03/16 03:02:33 | 000,030,720 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/03/16 03:02:33 | 000,023,552 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\licmgr10.dll
[2012/03/16 03:02:33 | 000,012,288 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshta.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeedssync.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/03/10 22:25:13 | 000,000,400 | ---- | M] () -- E:\Users\Zulainy\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/03/19 09:53:36 | 001,390,080 | ---- | C] () -- E:\Windows\System32\wininet.dll
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- E:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- E:\Windows\System32\ieuinit.inf
[2012/03/14 20:27:30 | 000,000,936 | ---- | C] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/03/14 20:27:30 | 000,000,914 | ---- | C] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/02/25 20:38:28 | 000,000,000 | ---- | C] () -- E:\Windows\pcfriend.INI
[2012/02/05 22:00:19 | 000,000,400 | ---- | C] () -- E:\Users\Zulainy\AppData\Roaming\wklnhst.dat
[2012/02/04 18:08:39 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/12/27 02:31:47 | 000,000,000 | ---- | C] () -- E:\Windows\VAIOUpdt.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- E:\Windows\SysWow64\Iticheck.dll

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/02/17 10:59:53 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/12/27 02:15:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2009/07/14 01:08:49 | 000,024,078 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- E:\OTLPE.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- E:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- E:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- E:\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- E:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*

< >C:\commands.txt echo list vol /raw /hide /c >

< /wait >
Invalid Switch: wait

< >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c >

< /wait >
Invalid Switch: wait


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: REATOGO
The disk management services could not complete the operation.

< /wait >
Invalid Switch: wait


< erase c:\commands.txt /hide /c >

< /wait >
Invalid Switch: wait


< erase c:\diskreport.txt /hide /c >

< CREATERESTOREPOINT >

< End of report >



And the OTL.txt

OTL logfile created on: 4/7/2012 12:23:07 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.39 Mb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.23% Space Free | Partition Type: FAT
Drive E: | 455.23 Gb Total Space | 406.21 Gb Free Space | 89.23% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/22 18:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/31 16:02:00 | 000,382,976 | ---- | M] (Marvell) [Auto] -- E:\Windows\System32\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 18:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 18:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 22:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/29 20:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto] -- E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- E:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/27 20:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 20:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 20:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 20:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 20:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 14:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 14:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 14:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 19:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 15:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 15:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 15:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- E:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- E:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/03 17:40:05 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2012/01/26 09:43:31 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/27 02:41:48 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/12/27 02:41:48 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot] -- E:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/12/27 02:41:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/12/27 02:41:48 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/06 16:20:13 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/31 16:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 16:10:23 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\system32\DRIVERS\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/07/31 16:10:18 | 000,091,648 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\system32\DRIVERS\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/07/31 16:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand] -- E:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/05 16:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/05/26 18:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/17 00:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- E:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/27 13:57:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\EX64.SYS -- (NAVEX15)
DRV - [2012/01/27 13:57:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\ENG64.SYS -- (NAVENG)
DRV - [2012/01/26 05:30:42 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120224.002\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





