Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search redirect. Help please. [Solved]

Started by StrifeX , Jun 05 2012 10:08 PM

  • This topic is locked This topic is locked

#16
StrifeX
Posted 07 June 2012 - 11:17 AM

StrifeX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malware keeps telling me that this file in my temp folder is a rootkit. Its called {E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb and it wont let me delete it.
  • 0

Advertisements

#17
azarl
Posted 07 June 2012 - 11:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#18
StrifeX
Posted 07 June 2012 - 03:48 PM

StrifeX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here you go.

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 16:42:34
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-27] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-27] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-03-27] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Good\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-07] (Google Inc.)
HKU\Good\...\Run: [Google Update] "C:\Users\Good\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-20] (Google Inc.)
HKU\Washugirle\...\Run: [Google Update] "C:\Users\Washugirle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-02] (Google Inc.)
HKU\Washugirle\...\Run: [Facebook Update] "C:\Users\Washugirle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-10-16] (Facebook Inc.)
HKU\Washugirle\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [498688 2011-06-14] (Red Bend Ltd.)
2 GTSCSER; C:\Windows\System32\zdeviceservice.dll [5120 2009-07-13] (Iomega) ATTENTION! ====> ZeroAccess
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-11-05] (Intel Corporation)
2 IconMan_R; "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [1817088 2011-03-27] (Realsil Microelectronics Inc.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [110736 2010-05-20] (InterVideo)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" [53248 2012-02-09] (Digital Delivery Networks, Inc.)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [398176 2010-11-26] (Sony Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [113824 2011-02-21] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67232 2011-02-21] (Sony Corporation)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [286936 2011-01-20] (Sony Corporation)
2 TBPanel; C:\Windows\System32\usbohci.dll [5120 2009-07-13] (Iomega) ATTENTION! ====> ZeroAccess
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-13] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [64704 2011-03-05] (Sony Corporation)
3 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [887000 2011-01-20] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [549616 2011-05-19] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [385336 2011-02-18] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [99104 2011-02-18] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [44736 2011-02-14] (Sony Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [969352 2011-07-04] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1021112 2011-03-30] (Sony Corporation)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [986112 2011-06-14] (Intel® Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [84480 2011-05-19] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [182272 2011-05-19] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [83968 2011-05-19] (Intel Corporation)
3 e1yexpress; C:\Windows\System32\DRIVERS\e1y60x64.sys [281088 2009-06-10] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-04] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120501.001\IDSvia64.sys [488568 2012-04-27] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120501.019\ENG64.SYS [117880 2012-03-07] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120501.019\EX64.SYS [2048632 2012-03-07] (Symantec Corporation)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8505856 2010-12-21] (Intel Corporation)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [333928 2011-03-27] (Realtek Semiconductor Corp.)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-11-10] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [42392 2010-12-01] (Intel Corporation)

========================== NetSvcs (Whitelisted) ===========

NETSVC: TBPanel -> C:\Windows\system32\usbohci.dll (Iomega) ATTENTION! ====> ZeroAccess
NETSVC: GTSCSER -> C:\Windows\system32\zdeviceservice.dll (Iomega) ATTENTION! ====> ZeroAccess