IE - HKU\Zulainy_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKU\Zulainy_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
IE - HKU\Zulainy_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/02/03 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/07 19:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/02/07 19:26:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\Zulainy_ON_E\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Zulainy_ON_E\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] E:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] E:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] E:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] E:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\Administrator_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Zulainy_ON_E..\Run: [Facebook Update] E:\Users\Zulainy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Zulainy_ON_E..\Run: [ooVoo.exe] E:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\Administrator_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - E:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 22:59:01 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/04/06 22:56:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2012/04/06 22:56:06 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/04/04 03:00:33 | 000,000,000 | ---D | C] -- E:\Windows\CheckSur
[2012/03/19 09:53:41 | 000,096,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/03/19 09:53:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/03/19 09:53:39 | 002,308,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/03/19 09:53:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/03/19 09:53:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2012/03/19 09:53:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/03/19 09:53:38 | 001,798,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2012/03/19 09:53:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/03/19 09:53:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript.dll
[2012/03/19 09:53:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/03/19 09:53:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/03/19 09:53:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2012/03/16 03:02:34 | 000,162,304 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2012/03/16 03:02:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msls31.dll
[2012/03/16 03:02:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dat
[2012/03/16 03:02:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/03/16 03:02:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/03/16 03:02:33 | 000,603,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2012/03/16 03:02:33 | 000,580,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/03/16 03:02:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/03/16 03:02:33 | 000,452,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/03/16 03:02:33 | 000,448,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/03/16 03:02:33 | 000,434,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2012/03/16 03:02:33 | 000,367,104 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\html.iec
[2012/03/16 03:02:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2012/03/16 03:02:33 | 000,282,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/03/16 03:02:33 | 000,267,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/03/16 03:02:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieaksie.dll
[2012/03/16 03:02:33 | 000,223,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2012/03/16 03:02:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/03/16 03:02:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/03/16 03:02:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/03/16 03:02:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/03/16 03:02:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakui.dll
[2012/03/16 03:02:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/03/16 03:02:33 | 000,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/03/16 03:02:33 | 000,160,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/03/16 03:02:33 | 000,152,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\wextract.exe
[2012/03/16 03:02:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iexpress.exe
[2012/03/16 03:02:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\occache.dll
[2012/03/16 03:02:33 | 000,145,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/03/16 03:02:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2012/03/16 03:02:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakeng.dll
[2012/03/16 03:02:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\occache.dll
[2012/03/16 03:02:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iepeers.dll
[2012/03/16 03:02:33 | 000,114,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/03/16 03:02:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/03/16 03:02:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/03/16 03:02:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\admparse.dll
[2012/03/16 03:02:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/03/16 03:02:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesysprep.dll
[2012/03/16 03:02:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/03/16 03:02:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\icardie.dll
[2012/03/16 03:02:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inseng.dll
[2012/03/16 03:02:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tdc.ocx
[2012/03/16 03:02:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2012/03/16 03:02:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ie4uinit.exe
[2012/03/16 03:02:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\icardie.dll
[2012/03/16 03:02:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/03/16 03:02:33 | 000,063,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\tdc.ocx
[2012/03/16 03:02:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\pngfilt.dll
[2012/03/16 03:02:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmler.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/03/16 03:02:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/03/16 03:02:33 | 000,035,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\imgutil.dll
[2012/03/16 03:02:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2012/03/16 03:02:33 | 000,030,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/03/16 03:02:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\licmgr10.dll
[2012/03/16 03:02:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshta.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeedssync.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/03/13 23:07:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2012/03/13 23:07:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 23:07:42 | 003,913,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 20:56:52 | 001,544,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DWrite.dll
[2012/03/13 20:56:52 | 001,077,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\DWrite.dll
[2012/03/13 14:57:34 | 001,031,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcore.dll
[2012/03/13 14:57:34 | 000,826,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\rdpcore.dll
[2012/03/13 14:57:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2012/03/13 14:57:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpwsx.dll
[2012/03/13 14:57:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdrmemptylst.exe
[2012/03/10 22:25:45 | 000,000,000 | ---D | C] -- E:\Users\Zulainy\AppData\Roaming\U3