============ One Month Created Files and Folders ==============

2012-06-07 13:30 - 2012-06-07 13:30 - 01396571 ____A C:\Users\Good\Downloads\FRST64.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 01191454 ____A C:\Users\Good\Downloads\WAPS Calculator Macro Free.xlsx
2012-06-07 09:29 - 2012-06-07 09:34 - 00000000 ____D C:\Users\Good\AppData\Local\CrashDumps
2012-06-07 02:56 - 2012-06-07 02:56 - 00066558 ____A C:\Users\Good\Desktop\Extras.Txt
2012-06-07 02:52 - 2012-06-07 02:52 - 00131824 ____A C:\Users\Good\Desktop\OTL.Txt
2012-06-07 02:46 - 2012-06-07 02:46 - 00595456 ____A (OldTimer Tools) C:\Users\Good\Desktop\OTL.exe
2012-06-06 16:07 - 2012-06-06 16:07 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 16:06 - 2012-06-06 16:06 - 00000000 ____D C:\Qoobox
2012-06-06 15:59 - 2012-06-06 16:00 - 04538658 ____R (Swearware) C:\Users\Good\Desktop\ComboFix.exe
2012-06-06 15:59 - 2012-06-06 15:59 - 00000000 ___SD C:\Users\Good\Desktop\32788R22FWJFW
2012-06-06 15:27 - 2012-06-06 15:27 - 00065536 __ASH C:\Windows\System32\config\components{66a38b7e-b028-11e1-bb76-78843c9db296}.TxR.blf
2012-06-06 14:01 - 2012-06-06 14:01 - 00000000 ____D C:\_OTL
2012-06-06 07:33 - 2012-06-06 17:28 - 00000000 ____D C:\Users\Good\AppData\Roaming\Spotify
2012-06-06 07:33 - 2012-06-06 13:37 - 00000000 ____D C:\Users\Good\AppData\Local\Spotify
2012-06-05 19:56 - 2012-06-05 19:56 - 00128514 ____A C:\Users\Good\Downloads\OTL.Txt
2012-06-05 19:08 - 2012-06-05 19:41 - 00001592 ____A C:\Users\Good\Desktop\GooredFix.txt
2012-06-05 19:08 - 2012-06-05 19:41 - 00000000 ____D C:\Users\Good\Desktop\GooredFix Backups
2012-06-05 19:03 - 2012-06-06 16:04 - 00000000 ____D C:\Users\Good\Desktop\Antivirus stuff
2012-06-05 19:00 - 2012-06-06 18:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-05 18:59 - 2012-06-05 18:59 - 00000000 ____D C:\Users\Good\AppData\Roaming\WinRAR
2012-06-05 18:51 - 2012-06-06 18:49 - 00000000 ____D C:\_OTM
2012-06-05 18:30 - 2012-06-05 18:30 - 00000000 ____D C:\!KillBox
2012-06-05 18:29 - 2012-06-05 18:29 - 01212200 ____A C:\Users\Good\Downloads\killbox-2-0-0-881-en-win.exe
2012-06-05 18:15 - 2012-06-05 18:15 - 00186946 ____A (Business Information Solutions) C:\Users\Good\Downloads\AntiPuper.exe
2012-06-05 18:14 - 2012-06-06 18:51 - 00000000 ____D C:\Program Files\CCleaner
2012-06-05 18:14 - 2012-06-05 18:14 - 03862112 ____A (Piriform Ltd) C:\Users\Good\Downloads\ccsetup319.exe
2012-06-05 18:12 - 2012-06-06 18:49 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-05 18:10 - 2012-06-05 18:10 - 01402880 ____A C:\Users\Good\Downloads\HijackThis.msi
2012-06-04 13:21 - 2012-06-04 13:21 - 00000224 ____A C:\Users\Good\Documents\url.htm
2012-06-04 09:35 - 2012-06-04 09:35 - 00000000 ____D C:\Users\Good\AppData\Local\Best Buy pc app
2012-06-03 19:47 - 2012-06-03 19:47 - 01028938 ____A C:\Users\Good\Downloads\slsk157NS13e.exe
2012-06-03 14:48 - 2012-06-03 14:48 - 76761968 ____A (Apple Inc.) C:\Users\Good\Downloads\iTunes64Setup.exe
2012-06-03 14:48 - 2012-06-03 14:48 - 00000000 ____D C:\Users\Good\AppData\Local\Apple Computer
2012-06-02 20:24 - 2012-06-07 13:31 - 00000000 ____D C:\Users\Good\AppData\Local\Windows Live
2012-06-02 07:26 - 2012-06-02 07:26 - 00000000 ____D C:\Users\Good\AppData\Local\Apple
2012-06-01 02:53 - 2012-06-01 02:53 - 00053248 ____A C:\Users\Good\Downloads\Parade_Lineup_for_Torchlight_Parade.doc
2012-06-01 02:53 - 2012-06-01 02:53 - 00000162 ___AH C:\Users\Good\Downloads\~$rade_Lineup_for_Torchlight_Parade.doc
2012-06-01 02:52 - 2012-06-07 13:36 - 00000000 ____D C:\Users\Good\AppData\Roaming\SoftGrid Client
2012-06-01 02:52 - 2012-06-01 02:52 - 00184320 ____A C:\Users\Good\Downloads\2012_parade_application.doc
2012-06-01 02:52 - 2012-06-01 02:52 - 00000000 ____D C:\Users\Good\AppData\Local\SoftGrid Client
2012-05-30 05:55 - 2012-05-30 05:55 - 00000000 ____D C:\Users\Good\AppData\Roaming\Malwarebytes
2012-05-29 19:13 - 2012-06-06 18:49 - 00000000 ____D C:\Users\Good\AppData\Roaming\Mozilla
2012-05-29 19:13 - 2012-05-29 19:13 - 00000000 ____D C:\Users\Good\AppData\Local\Mozilla
2012-05-29 19:12 - 2012-05-29 19:12 - 16339280 ____A (Mozilla) C:\Users\Good\Downloads\Firefox Setup 12.0.exe
2012-05-29 15:36 - 2012-06-07 12:41 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003UA.job
2012-05-29 15:36 - 2012-06-05 17:48 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003Core.job
2012-05-29 15:35 - 2012-06-06 18:49 - 00000000 ____D C:\Users\Good\AppData\Local\Google
2012-05-29 15:35 - 2012-05-29 15:36 - 00000000 ____D C:\Users\Good\AppData\Roaming\Google
2012-05-29 15:35 - 2012-05-29 15:35 - 00001544 ____A C:\Users\Good\AppData\Local\PDLSetup.20120529.183519.txt
2012-05-29 15:35 - 2012-05-29 15:35 - 00000000 ____D C:\Users\Good\AppData\Roaming\Adobe
2012-05-29 15:35 - 2012-05-29 15:35 - 00000000 ____D C:\Users\Good\AppData\Local\Intel Wireless Display
2012-05-29 15:33 - 2012-06-06 18:51 - 00000000 ____D C:\Users\Good\AppData\Roaming\Sony Corporation
2012-05-29 15:33 - 2012-06-06 18:51 - 00000000 ____D C:\Users\Good\AppData\Local\VirtualStore
2012-05-29 15:33 - 2012-06-06 18:49 - 00000000 ____D C:\Users\Good\AppData\Roaming\Intel
2012-05-29 15:33 - 2012-06-06 18:49 - 00000000 ____D C:\Users\Good\AppData\LocalLow
2012-05-29 15:33 - 2012-06-06 15:52 - 00000000 ____D C:\users\Good
2012-05-29 15:33 - 2012-06-05 19:04 - 00000000 ____D C:\Users\Good\AppData\Local\Deployment
2012-05-29 15:33 - 2012-06-03 14:53 - 00000000 ____D C:\Users\Good\AppData\Roaming\Apple Computer
2012-05-29 15:33 - 2012-05-29 15:33 - 00068792 ____A C:\Users\Good\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 15:33 - 2012-05-29 15:33 - 00000020 ___SH C:\Users\Good\ntuser.ini
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\Templates
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\Start Menu
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\PrintHood
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\NetHood
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\My Documents
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\Documents\My Videos
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\Documents\My Pictures
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\Documents\My Music
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\AppData\Local\Temporary Internet Files
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 __SHD C:\Users\Good\AppData\Local\History
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 ____D C:\Users\Good\AppData\Roaming\Intel Corporation
2012-05-29 15:33 - 2012-05-29 15:33 - 00000000 ____D C:\Users\Good\AppData\Local\Apps\2.0
2012-05-29 15:33 - 2012-02-05 08:13 - 00000000 ____D C:\Users\Good\AppData\Roaming\Macromedia
2012-05-29 15:33 - 2011-07-12 18:58 - 00000000 ____D C:\Users\Good\AppData\Roaming\Media Center Programs
2012-05-29 13:48 - 2012-06-06 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 13:48 - 2012-06-06 18:50 - 00000000 ____D C:\Users\Washugirle\AppData\Roaming\Malwarebytes
2012-05-29 13:48 - 2012-06-06 18:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-29 13:48 - 2012-05-29 13:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Washugirle\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-29 13:48 - 2012-05-29 13:48 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-29 13:48 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-26 13:29 - 2012-05-26 13:29 - 00739840 ____A (Google Inc.) C:\Users\Washugirle\Downloads\ChromeSetup(1).exe
2012-05-26 11:44 - 2012-06-06 18:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-26 11:39 - 2012-05-26 11:39 - 00739840 ____A (Google Inc.) C:\Users\Washugirle\Downloads\ChromeSetup.exe
2012-05-25 08:29 - 2012-05-25 08:37 - 00000000 ____D C:\Users\Washugirle\AppData\Local\{A6F6CD4F-A686-11E1-8270-B8AC6F996F26}
2012-05-25 08:29 - 2012-05-25 08:37 - 00000000 ____D C:\Users\Washugirle\AppData\Local\{A6F68A05-A686-11E1-8270-B8AC6F996F26}
2012-05-25 08:28 - 2012-05-25 08:37 - 00000000 ____D C:\Users\All Users\B7E858A70175273B0001518FB4EB2367
2012-05-15 17:09 - 2012-05-15 17:09 - 00000000 ____D C:\Users\Washugirle\AppData\Roaming\com.mcmguides.pdg.NCO.2011
2012-05-15 17:08 - 2012-05-15 17:08 - 00000981 ____A C:\Users\Public\Desktop\PDG GOLD NCO - 2011.lnk
2012-05-15 17:08 - 2012-05-15 17:08 - 00000000 ____D C:\Program Files (x86)\PDG GOLD NCO - 2011
2012-05-15 15:48 - 2012-06-06 18:51 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-15 15:44 - 2012-06-07 13:37 - 00000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-05-14 02:38 - 2012-05-14 02:38 - 00043976 ____A C:\Users\Good\AppData\Local\save_es.bmp
2012-05-14 02:38 - 2012-05-14 02:38 - 00043976 ____A C:\Users\Good\AppData\Local\save_en.bmp
2012-05-10 19:15 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 19:15 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-10 19:15 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-10 19:15 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 19:15 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 19:15 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-10 19:14 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 19:14 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


============ 3 Months Modified Files and Folders =============

2012-06-07 16:42 - 2012-06-07 16:42 - 0000000 ____D C:\FRST
2012-06-07 13:37 - 2012-05-15 15:44 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-06-07 13:37 - 2012-03-07 18:45 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-07 13:37 - 2011-10-02 15:27 - 3180220416 __ASH C:\hiberfil.sys
2012-06-07 13:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 13:37 - 2009-07-13 20:51 - 0067378 ____A C:\Windows\setupact.log
2012-06-07 13:36 - 2012-06-01 02:52 - 0000000 ____D C:\Users\Good\AppData\Roaming\SoftGrid Client
2012-06-07 13:36 - 2011-08-09 13:19 - 1659149 ____A C:\Windows\WindowsUpdate.log
2012-06-07 13:35 - 2009-07-13 20:45 - 0021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 13:35 - 2009-07-13 20:45 - 0021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 13:34 - 2011-10-02 16:56 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001UA.job
2012-06-07 13:32 - 2009-07-13 21:13 - 0779724 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 13:31 - 2012-06-02 20:24 - 0000000 ____D C:\Users\Good\AppData\Local\Windows Live
2012-06-07 13:31 - 2012-03-07 18:45 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 13:30 - 2012-06-07 13:30 - 1396571 ____A C:\Users\Good\Downloads\FRST64.exe
2012-06-07 12:41 - 2012-05-29 15:36 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003UA.job
2012-06-07 12:33 - 2011-10-16 18:17 - 0000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001UA.job
2012-06-07 09:34 - 2012-06-07 09:29 - 0000000 ____D C:\Users\Good\AppData\Local\CrashDumps
2012-06-07 09:33 - 2012-06-07 09:33 - 1191454 ____A C:\Users\Good\Downloads\WAPS Calculator Macro Free.xlsx
2012-06-07 02:56 - 2012-06-07 02:56 - 0066558 ____A C:\Users\Good\Desktop\Extras.Txt
2012-06-07 02:52 - 2012-06-07 02:52 - 0131824 ____A C:\Users\Good\Desktop\OTL.Txt
2012-06-07 02:46 - 2012-06-07 02:46 - 0595456 ____A (OldTimer Tools) C:\Users\Good\Desktop\OTL.exe
2012-06-06 18:51 - 2012-06-05 19:00 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-06-06 18:51 - 2012-06-05 18:14 - 0000000 ____D C:\Program Files\CCleaner
2012-06-06 18:51 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Roaming\Sony Corporation
2012-06-06 18:51 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Local\VirtualStore
2012-06-06 18:51 - 2012-05-29 13:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:51 - 2012-05-26 11:44 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-06-06 18:51 - 2012-05-15 15:48 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-06 18:51 - 2012-05-03 17:41 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-06 18:51 - 2012-02-27 18:47 - 0000000 ____D C:\Program Files (x86)\SoulseekNS
2012-06-06 18:51 - 2012-02-05 08:13 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-06 18:51 - 2011-11-10 06:24 - 0000000 __SHD C:\Users\Washugirle\AppData\Local\85ea75c1
2012-06-06 18:51 - 2011-10-22 18:20 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Skype
2012-06-06 18:51 - 2011-10-12 04:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-06 18:51 - 2011-10-05 09:37 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Spotify
2012-06-06 18:51 - 2011-10-02 16:40 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Sony Corporation
2012-06-06 18:51 - 2011-10-02 16:39 - 0000000 ____D C:\users\Washugirle
2012-06-06 18:51 - 2011-07-12 18:58 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-06-06 18:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-06-06 18:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-06-06 18:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-06-06 18:50 - 2012-05-29 13:48 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Malwarebytes
2012-06-06 18:50 - 2011-11-15 14:06 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\SoftGrid Client
2012-06-06 18:50 - 2011-10-16 18:17 - 0000000 ____D C:\Users\Washugirle\AppData\Local\Facebook
2012-06-06 18:50 - 2011-10-12 04:40 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Mozilla
2012-06-06 18:50 - 2011-10-02 16:56 - 0000000 ____D C:\Users\Washugirle\AppData\Local\Google
2012-06-06 18:50 - 2011-10-02 16:44 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Adobe
2012-06-06 18:50 - 2011-10-02 16:43 - 0000000 ____D C:\Users\Washugirle\AppData\Local\Apps\2.0
2012-06-06 18:50 - 2011-10-02 16:42 - 0000000 ____D C:\Users\Washugirle\AppData\Local\VirtualStore
2012-06-06 18:50 - 2011-10-02 16:39 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\Intel
2012-06-06 18:50 - 2011-10-02 16:39 - 0000000 ____D C:\Users\Washugirle\AppData\LocalLow
2012-06-06 18:49 - 2012-06-05 18:51 - 0000000 ____D C:\_OTM
2012-06-06 18:49 - 2012-06-05 18:12 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-06 18:49 - 2012-05-29 19:13 - 0000000 ____D C:\Users\Good\AppData\Roaming\Mozilla
2012-06-06 18:49 - 2012-05-29 15:35 - 0000000 ____D C:\Users\Good\AppData\Local\Google
2012-06-06 18:49 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Roaming\Intel
2012-06-06 18:49 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\LocalLow
2012-06-06 18:49 - 2012-05-29 13:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:49 - 2012-03-07 18:45 - 0000000 ____D C:\Users\All Users\Google
2012-06-06 18:49 - 2012-02-26 19:43 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-06 18:49 - 2011-08-09 14:53 - 0000000 ____D C:\Users\All Users\Norton
2012-06-06 18:49 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-06-06 18:45 - 2011-10-12 04:40 - 0000000 ____D C:\Users\Washugirle\AppData\Local\Mozilla