========== Files - Modified Within 30 Days ==========

[2012/04/06 21:45:38 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/04/06 21:43:47 | 3195,297,792 | -HS- | M] () -- E:\hiberfil.sys
[2012/04/06 21:39:27 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 21:39:27 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 14:29:05 | 000,000,916 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/04/04 08:07:11 | 000,624,178 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/04/04 08:07:11 | 000,106,522 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/04/03 21:14:44 | 000,002,411 | ---- | M] () -- E:\Users\Zulainy\Desktop\Google Chrome.lnk
[2012/04/03 21:13:00 | 000,000,864 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/03 16:57:20 | 000,450,800 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/03/16 17:31:41 | 000,001,437 | ---- | M] () -- E:\Users\Zulainy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/16 03:02:34 | 000,162,304 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2012/03/16 03:02:34 | 000,161,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msls31.dll
[2012/03/16 03:02:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dat
[2012/03/16 03:02:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2012/03/16 03:02:33 | 000,697,344 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/03/16 03:02:33 | 000,603,648 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2012/03/16 03:02:33 | 000,580,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/03/16 03:02:33 | 000,534,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2012/03/16 03:02:33 | 000,452,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2012/03/16 03:02:33 | 000,448,512 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2012/03/16 03:02:33 | 000,434,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2012/03/16 03:02:33 | 000,367,104 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\html.iec
[2012/03/16 03:02:33 | 000,353,792 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2012/03/16 03:02:33 | 000,282,112 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2012/03/16 03:02:33 | 000,267,776 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieaksie.dll
[2012/03/16 03:02:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieaksie.dll
[2012/03/16 03:02:33 | 000,223,232 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2012/03/16 03:02:33 | 000,222,208 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2012/03/16 03:02:33 | 000,197,120 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2012/03/16 03:02:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/03/16 03:02:33 | 000,165,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2012/03/16 03:02:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakui.dll
[2012/03/16 03:02:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakui.dll
[2012/03/16 03:02:33 | 000,160,256 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2012/03/16 03:02:33 | 000,160,256 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieakeng.dll
[2012/03/16 03:02:33 | 000,152,064 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\wextract.exe
[2012/03/16 03:02:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iexpress.exe
[2012/03/16 03:02:33 | 000,149,504 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\occache.dll
[2012/03/16 03:02:33 | 000,145,920 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2012/03/16 03:02:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2012/03/16 03:02:33 | 000,135,168 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ieakeng.dll
[2012/03/16 03:02:33 | 000,123,392 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\occache.dll
[2012/03/16 03:02:33 | 000,118,784 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iepeers.dll
[2012/03/16 03:02:33 | 000,114,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\admparse.dll
[2012/03/16 03:02:33 | 000,111,616 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2012/03/16 03:02:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\IEAdvpack.dll
[2012/03/16 03:02:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2012/03/16 03:02:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\admparse.dll
[2012/03/16 03:02:33 | 000,091,648 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/16 03:02:33 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2012/03/16 03:02:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iesysprep.dll
[2012/03/16 03:02:33 | 000,085,504 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2012/03/16 03:02:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\icardie.dll
[2012/03/16 03:02:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\inseng.dll
[2012/03/16 03:02:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\tdc.ocx
[2012/03/16 03:02:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/16 03:02:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2012/03/16 03:02:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\ie4uinit.exe
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- E:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | M] () -- E:\Windows\System32\ieuinit.inf
[2012/03/16 03:02:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\icardie.dll
[2012/03/16 03:02:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2012/03/16 03:02:33 | 000,063,488 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\tdc.ocx
[2012/03/16 03:02:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\pngfilt.dll
[2012/03/16 03:02:33 | 000,049,664 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmler.dll
[2012/03/16 03:02:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2012/03/16 03:02:33 | 000,039,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2012/03/16 03:02:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\imgutil.dll
[2012/03/16 03:02:33 | 000,031,744 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2012/03/16 03:02:33 | 000,030,720 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2012/03/16 03:02:33 | 000,023,552 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\licmgr10.dll
[2012/03/16 03:02:33 | 000,012,288 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshta.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeedssync.exe
[2012/03/16 03:02:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2012/03/10 22:25:13 | 000,000,400 | ---- | M] () -- E:\Users\Zulainy\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/03/19 09:53:36 | 001,390,080 | ---- | C] () -- E:\Windows\System32\wininet.dll
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- E:\Windows\SysWow64\ieuinit.inf
[2012/03/16 03:02:33 | 000,072,822 | ---- | C] () -- E:\Windows\System32\ieuinit.inf
[2012/03/14 20:27:30 | 000,000,936 | ---- | C] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2012/03/14 20:27:30 | 000,000,914 | ---- | C] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/02/25 20:38:28 | 000,000,000 | ---- | C] () -- E:\Windows\pcfriend.INI
[2012/02/05 22:00:19 | 000,000,400 | ---- | C] () -- E:\Users\Zulainy\AppData\Roaming\wklnhst.dat
[2012/02/04 18:08:39 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/12/27 02:31:47 | 000,000,000 | ---- | C] () -- E:\Windows\VAIOUpdt.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- E:\Windows\SysWow64\Iticheck.dll

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/02/17 10:59:53 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/12/27 02:15:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2012/03/20 03:08:17 | 000,000,914 | ---- | M] () -- E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
[2012/04/04 14:29:05 | 000,000,936 | ---- | M] () -- E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
[2009/07/14 01:08:49 | 000,024,078 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- E:\OTLPE.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- E:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- E:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- E:\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- E:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*

< >C:\commands.txt echo list vol /raw /hide /c >

< /wait >
Invalid Switch: wait

< >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c >

< /wait >
Invalid Switch: wait


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: REATOGO
The disk management services could not complete the operation.