2012-06-06 18:44 - 2012-02-05 08:13 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-06 18:44 - 2012-02-05 08:13 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-06 18:22 - 2011-10-16 18:17 - 0000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001Core.job
2012-06-06 17:28 - 2012-06-06 07:33 - 0000000 ____D C:\Users\Good\AppData\Roaming\Spotify
2012-06-06 16:07 - 2012-06-06 16:07 - 0000000 ___SD C:\32788R22FWJFW
2012-06-06 16:06 - 2012-06-06 16:06 - 0000000 ____D C:\Qoobox
2012-06-06 16:04 - 2012-06-05 19:03 - 0000000 ____D C:\Users\Good\Desktop\Antivirus stuff
2012-06-06 16:04 - 2009-07-13 21:08 - 0017112 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 16:00 - 2012-06-06 15:59 - 4538658 ____R (Swearware) C:\Users\Good\Desktop\ComboFix.exe
2012-06-06 15:59 - 2012-06-06 15:59 - 0000000 ___SD C:\Users\Good\Desktop\32788R22FWJFW
2012-06-06 15:52 - 2012-05-29 15:33 - 0000000 ____D C:\users\Good
2012-06-06 15:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-06 15:27 - 2012-06-06 15:27 - 0065536 __ASH C:\Windows\System32\config\components{66a38b7e-b028-11e1-bb76-78843c9db296}.TxR.blf
2012-06-06 14:01 - 2012-06-06 14:01 - 0000000 ____D C:\_OTL
2012-06-06 13:37 - 2012-06-06 07:33 - 0000000 ____D C:\Users\Good\AppData\Local\Spotify
2012-06-05 19:56 - 2012-06-05 19:56 - 0128514 ____A C:\Users\Good\Downloads\OTL.Txt
2012-06-05 19:54 - 2011-02-10 14:48 - 0000000 ____D C:\Windows\Panther
2012-06-05 19:41 - 2012-06-05 19:08 - 0001592 ____A C:\Users\Good\Desktop\GooredFix.txt
2012-06-05 19:41 - 2012-06-05 19:08 - 0000000 ____D C:\Users\Good\Desktop\GooredFix Backups
2012-06-05 19:36 - 2009-07-13 18:34 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-06-05 19:04 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Local\Deployment
2012-06-05 18:59 - 2012-06-05 18:59 - 0000000 ____D C:\Users\Good\AppData\Roaming\WinRAR
2012-06-05 18:30 - 2012-06-05 18:30 - 0000000 ____D C:\!KillBox
2012-06-05 18:29 - 2012-06-05 18:29 - 1212200 ____A C:\Users\Good\Downloads\killbox-2-0-0-881-en-win.exe
2012-06-05 18:15 - 2012-06-05 18:15 - 0186946 ____A (Business Information Solutions) C:\Users\Good\Downloads\AntiPuper.exe
2012-06-05 18:14 - 2012-06-05 18:14 - 3862112 ____A (Piriform Ltd) C:\Users\Good\Downloads\ccsetup319.exe
2012-06-05 18:10 - 2012-06-05 18:10 - 1402880 ____A C:\Users\Good\Downloads\HijackThis.msi
2012-06-05 17:48 - 2012-05-29 15:36 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003Core.job
2012-06-05 15:34 - 2011-10-02 16:56 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001Core.job
2012-06-05 15:14 - 2010-11-20 19:47 - 0369726 ____A C:\Windows\PFRO.log
2012-06-04 13:21 - 2012-06-04 13:21 - 0000224 ____A C:\Users\Good\Documents\url.htm
2012-06-04 09:35 - 2012-06-04 09:35 - 0000000 ____D C:\Users\Good\AppData\Local\Best Buy pc app
2012-06-03 19:47 - 2012-06-03 19:47 - 1028938 ____A C:\Users\Good\Downloads\slsk157NS13e.exe
2012-06-03 14:53 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Roaming\Apple Computer
2012-06-03 14:48 - 2012-06-03 14:48 - 76761968 ____A (Apple Inc.) C:\Users\Good\Downloads\iTunes64Setup.exe
2012-06-03 14:48 - 2012-06-03 14:48 - 0000000 ____D C:\Users\Good\AppData\Local\Apple Computer
2012-06-02 07:26 - 2012-06-02 07:26 - 0000000 ____D C:\Users\Good\AppData\Local\Apple
2012-06-01 02:53 - 2012-06-01 02:53 - 0053248 ____A C:\Users\Good\Downloads\Parade_Lineup_for_Torchlight_Parade.doc
2012-06-01 02:53 - 2012-06-01 02:53 - 0000162 ___AH C:\Users\Good\Downloads\~$rade_Lineup_for_Torchlight_Parade.doc
2012-06-01 02:52 - 2012-06-01 02:52 - 0184320 ____A C:\Users\Good\Downloads\2012_parade_application.doc
2012-06-01 02:52 - 2012-06-01 02:52 - 0000000 ____D C:\Users\Good\AppData\Local\SoftGrid Client
2012-05-30 05:55 - 2012-05-30 05:55 - 0000000 ____D C:\Users\Good\AppData\Roaming\Malwarebytes
2012-05-29 19:13 - 2012-05-29 19:13 - 0000000 ____D C:\Users\Good\AppData\Local\Mozilla
2012-05-29 19:12 - 2012-05-29 19:12 - 16339280 ____A (Mozilla) C:\Users\Good\Downloads\Firefox Setup 12.0.exe
2012-05-29 15:36 - 2012-05-29 15:35 - 0000000 ____D C:\Users\Good\AppData\Roaming\Google
2012-05-29 15:35 - 2012-05-29 15:35 - 0001544 ____A C:\Users\Good\AppData\Local\PDLSetup.20120529.183519.txt
2012-05-29 15:35 - 2012-05-29 15:35 - 0000000 ____D C:\Users\Good\AppData\Roaming\Adobe
2012-05-29 15:35 - 2012-05-29 15:35 - 0000000 ____D C:\Users\Good\AppData\Local\Intel Wireless Display
2012-05-29 15:33 - 2012-05-29 15:33 - 0068792 ____A C:\Users\Good\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 15:33 - 2012-05-29 15:33 - 0000020 ___SH C:\Users\Good\ntuser.ini
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\Templates
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\Start Menu
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\PrintHood
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\NetHood
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\My Documents
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\Documents\My Videos
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\Documents\My Pictures
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\Documents\My Music
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\AppData\Local\Temporary Internet Files
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 __SHD C:\Users\Good\AppData\Local\History
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Roaming\Intel Corporation
2012-05-29 15:33 - 2012-05-29 15:33 - 0000000 ____D C:\Users\Good\AppData\Local\Apps\2.0
2012-05-29 13:48 - 2012-05-29 13:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Washugirle\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-29 13:48 - 2012-05-29 13:48 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 13:29 - 2012-05-26 13:29 - 0739840 ____A (Google Inc.) C:\Users\Washugirle\Downloads\ChromeSetup(1).exe
2012-05-26 12:57 - 2012-04-19 18:57 - 0007422 ____A C:\test.xml
2012-05-26 11:39 - 2012-05-26 11:39 - 0739840 ____A (Google Inc.) C:\Users\Washugirle\Downloads\ChromeSetup.exe
2012-05-25 08:37 - 2012-05-25 08:29 - 0000000 ____D C:\Users\Washugirle\AppData\Local\{A6F6CD4F-A686-11E1-8270-B8AC6F996F26}
2012-05-25 08:37 - 2012-05-25 08:29 - 0000000 ____D C:\Users\Washugirle\AppData\Local\{A6F68A05-A686-11E1-8270-B8AC6F996F26}
2012-05-25 08:37 - 2012-05-25 08:28 - 0000000 ____D C:\Users\All Users\B7E858A70175273B0001518FB4EB2367
2012-05-25 08:29 - 2011-11-10 14:55 - 0000000 ____D C:\Users\Washugirle\AppData\Local\CrashDumps
2012-05-15 17:09 - 2012-05-15 17:09 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\com.mcmguides.pdg.NCO.2011
2012-05-15 17:08 - 2012-05-15 17:08 - 0000981 ____A C:\Users\Public\Desktop\PDG GOLD NCO - 2011.lnk
2012-05-15 17:08 - 2012-05-15 17:08 - 0000000 ____D C:\Program Files (x86)\PDG GOLD NCO - 2011
2012-05-15 15:43 - 2011-10-22 18:20 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-15 15:43 - 2011-10-22 18:20 - 0000000 ____D C:\Users\All Users\Skype
2012-05-14 03:55 - 2009-07-13 20:45 - 0310336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 03:54 - 2011-08-09 15:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 03:50 - 2011-10-05 09:37 - 0000000 ____D C:\Users\Washugirle\AppData\Local\Spotify
2012-05-14 02:38 - 2012-05-14 02:38 - 0043976 ____A C:\Users\Good\AppData\Local\save_es.bmp
2012-05-14 02:38 - 2012-05-14 02:38 - 0043976 ____A C:\Users\Good\AppData\Local\save_en.bmp
2012-05-13 11:54 - 2012-03-07 15:46 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 11:43 - 2011-07-12 18:58 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-05 15:16 - 2012-05-05 15:16 - 0132378 ____A C:\Users\Washugirle\Documents\Final Project Edited.docx
2012-05-05 15:11 - 2012-05-03 18:25 - 0132382 ____A C:\Users\Washugirle\Documents\Final Project.docx
2012-05-04 15:16 - 2011-11-15 14:05 - 0000000 ____D C:\Users\Washugirle\AppData\Roaming\TP
2012-05-04 14:44 - 2011-10-02 16:39 - 0068792 ____A C:\Users\Washugirle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-04 14:18 - 2012-05-04 14:18 - 0000162 ___AH C:\Users\Washugirle\Documents\~$signment 4.docx
2012-05-03 18:25 - 2012-05-03 18:25 - 0013399 ___AH C:\Users\Washugirle\Documents\~WRL1006.tmp
2012-05-03 18:25 - 2012-05-03 18:25 - 0000162 ___AH C:\Users\Washugirle\Documents\~$nal Project.docx
2012-05-03 17:41 - 2012-05-03 17:41 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-03 03:12 - 2012-05-03 03:12 - 0000532 ____A C:\Users\Good\AppData\Local\datos.txt
2012-04-27 18:37 - 2012-04-27 17:47 - 0014182 ____A C:\Users\Washugirle\Documents\Assignment 7.docx
2012-04-27 17:47 - 2012-04-27 17:47 - 0000162 ___AH C:\Users\Washugirle\Documents\~$signment 7.docx
2012-04-19 19:37 - 2012-04-18 18:57 - 0018535 ____A C:\Users\Washugirle\Documents\Questions 2.docx
2012-04-19 17:51 - 2011-11-10 13:13 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-04-18 18:57 - 2012-04-18 18:57 - 0000162 ___AH C:\Users\Washugirle\Documents\~$estions 2.docx
2012-04-18 17:57 - 2012-04-18 17:57 - 0013737 ____A C:\Users\Washugirle\Documents\Questions.docx
2012-04-18 17:56 - 2012-04-18 17:56 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 17:53 - 2012-04-18 17:53 - 1979815 ____A C:\Users\Washugirle\Documents\AFD-120202-013.pdf
2012-04-15 12:26 - 2012-03-06 15:24 - 0000000 ____D C:\Users\Washugirle\AppData\Local\ElevatedDiagnostics
2012-04-12 17:45 - 2012-04-12 17:45 - 0000000 ____D C:\Program Files\iTunes
2012-04-12 17:45 - 2012-02-26 20:15 - 0000000 ____D C:\Program Files\iPod
2012-04-12 17:45 - 2012-02-26 20:15 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-07 07:55 - 2012-04-06 17:23 - 0016286 ____A C:\Users\Washugirle\Documents\Assignment 5.docx
2012-04-04 12:56 - 2012-05-29 13:48 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-10 19:15 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-10 19:15 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 19:15 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 19:15 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-10 19:14 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 15:02 - 2012-03-28 15:02 - 0000000 ____D C:\Users\Washugirle\Documents\Soulseek Chat Logs
2012-03-21 17:23 - 2012-03-21 17:23 - 1028938 ____A C:\Users\Washugirle\Downloads\slsk157NS13e.exe
2012-03-16 23:58 - 2012-05-10 19:14 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 19:08 - 2012-03-14 19:16 - 0046128 ____A C:\Users\Washugirle\Documents\Assignment 4.docx
2012-03-14 18:29 - 2012-03-14 18:29 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-03-13 12:28 - 2012-03-13 12:28 - 0000000 __HDC C:\Users\All Users\{F974CC36-BF25-4374-A035-B0A9DA79E735}
2012-03-13 12:28 - 2011-08-09 13:18 - 0000000 ____D C:\Program Files (x86)\DDNi
2012-03-12 07:25 - 2012-03-12 07:24 - 76763504 ____A (Apple Inc.) C:\Users\Washugirle\Downloads\iTunes64Setup (2).exe
2012-03-10 07:23 - 2012-03-10 07:22 - 15792320 ____A (Mozilla) C:\Users\Washugirle\Downloads\Firefox Setup 10.0.2.exe
2012-03-10 07:16 - 2012-03-07 15:37 - 0000021 ____A C:\Windows\Model.txt
2012-03-10 07:16 - 2012-03-07 15:37 - 0000000 ____A C:\Windows\Model.log