< /wait >
Invalid Switch: wait


< erase c:\commands.txt /hide /c >

< /wait >
Invalid Switch: wait


< erase c:\diskreport.txt /hide /c >

< CREATERESTOREPOINT >

< End of report >

[Nedklaw]

Hi.

Hmm nothing readily apparent there. I would like to run an AV scan outside of windows now - this will entail burning a CD.

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn


Install IMGBurn

• Double click Dr Web.
• IMGBurn will open.
• Burn the ISO to a CD.

• Reboot the infected computer with the CD in the drive.
• Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions.
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
  
  
  
• Use arrow keys to select DrWeb-LiveCD (Default).
• When the system is loaded, check the disks or folders you want to scan, and click on Start.
  
  
  
• The programme will now scan for and cure/delete any malware that it finds. Allow it to do so but take note of any malware that it finds. Let me know what Dr Web finds (if anything) in your next reply?
• Once completed, try to reboot to normal windows.
• No log is produced so let me know if your problems persist.

Things I want to see in your next reply

• What Dr Web finds?
• Update on your problems - can you boot into Normal Mode?

[therican]

This is what Dr Web found.

And as soon as I login the desktop shows "Windows Explorer has stopped working"

Edited by therican, 08 April 2012 - 05:56 AM.

[Nedklaw]

Hi.

• Start OTLPE as you did previously from the CD.
• Copy the text in the code box below into the Custom scans and fixes box.

:OTL 
IE - HKU\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
O3 - HKU\Zulainy_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Files
E:\Windows\explorer.exe|E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe /replace
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

• Let the program run unhindered and reboot your computer.
• A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in your next reply.

Try Normal Mode now after the fix and see if it works?


Things I want to see in your next reply

• OTL Fix Log
• Does Normal Mode work?

[therican]

Hello Nedklaw,

Here is the OTL Fix Log.

Still have the same problem in normal mode. I did get some Norton popups saying that antivirus and firewall were off. So I guess were heading in the right direction.

========== OTL ==========
Unable to set value : HKU\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry key HKEY_USERS\Zulainy_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
Unable to replace file: E:\Windows\explorer.exe with E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe without a reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: JOSE LUIS
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Zulainy
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

Error: Unable to interpret <[CREATERESTOREPOINT] > in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 04082012_235158

[Nedklaw]

Hi.
It looks like the file replacement didn't work so we will do it manually.

• Boot up from the CD.
• Navigate to E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe <-- right click this file and select Copy.
• Now navigate to E:\Windows\explorer.exe <-- right click the file and select rename. Rename the file explorer.vir.
• Now right click in an empty space in the Windows folder and select Paste. This will paste the explorer.exe file you copied earlier.
• When done reboot in Normal Mode and let me know if the problem persists.

[therican]

When I try to rename the file it tells me "Cannot rename folder: Access is denied"

[Nedklaw]

Hi.
I just need to ask you some questions so I can decide on our next route.

Can you get into Safe Mode and download a file from the internet?
If you can download something, are you able to run it?

Edited by Nedklaw, 09 April 2012 - 07:58 AM.

[therican]

Nope, I am unable to start ant program from the start menu at this time.

[Nedklaw]

Hi.

• Can you run Internet Explorer from Task Manager by starting iexplore.exe?
• If you can download a program off the internet, can you click on its icon on the desktop?
• Can you run a program from the Task Manager using the following command: %userprofile%\desktop and then by selecting a file from the list by clicking the drop down arrow?

[therican]

Hello

Can't run run Internet Explorer from Task Manager.
Can't get any icon on the desktop to work, after 5 seconds the screen flickers and stops everything that I try to run.
Can't run a program from the Task Manager using the following command: %userprofile%\desktop.