C:\Users\Washugirle\AppData\Local\85ea75c1
C:\Users\Washugirle\AppData\Local\85ea75c1\@
C:\Users\Washugirle\AppData\Local\85ea75c1\loader.tlb
C:\Users\Washugirle\AppData\Local\85ea75c1\U

C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\@
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\L
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\n
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\U
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\U\00000001.@
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\U\80000000.@
C:\Users\Washugirle\AppData\Local\{3182d8b6-6863-90a5-d07d-6987c4b8a4a3}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4043.86 MB
Available physical RAM: 3446.04 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3430.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:585 GB) (Free:525.75 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:11.07 GB) (Free:1.1 GB) NTFS
3 Drive f: (PDG GOLD NCO - 2011) (CDROM) (Total:0.3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.93 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 975 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 584 GB 11 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 11 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 584 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 972 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 972 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-28 23:50

======================= End Of Log ==========================
  • 0

#19
azarl
Posted 08 June 2012 - 01:50 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Firstly...
  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
regsvr32 "%WINDIR%\System32\wbem\wbemess.dll"

You should get a message to say it was successful

Next...
Reboot

Finally
ComboFix

Notes:
  • If you have a previous version of Combofix.exe, delete it and download a fresh copy.
  • It must be saved to your desktop, do not run it
  • Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop
http://download.blee...Bs/ComboFix.exe
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
Posted Image
Posted Image

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#20
StrifeX
Posted 08 June 2012 - 03:56 PM

StrifeX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm sorry but Combofix still wont give me a log. It just opens, runs, and closes. Sometimes the desktop goes away for a second, other times it doesn't. Still being redirected.
  • 0

#21
azarl
Posted 09 June 2012 - 02:13 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Did you run the command I asked for first?

  • Unzip the attached to your desktop
  • Double-click on Strifex.bat
  • Click OK when asked
  • It will produce a report, strifex.txt on your desktop. Please copy the contents in your reply

  • 0

#22
StrifeX
Posted 09 June 2012 - 07:38 AM

StrifeX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes I did run the the command first. Here is the log from StrifeX.bat


HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32
(Default) REG_EXPAND_SZ %systemroot%\system32\wbem\wbemess.dll
ThreadingModel REG_SZ Both


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32
(Default) REG_EXPAND_SZ %systemroot%\system32\wbem\wbemess.dll
ThreadingModel REG_SZ Both


HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32
(Default) REG_EXPAND_SZ %systemroot%\system32\wbem\wbemess.dll
ThreadingModel REG_SZ Both


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32
(Default) REG_EXPAND_SZ %systemroot%\system32\wbem\wbemess.dll
ThreadingModel REG_SZ Both
  • 0

#23
azarl
Posted 09 June 2012 - 08:44 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1«
Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


» Step 2«
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %localappdata%\*.
%systemroot%\installer\*.
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two a notepad window, OTL.txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and paste into your reply.
  • 0

#24
StrifeX
Posted 09 June 2012 - 09:47 AM

StrifeX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 10:37:01
-----------------------------
10:37:01.405 OS Version: Windows x64 6.1.7601 Service Pack 1
10:37:01.405 Number of processors: 4 586 0x2A07
10:37:01.405 ComputerName: TARDIS UserName: Good
10:37:05.118 Initialize success
10:37:15.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:37:15.047 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
10:37:15.094 Disk 0 MBR read successfully
10:37:15.094 Disk 0 MBR scan
10:37:15.109 Disk 0 Windows 7 default MBR code
10:37:15.109 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11340 MB offset 2048
10:37:15.140 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 23226368
10:37:15.140 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599038 MB offset 23431168
10:37:15.156 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
10:37:15.172 Disk 0 scanning C:\Windows\system32\drivers
10:37:22.020 Service scanning
10:37:39.866 Modules scanning
10:37:39.882 Disk 0 trace - called modules:
10:37:39.913 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:37:39.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065e1790]
10:37:39.929 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004919050]
10:37:39.944 Scan finished successfully
10:37:58.899 Disk 0 MBR has been saved successfully to "C:\Users\Good\Desktop\MBR.dat"
10:37:58.899 The log file has been saved successfully to "C:\Users\Good\Desktop\aswMBR.txt"


And here is the OTL log:


OTL logfile created on: 6/9/2012 10:41:46 AM - Run 2
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Good\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.60% Memory free
7.90 Gb Paging File | 6.08 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 524.12 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive E: | 302.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TARDIS | User Name: Good | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 05:46:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Good\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/03/28 02:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/03/05 18:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/15 13:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/14 15:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/14 01:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 01:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 07:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/11/27 02:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 18:36:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/05/14 18:36:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/14 06:58:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 06:58:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/14 06:58:04 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/14 06:57:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/14 06:57:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 06:57:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 06:57:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 06:57:29 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 15:46:04 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/06/14 12:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/06/14 12:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/05/19 21:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/03/30 11:09:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/19 00:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 00:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 15:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 07:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/20 14:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/12/17 16:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/11/20 22:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 20:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\AR5523.dll -- (sprtsvc_dellsupportcenter)
SRV - [2012/05/03 20:41:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/03/28 02:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/21 14:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 14:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/14 01:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 01:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/20 14:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/10 21:41:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/19 15:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2011/05/19 15:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/05/19 15:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino®
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/28 02:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/27 23:12:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/27 23:07:33 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 22:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/21 12:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/15 02:42:50 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/14 01:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/11 03:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 15:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2012/04/27 19:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120501.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/02 18:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/03/07 18:18:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120501.019\EX64.SYS -- (NAVEX15)
DRV - [2012/03/07 18:18:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120501.019\ENG64.SYS -- (NAVENG)
DRV - [2012/02/04 08:52:19 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 08:52:19 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS486
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Good\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Good\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/03/07 18:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 21:51:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 21:51:06 | 000,000,000 | ---D | M]

[2012/05/29 22:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Good\AppData\Roaming\mozilla\Extensions
[2012/06/06 21:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Good\AppData\Roaming\mozilla\Firefox\Profiles\f5h7o394.default\extensions
[2012/06/06 21:51:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Good\AppData\Roaming\mozilla\Firefox\Profiles\f5h7o394.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/29 22:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/15 18:43:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Good\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Good\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Good\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Good\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Good\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Good\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Good\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Good\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/08 15:40:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28094101-E844-446D-916A-DFA5640C49B3}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5529D6AA-B215-4FC2-B6DF-78B71D3D65F2}: DhcpNameServer = 192.53.112.29
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/08 14:08:26 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6aa5a3b7-c2cc-11e0-892e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa5a3b7-c2cc-11e0-892e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2011/12/08 14:08:26 | 000,102,272 | -H-- | M] (Adobe Systems Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: sprtsvc_dellsupportcenter - C:\Windows\SysNative\AR5523.dll (Iomega)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 10:34:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Good\Desktop\aswMBR.exe
[2012/06/09 08:41:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/08 15:43:19 | 004,538,510 | R--- | C] (Swearware) -- C:\Users\Good\Desktop\ComboFix.exe
[2012/06/07 19:42:16 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/07 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\CrashDumps
[2012/06/07 05:46:45 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Good\Desktop\OTL.exe
[2012/06/06 19:06:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/06 18:59:16 | 000,000,000 | --SD | C] -- C:\Users\Good\Desktop\32788R22FWJFW
[2012/06/06 17:01:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/06 10:33:26 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Spotify
[2012/06/06 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Spotify
[2012/06/05 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Good\Desktop\GooredFix Backups
[2012/06/05 22:03:22 | 000,000,000 | ---D | C] -- C:\Users\Good\Desktop\Antivirus stuff
[2012/06/05 22:00:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/05 21:59:13 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\WinRAR
[2012/06/05 21:51:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/06/05 21:30:28 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/06/05 21:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/05 21:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/05 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/05 21:12:08 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/05 20:42:26 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Diagnostics
[2012/06/04 12:35:08 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Best Buy pc app
[2012/06/03 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2012/06/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Apple Computer
[2012/06/02 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Windows Live
[2012/06/02 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Apple
[2012/06/01 05:52:10 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\SoftGrid Client
[2012/06/01 05:52:08 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\SoftGrid Client
[2012/05/30 08:55:08 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Malwarebytes
[2012/05/29 22:13:49 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Mozilla
[2012/05/29 22:13:49 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Mozilla
[2012/05/29 18:36:55 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/29 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Adobe
[2012/05/29 18:35:41 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Google
[2012/05/29 18:35:41 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Google
[2012/05/29 18:35:17 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Intel Wireless Display
[2012/05/29 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Apps
[2012/05/29 18:33:53 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Deployment
[2012/05/29 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Intel Corporation
[2012/05/29 18:33:44 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Apple Computer
[2012/05/29 18:33:34 | 000,000,000 | R--D | C] -- C:\Users\Good\Searches
[2012/05/29 18:33:34 | 000,000,000 | R--D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/29 18:33:34 | 000,000,000 | -H-D | C] -- C:\Users\Good\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/29 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Identities
[2012/05/29 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Good\Contacts
[2012/05/29 18:33:23 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\VirtualStore
[2012/05/29 18:33:20 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Sony Corporation
[2012/05/29 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Intel
[2012/05/29 18:33:15 | 000,000,000 | --SD | C] -- C:\Users\Good\AppData\Roaming\Microsoft
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Videos
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Saved Games
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Pictures
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Music
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Links
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Favorites
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Downloads
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Documents
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\Desktop
[2012/05/29 18:33:15 | 000,000,000 | R--D | C] -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\AppData\Local\Temporary Internet Files
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Templates
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Start Menu
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\SendTo
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Recent
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\PrintHood
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\NetHood
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Documents\My Videos
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Documents\My Pictures
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Documents\My Music
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\My Documents
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Local Settings
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\AppData\Local\History
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Cookies
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\Application Data
[2012/05/29 18:33:15 | 000,000,000 | -HSD | C] -- C:\Users\Good\AppData\Local\Application Data
[2012/05/29 18:33:15 | 000,000,000 | -H-D | C] -- C:\Users\Good\AppData
[2012/05/29 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Temp
[2012/05/29 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\Good\Roaming
[2012/05/29 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Local\Microsoft
[2012/05/29 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Media Center Programs
[2012/05/29 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\Good\AppData\Roaming\Macromedia
[2012/05/29 16:48:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/29 16:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/29 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/29 16:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/26 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/26 14:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/25 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A70175273B0001518FB4EB2367
[2012/05/15 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDG GOLD NCO - 2011
[2012/05/15 18:48:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/15 18:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/15 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/06/09 10:41:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003UA.job
[2012/06/09 10:37:58 | 000,000,512 | ---- | M] () -- C:\Users\Good\Desktop\MBR.dat
[2012/06/09 10:35:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Good\Desktop\aswMBR.exe
[2012/06/09 10:34:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001UA.job
[2012/06/09 10:31:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 09:46:36 | 000,000,634 | ---- | M] () -- C:\Users\Good\Desktop\strifex.bat
[2012/06/09 09:28:25 | 000,000,910 | ---- | M] () -- C:\Users\Good\Desktop\Spotify.lnk
[2012/06/09 09:27:41 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001UA.job
[2012/06/09 09:27:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 08:48:27 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 08:48:27 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 08:45:02 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/09 08:45:02 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 08:45:02 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/09 08:40:49 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 08:40:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/06/09 08:40:35 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 08:36:45 | 000,000,335 | ---- | M] () -- C:\Users\Good\Desktop\strifex.zip
[2012/06/09 03:01:11 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001Core.job
[2012/06/08 20:08:24 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003Core.job
[2012/06/08 20:08:23 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001Core.job
[2012/06/08 16:47:50 | 000,000,097 | ---- | M] () -- C:\Users\Good\AppData\Roaming\mbam.context.scan
[2012/06/08 15:43:29 | 004,538,510 | R--- | M] (Swearware) -- C:\Users\Good\Desktop\ComboFix.exe
[2012/06/08 15:40:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/07 05:46:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Good\Desktop\OTL.exe
[2012/06/04 16:21:47 | 000,000,224 | ---- | M] () -- C:\Users\Good\Documents\url.htm
[2012/05/29 18:35:37 | 000,001,441 | ---- | M] () -- C:\Users\Good\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/29 16:48:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/26 15:57:12 | 000,007,422 | ---- | M] () -- C:\test.xml
[2012/05/15 20:08:36 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\PDG GOLD NCO - 2011.lnk
[2012/05/14 06:55:02 | 000,310,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/14 05:38:32 | 000,043,976 | ---- | M] () -- C:\Users\Good\AppData\Local\save_en.bmp
[2012/05/14 05:38:08 | 000,043,976 | ---- | M] () -- C:\Users\Good\AppData\Local\save_es.bmp

========== Files Created - No Company Name ==========

[2012/06/09 10:37:58 | 000,000,512 | ---- | C] () -- C:\Users\Good\Desktop\MBR.dat
[2012/06/09 09:28:25 | 000,000,910 | ---- | C] () -- C:\Users\Good\Desktop\Spotify.lnk
[2012/06/09 09:28:25 | 000,000,896 | ---- | C] () -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/06/09 08:37:10 | 000,000,634 | ---- | C] () -- C:\Users\Good\Desktop\strifex.bat
[2012/06/09 08:36:54 | 000,000,335 | ---- | C] () -- C:\Users\Good\Desktop\strifex.zip
[2012/06/08 16:47:50 | 000,000,097 | ---- | C] () -- C:\Users\Good\AppData\Roaming\mbam.context.scan
[2012/06/04 16:21:55 | 000,000,224 | ---- | C] () -- C:\Users\Good\Documents\url.htm
[2012/05/29 18:36:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003UA.job
[2012/05/29 18:36:27 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1003Core.job
[2012/05/29 18:35:37 | 000,001,441 | ---- | C] () -- C:\Users\Good\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/29 18:33:40 | 000,001,413 | ---- | C] () -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/29 18:33:35 | 000,001,447 | ---- | C] () -- C:\Users\Good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/29 18:33:15 | 000,000,290 | ---- | C] () -- C:\Users\Good\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/29 18:33:15 | 000,000,272 | ---- | C] () -- C:\Users\Good\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/29 16:48:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 20:08:36 | 000,000,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDG GOLD NCO - 2011.lnk
[2012/05/15 20:08:36 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\PDG GOLD NCO - 2011.lnk
[2012/05/15 18:44:35 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/05/14 05:38:32 | 000,043,976 | ---- | C] () -- C:\Users\Good\AppData\Local\save_en.bmp
[2012/05/14 05:38:08 | 000,043,976 | ---- | C] () -- C:\Users\Good\AppData\Local\save_es.bmp
[2011/11/15 23:33:41 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/08/09 16:18:32 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/28 02:04:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/28 02:04:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/28 02:04:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 18:03:27 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/06/07 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Roaming\SoftGrid Client
[2012/06/09 09:33:26 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Roaming\Spotify
[2012/06/09 03:01:11 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001Core.job
[2012/06/09 09:27:41 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3637437872-1274704338-1893036344-1001UA.job
[2012/06/08 12:31:27 | 000,021,088 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %localappdata%\*. >
[2012/06/02 10:26:39 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Apple
[2012/06/03 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Apple Computer
[2012/05/29 18:33:15 | 000,000,000 | -HSD | M] -- C:\Users\Good\AppData\Local\Application Data
[2012/05/29 18:33:54 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Apps
[2012/06/04 12:35:08 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Best Buy pc app
[2012/06/07 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\CrashDumps
[2012/06/05 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Deployment
[2012/06/06 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Diagnostics
[2012/06/06 21:49:39 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Google
[2012/05/29 18:33:15 | 000,000,000 | -HSD | M] -- C:\Users\Good\AppData\Local\History
[2012/05/29 18:35:17 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Intel Wireless Display
[2012/06/06 21:49:45 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Microsoft
[2012/05/29 22:13:49 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Mozilla
[2012/06/01 05:52:11 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\SoftGrid Client
[2012/06/09 09:33:26 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Spotify
[2012/06/09 10:41:44 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Temp
[2012/05/29 18:33:15 | 000,000,000 | -HSD | M] -- C:\Users\Good\AppData\Local\Temporary Internet Files
[2012/06/06 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\VirtualStore
[2012/06/07 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Good\AppData\Local\Windows Live

< %systemroot%\installer\*. >
[2011/08/09 16:45:28 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2011/08/09 16:33:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}
[2011/08/09 16:42:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{5C1DA3D9-F590-4317-A4FB-274F658E504B}
[2012/06/06 21:51:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2011/08/09 17:16:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{115B60D5-BBDB-490E-AF2E-064D37A3CE01}
[2012/03/07 18:14:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}
[2011/08/09 17:31:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{270380EB-8812-42E1-8289-53700DB840D2}
[2011/08/09 16:33:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}
[2011/11/11 17:16:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3A9FC03D-C685-4831-94CF-4EDFD3749497}
[2011/08/09 17:32:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}
[2011/08/09 16:42:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5C1DA3D9-F590-4317-A4FB-274F658E504B}
[2011/08/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5C1F18D2-F6B7-4242-B803-B5A78648185D}
[2011/08/09 17:23:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{66081CDD-C1FE-415F-BB3A-F2622BA27461}
[2012/02/26 22:42:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2012/02/26 22:42:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2012/05/26 14:44:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}
[2012/06/08 12:39:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}
[2012/05/13 14:44:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/02/22 13:49:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006D-0409-1000-0000000FF1CE}
[2011/08/09 16:56:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-0070-0000-0000-0000000FF1CE}
[2012/03/19 12:21:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-00AF-0409-0000-0000000FF1CE}
[2011/08/09 18:03:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2012/06/06 21:51:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2012/03/07 18:14:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}
[2011/08/09 17:19:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}
[2012/05/15 18:43:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}
[2012/03/17 09:32:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}
[2012/04/12 20:41:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
[2012/06/06 21:51:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}
[2011/08/09 18:03:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2011/08/09 18:03:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2012/03/17 09:32:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
[2012/05/15 18:43:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
[2011/08/09 18:03:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2011/08/09 17:48:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F84906ED-BB54-4889-B131-FED9C9056FC8}

< End of report >
  • 0

#25
azarl
Posted 10 June 2012 - 03:12 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Firstly...

  • Download the attached FixList.txt and save it to the same USB drive where you have frst.exe
  • Insert the USB drive into your computer. Enter System Recovery (just as you did in post 17) and run FRST but this time click the Fix button.
After it has finished, a log (Fixlog.txt) will be on your USB drive please post it it your reply.

Next...
Please run ComboFix again and post the log it produces
  • 0

Advertisements

#26
azarl
Posted 16 June 2012 - 04:30 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP