TechSpot

Win64/Patched.A Infected

Solved
By JPJohnson_2012
Oct 22, 2012
  1. Running Windows 7 on a new Vaio laptop. Got infected with Win64/Patched.A. It, in turn, continuously allows other malware to install. Luckily, AVG is catching the other malware, but I can hardly be online for 30 minutes without them reappearing. I read through the entire thread between Judy Miller and Broni from earlier this month. I downloaded most of the tools listed in that thread from another system (to limit my time online on the infected system) and burned them onto a DVD so I can transfer them to my desktop if necessary. Only two I didn't get yet were Security Check and AdwCleaner. System I was on blocked them so I will get them later if necessary.

    I haven't done anything yet, because I don't want to goober up my system by doing something I shouldn't.

    I am hoping you can help me disinfect my system. Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Have to post the FRST.txt log in multiple parts due to the length over 50000 characters. Here is part 1:
    an result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
    Ran by SYSTEM at 22-10-2012 21:18:51
    Running from G:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO [1156712 2012-03-13] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1020576 2012-02-23] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-02-23] (Atheros Commnucations)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-22] (Intel Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [60552 2011-09-20] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
    HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-20] ()
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-20] ()
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Jim\...\Run: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-01] (Google Inc.)
    HKU\Jim\...\Run: [Epson Stylus NX330(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\Jim\AppData\Local\Temp\E_SEC6E.tmp" /EF "HKCU" [232448 2011-01-20] (SEIKO EPSON CORPORATION)
    HKU\Jim\...\Run: [ghbmhpbomyelvcg] C:\ProgramData\ghbmhpbo.exe [x]
    HKU\Jim\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Jim\Start Menu\Programs\Startup\ctfmon.lnk
    ShortcutTarget: ctfmon.lnk -> C:\ProgramData\lsass.exe (Microsoft Corporation)
    Startup: C:\Users\Jim\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
    ShortcutTarget: Epson all-in-one Registration.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-01] (AVG Technologies CZ, s.r.o.)
    3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
    3 DCDhcpService; "C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe" [112256 2012-03-21] (Atheros Communication Inc.)
    3 GSService; "C:\Windows\SysWOW64\GSService.exe" [252928 2012-05-31] ()
    2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
    2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" [51200 2011-12-05] ()
    2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [473960 2012-02-21] (Sony Corporation)
    2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [260768 2011-11-30] (Sony Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    3 SMServer; "C:\Windows\SysWOW64\snmvtsvc.exe" [260608 2012-06-01] (SMServer)
    2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-20] ()
    2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros)

    ==================== Drivers (Whitelisted) =====================

    3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-12] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-20] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-20] (AVG Technologies)
    3 BTATH_VDP; C:\Windows\System32\Drivers\BTATH_VDP.sys [421664 2012-02-23] (Atheros)
    3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
    3 MP4ConverterAudio; C:\Windows\System32\Drivers\MP4ConverterAudio.sys [34088 2012-06-05] (Windows (R) Win 7 DDK provider)
    3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-21 17:54 - 2012-10-21 17:54 - 00000000 ____D C:\FRST
    2012-10-21 13:45 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20121021-174515.backup
    2012-10-21 13:10 - 2012-10-21 13:44 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-10-21 13:10 - 2012-10-21 13:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-10-21 13:10 - 2012-10-21 13:10 - 00001258 ____A C:\Users\Jim\Desktop\Spybot - Search & Destroy.lnk
    2012-10-21 13:09 - 2012-10-21 13:09 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jim\Downloads\spybotsd162.exe
    2012-10-21 12:59 - 2012-10-21 12:59 - 01459119 ____A (Farbar) C:\Users\Jim\Downloads\FRST64.exe
    2012-10-21 12:44 - 2012-10-21 12:44 - 00000000 __SHD C:\found.000
    2012-10-21 08:28 - 2012-10-21 16:22 - 00000000 ____D C:\Update
    2012-10-21 08:28 - 2012-10-21 08:29 - 92121088 ____A C:\Users\Jim\Downloads\avg_arl_cdi_all_120_120823a5226 (1).iso
    2012-10-21 08:27 - 2012-10-21 08:28 - 92121088 ____A C:\Users\Jim\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-21 05:50 - 2012-10-21 05:55 - 00000000 ____D C:\Users\Jim\Documents\WebCam Media
    2012-10-21 05:33 - 2012-10-21 05:34 - 103899007 ____A C:\Users\Jim\Downloads\avg_arl_ffi_all_120_120823a5226.zip
    2012-10-21 05:16 - 2012-10-21 16:34 - 00000000 ____D C:\ArcSoft
    2012-10-21 05:05 - 2012-10-21 05:06 - 00000238 ____A C:\Windows\System32\avgrep.txt
    2012-10-21 05:01 - 2012-10-22 17:15 - 83023306 ___AT C:\Users\All Users\a3e6069.pad
    2012-10-21 05:01 - 2012-10-21 05:01 - 00129024 ____A C:\Users\Jim\Documents\9606e3a.dll
    2012-10-21 05:01 - 2012-10-21 05:01 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
    2012-10-18 14:07 - 2012-10-18 14:07 - 00000000 ____D C:\Users\Jim\AppData\Local\{EE5A87E0-318C-485B-B50F-3B7CE4C15B70}
    2012-10-17 17:55 - 2012-10-17 17:55 - 00000000 ____D C:\Users\Jim\AppData\Local\{6DA602AC-B60A-4ECA-872A-D6CDC78E70AA}
    2012-10-17 02:23 - 2012-10-17 02:23 - 00000000 ____D C:\Users\Jim\AppData\Local\{88559C51-1587-4B0E-A97B-7E95FC32A01C}
    2012-10-16 13:24 - 2012-10-16 13:24 - 00000000 ____D C:\Users\Jim\AppData\Local\{F6F3F0CA-E4C4-4865-B0C9-90E0C4C7CFED}
    2012-10-15 17:05 - 2012-10-15 17:06 - 00000000 ____D C:\Users\Jim\AppData\Local\{FA4BEF3E-3FA2-45C4-A066-B45D890A255A}
    2012-10-14 04:46 - 2012-10-14 04:46 - 00097652 ____A C:\Users\All Users\eolbudrbawuxzlv
    2012-10-12 12:24 - 2012-10-12 12:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-10-12 12:24 - 2012-10-12 12:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-10-12 12:06 - 2012-10-12 12:06 - 00000000 ____D C:\Users\Jim\AppData\Local\{72DE389D-4BB1-4302-9505-5C63E7CFC5D5}
    2012-10-11 15:07 - 2012-10-11 15:07 - 00000000 ____D C:\Users\Jim\AppData\Local\ArcSoft
    2012-10-11 15:06 - 2012-10-21 16:36 - 00000000 ____D C:\Users\Jim\AppData\Roaming\ArcSoft
    2012-10-11 14:41 - 2012-10-11 14:42 - 00000000 ____D C:\Users\Jim\AppData\Local\{B59ADBA3-7FF2-4B5C-BB8B-97F3A54F065E}
    2012-10-11 02:27 - 2012-10-11 02:27 - 00000000 ____D C:\Users\Jim\AppData\Local\{A6DF6C27-F40F-48C2-8ADE-E8A6FCCE433E}
    2012-10-10 14:26 - 2012-10-10 14:27 - 00000000 ____D C:\Users\Jim\AppData\Local\{ECCC1833-EBB3-4449-9C52-FD9E7187805F}
    2012-10-10 02:26 - 2012-10-10 02:26 - 00000000 ____D C:\Users\Jim\AppData\Local\{79BCC48C-12B4-4209-AC87-13EAEEA287CF}
    2012-10-09 14:30 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 14:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 14:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 14:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 14:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 14:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 14:29 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 14:29 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 14:29 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 14:29 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 14:29 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 14:29 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 14:29 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 14:29 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 14:29 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 14:29 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 14:29 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 14:28 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 14:28 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 14:28 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 14:28 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 14:28 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 14:28 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 14:28 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 14:28 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 14:12 - 2012-10-09 14:12 - 00000000 ____D C:\Users\Jim\AppData\Local\{ED75F15E-BB0D-4FC7-A441-E78E79C2D54D}
    2012-10-08 15:58 - 2012-10-08 15:59 - 00000000 ____D C:\Users\Jim\AppData\Local\{C46D6CC5-5812-4921-B311-24CA551CC355}
    2012-10-08 09:11 - 2012-10-08 09:11 - 00537088 ____A C:\Users\Jim\Documents\template-expenses.xls
    2012-10-08 03:58 - 2012-10-08 03:58 - 00000000 ____D C:\Users\Jim\AppData\Local\{1D73A6D5-4347-4A08-BF30-0C3B3DBDD927}
    2012-10-07 15:52 - 2012-10-07 15:53 - 00000000 ____D C:\Users\Jim\AppData\Local\{50600E1B-A148-49B7-B220-7F5D44187E0C}
    2012-10-05 03:42 - 2012-10-05 03:42 - 00000000 ____D C:\Users\Jim\AppData\Local\{8CFDB3AE-2F1D-401E-A9B3-30831FFD78FE}
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 14:17 - 2012-10-04 14:18 - 00000000 ____D C:\Users\Jim\AppData\Local\{D38F0391-C255-46DB-B18D-07ACAA60AECE}
    2012-10-04 02:17 - 2012-10-04 02:17 - 00000000 ____D C:\Users\Jim\AppData\Local\{15E46865-E31E-47C3-8622-53FB15C4DB7F}
    2012-10-03 18:21 - 2012-10-03 18:21 - 00000000 ____D C:\Converted
    2012-10-03 18:19 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\MP4-Converter
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001953 ____A C:\Users\Public\Desktop\MP4-Converter.lnk
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001930 ____A C:\Users\Public\Desktop\MP4-Converter CDRipper.lnk
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001030 ____A C:\Users\Public\Desktop\Buy MP4-Converter Now.lnk
    2012-10-03 18:19 - 2012-06-05 06:59 - 00034088 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\MP4ConverterAudio.sys
    2012-10-03 18:19 - 2012-06-05 06:59 - 00034088 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\MP4ConverterAudio.sys
    2012-10-03 18:19 - 2012-06-05 06:59 - 00008023 ____A C:\Windows\System32\MP4ConverterAudio.cat
    2012-10-03 18:19 - 2012-06-01 11:20 - 00260608 ____A (SMServer) C:\Windows\SysWOW64\snmvtsvc.exe
    2012-10-03 18:19 - 2012-05-31 11:38 - 00252928 ____A C:\Windows\SysWOW64\GSService.exe
    2012-10-03 17:55 - 2012-10-03 17:55 - 00002073 ____A C:\Users\Jim\Desktop\JDownloader.lnk
    2012-10-03 17:54 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\Giant Savings
    2012-10-03 17:54 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\Funmoods
    2012-10-03 17:54 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\DownloadManager
    2012-10-03 17:54 - 2012-10-03 17:54 - 00141086 ____A C:\Users\Jim\AppData\Local\funmoods-speeddial_sf.crx
    2012-10-03 17:54 - 2012-10-03 17:54 - 00031465 ____A C:\Users\Jim\AppData\Local\funmoods.crx
    2012-10-03 17:54 - 2012-10-03 17:54 - 00000000 ____D C:\Users\Jim\AppData\Local\Giant Savings
    2012-10-03 17:31 - 2012-10-03 17:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-10-03 17:29 - 2012-10-03 17:44 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Apple Computer
    2012-10-03 17:29 - 2012-10-03 17:29 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-10-03 17:29 - 2012-10-03 17:29 - 00000000 ____D C:\Users\Jim\AppData\Local\Apple Computer
    2012-10-03 17:28 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-10-03 17:27 - 2012-10-21 16:35 - 00000000 ____D C:\Users\All Users\Apple Computer
    2012-10-03 17:27 - 2012-10-21 16:35 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-03 17:27 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files\iTunes
    2012-10-03 17:27 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files\iPod
    2012-10-03 17:27 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-10-03 17:26 - 2012-10-21 16:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-10-03 17:26 - 2012-10-03 17:26 - 00000000 ____D C:\Users\Jim\AppData\Local\Apple
    2012-10-03 17:25 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files\Bonjour
    2012-10-03 17:25 - 2012-10-21 16:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-10-03 17:25 - 2012-10-21 16:31 - 00000000 ____D C:\Users\All Users\Apple
    2012-10-03 17:25 - 2012-10-21 16:30 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-10-03 16:54 - 2012-10-03 16:54 - 00001241 ____A C:\Users\Jim\Desktop\Videos - Shortcut.lnk
    2012-10-03 14:05 - 2012-10-03 14:05 - 00000000 ____D C:\Users\Jim\AppData\Local\{94DF0E26-CF66-4970-855D-8992E9758F98}
    2012-10-03 02:05 - 2012-10-03 02:05 - 00000000 ____D C:\Users\Jim\AppData\Local\{1ECC667C-CC7F-4EBF-8EDD-0D0CBCFC6905}
    2012-10-02 19:32 - 2012-10-02 19:32 - 00144384 ____A C:\Users\Jim\Documents\Jim Lean P90X-Schedule.xls
    2012-10-02 19:29 - 2012-10-03 17:53 - 02210816 ____A C:\Users\Jim\Documents\Jim Lean p90xcel.xls
    2012-10-02 19:24 - 2012-10-02 19:24 - 02230272 ____A C:\Users\Jim\Documents\p90xcel.xls
    2012-10-02 19:22 - 2012-10-02 19:22 - 00138752 ____A C:\Users\Jim\Documents\P90X-Schedule.xls
    2012-10-02 18:46 - 2012-10-02 19:33 - 03005440 ____A C:\Users\Jim\Documents\Jim Lean P90X+ Worksheet.xls
    2012-10-02 13:20 - 2012-10-02 13:21 - 00000000 ____D C:\Users\Jim\AppData\Local\{6E695C1D-EA87-43ED-8252-D19E30DABBB6}
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-10-01 13:20 - 2012-10-01 13:20 - 00000000 ____D C:\Users\Jim\AppData\Local\{15C3B862-493B-4EF6-9DE2-FD0B778FA626}
    2012-09-30 18:59 - 2012-09-30 18:59 - 00000000 ____D C:\Users\Jim\AppData\Local\{E461E881-3E77-4280-A204-F0089437A857}
    2012-09-30 04:31 - 2012-09-30 04:32 - 00000000 ____D C:\Users\Jim\AppData\Local\{5117E04E-E15B-422A-8C62-13E94EFCDBD7}
    2012-09-29 16:31 - 2012-09-29 16:31 - 00000000 ____D C:\Users\Jim\AppData\Local\{A2F9BBFD-553F-4C1E-9B53-FA008723BF00}
    2012-09-29 04:31 - 2012-09-29 04:31 - 00000000 ____D C:\Users\Jim\AppData\Local\{91383E65-2251-4C39-8822-96BF4690B9B6}
    2012-09-28 16:12 - 2012-09-28 16:12 - 00000000 ____D C:\Users\Jim\AppData\Local\{9BD8BBCB-9BEA-41A4-9221-447C805EFDFC}
    2012-09-27 17:28 - 2012-09-27 17:28 - 00000000 ____D C:\Users\Jim\AppData\Local\{788C0246-FCD2-4D9A-9CE3-DC4420E50541}
    2012-09-26 17:44 - 2012-10-21 16:30 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-09-26 17:44 - 2012-09-26 17:44 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-09-26 16:27 - 2012-09-26 16:27 - 00000000 ____D C:\Users\Jim\AppData\Local\{F8FF1EFC-8009-4A31-835D-2994FF9693B1}
    2012-09-25 18:54 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-25 02:26 - 2012-09-25 02:27 - 00000000 ____D C:\Users\Jim\AppData\Local\{3962C4FA-D2F0-4910-AD14-949FD9F2059C}
    2012-09-24 11:32 - 2012-10-21 16:31 - 00000000 ____D C:\Users\Jim\AppData\Local\Cyberlink
    2012-09-24 11:32 - 2012-10-21 16:31 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-09-24 11:32 - 2012-09-24 11:32 - 00000000 ____D C:\Users\Jim\Documents\CyberLink
    2012-09-24 11:32 - 2012-09-24 11:32 - 00000000 ____D C:\Users\Jim\AppData\Roaming\CyberLink
    2012-09-23 16:54 - 2012-09-23 16:54 - 02997760 ____A C:\Users\Jim\Documents\Blank P90X+ Worksheet.xls
    2012-09-22 04:43 - 2012-09-22 04:43 - 00000165 ___AH C:\Users\Jim\Documents\~$accounts.xlsx
    2012-09-22 03:54 - 2012-09-22 03:55 - 00000000 ____D C:\Users\Jim\AppData\Local\{E0076B26-F444-40A8-B8B5-6F280D8A36EF}
     
  4. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Here is part 2:
    ==================== 3 Months Modified Files ==================

    2012-10-22 17:15 - 2012-10-21 05:01 - 83023306 ___AT C:\Users\All Users\a3e6069.pad
    2012-10-22 17:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-22 17:11 - 2009-07-13 20:51 - 00041611 ____A C:\Windows\setupact.log
    2012-10-21 13:27 - 2012-09-01 09:39 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001UA.job
    2012-10-21 13:10 - 2012-10-21 13:10 - 00001258 ____A C:\Users\Jim\Desktop\Spybot - Search & Destroy.lnk
    2012-10-21 13:10 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-21 13:10 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-21 13:09 - 2012-10-21 13:09 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jim\Downloads\spybotsd162.exe
    2012-10-21 13:08 - 2012-05-08 14:39 - 01453456 ____A C:\Windows\WindowsUpdate.log
    2012-10-21 13:00 - 2012-05-01 22:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-21 12:59 - 2012-10-21 12:59 - 01459119 ____A (Farbar) C:\Users\Jim\Downloads\FRST64.exe
    2012-10-21 08:29 - 2012-10-21 08:28 - 92121088 ____A C:\Users\Jim\Downloads\avg_arl_cdi_all_120_120823a5226 (1).iso
    2012-10-21 08:28 - 2012-10-21 08:27 - 92121088 ____A C:\Users\Jim\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-21 05:36 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-21 05:34 - 2012-10-21 05:33 - 103899007 ____A C:\Users\Jim\Downloads\avg_arl_ffi_all_120_120823a5226.zip
    2012-10-21 05:06 - 2012-10-21 05:05 - 00000238 ____A C:\Windows\System32\avgrep.txt
    2012-10-21 05:01 - 2012-10-21 05:01 - 00129024 ____A C:\Users\Jim\Documents\9606e3a.dll
    2012-10-21 05:01 - 2012-10-21 05:01 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
    2012-10-21 04:35 - 2012-09-01 09:39 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001Core.job
    2012-10-15 15:10 - 2012-09-20 18:10 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-14 04:46 - 2012-10-14 04:46 - 00097652 ____A C:\Users\All Users\eolbudrbawuxzlv
    2012-10-11 02:09 - 2012-09-01 09:42 - 00002473 ____A C:\Users\Jim\Desktop\Google Chrome.lnk
    2012-10-09 23:20 - 2010-11-20 19:47 - 00027462 ____A C:\Windows\PFRO.log
    2012-10-08 17:50 - 2012-05-01 22:17 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-08 17:50 - 2012-05-01 22:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-08 16:22 - 2012-08-31 20:48 - 00009202 ____A C:\Users\Jim\Documents\accounts.xlsx
    2012-10-08 09:11 - 2012-10-08 09:11 - 00537088 ____A C:\Users\Jim\Documents\template-expenses.xls
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001953 ____A C:\Users\Public\Desktop\MP4-Converter.lnk
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001930 ____A C:\Users\Public\Desktop\MP4-Converter CDRipper.lnk
    2012-10-03 18:19 - 2012-10-03 18:19 - 00001030 ____A C:\Users\Public\Desktop\Buy MP4-Converter Now.lnk
    2012-10-03 17:58 - 2012-06-18 06:02 - 05591552 ____A (Jeffrey Harris) C:\Program Files\SharePod.exe
    2012-10-03 17:58 - 2012-03-28 14:26 - 00013535 ____A C:\Program Files\Readme.txt
    2012-10-03 17:55 - 2012-10-03 17:55 - 00002073 ____A C:\Users\Jim\Desktop\JDownloader.lnk
    2012-10-03 17:54 - 2012-10-03 17:54 - 00141086 ____A C:\Users\Jim\AppData\Local\funmoods-speeddial_sf.crx
    2012-10-03 17:54 - 2012-10-03 17:54 - 00031465 ____A C:\Users\Jim\AppData\Local\funmoods.crx
    2012-10-03 17:53 - 2012-10-02 19:29 - 02210816 ____A C:\Users\Jim\Documents\Jim Lean p90xcel.xls
    2012-10-03 17:31 - 2012-10-03 17:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-10-03 17:29 - 2012-10-03 17:29 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-10-03 16:54 - 2012-10-03 16:54 - 00001241 ____A C:\Users\Jim\Desktop\Videos - Shortcut.lnk
    2012-10-02 19:33 - 2012-10-02 18:46 - 03005440 ____A C:\Users\Jim\Documents\Jim Lean P90X+ Worksheet.xls
    2012-10-02 19:32 - 2012-10-02 19:32 - 00144384 ____A C:\Users\Jim\Documents\Jim Lean P90X-Schedule.xls
    2012-10-02 19:24 - 2012-10-02 19:24 - 02230272 ____A C:\Users\Jim\Documents\p90xcel.xls
    2012-10-02 19:22 - 2012-10-02 19:22 - 00138752 ____A C:\Users\Jim\Documents\P90X-Schedule.xls
    2012-10-02 18:26 - 2012-09-08 07:34 - 00011515 ____A C:\Users\Jim\Documents\tsp model.xlsx
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-26 17:44 - 2012-09-26 17:44 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-09-23 16:54 - 2012-09-23 16:54 - 02997760 ____A C:\Users\Jim\Documents\Blank P90X+ Worksheet.xls
    2012-09-22 04:43 - 2012-09-22 04:43 - 00000165 ___AH C:\Users\Jim\Documents\~$accounts.xlsx
    2012-09-20 23:46 - 2012-09-20 23:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-20 23:45 - 2012-09-20 23:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-20 18:10 - 2012-09-20 18:10 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-20 14:42 - 2012-09-13 14:33 - 00002094 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-09-14 11:19 - 2012-10-09 14:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 14:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-13 23:05 - 2012-09-13 23:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-12 23:11 - 2012-09-12 23:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-09-07 05:16 - 2012-09-01 09:02 - 00023743 ____A C:\Users\Jim\Documents\DC_JOB_BUDGET(1).xlsx
    2012-09-04 17:17 - 2012-09-04 17:17 - 00310499 ____A C:\Users\Jim\Documents\TSP Mil Bal 083112.xps
    2012-09-04 16:53 - 2012-09-04 16:53 - 00315341 ____A C:\Users\Jim\Documents\TSP Civ Bal 083112.xps
    2012-09-02 23:00 - 2012-09-01 23:38 - 00261734 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-09-02 13:20 - 2012-09-02 12:22 - 00000071 ____A C:\Windows\ENX330.ini
    2012-09-02 12:29 - 2012-09-02 12:29 - 00002070 ____A C:\Users\Public\Desktop\Epson Stylus NX330 User's Guide.lnk
    2012-09-02 12:23 - 2012-09-02 12:23 - 00000930 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
    2012-09-02 00:02 - 2009-07-13 20:45 - 00373368 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-01 23:35 - 2011-02-10 15:03 - 00772682 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-31 15:28 - 2012-08-31 15:28 - 00000812 ____A C:\Users\Public\Desktop\BitComet.lnk
    2012-08-31 15:08 - 2012-08-31 14:47 - 00095680 ____A C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-31 14:50 - 2012-08-31 14:50 - 00000000 __RAH C:\Windows\SysWOW64\Drivers\104D_Sony_SVE14116FXB.mrk
    2012-08-31 14:50 - 2012-08-31 14:50 - 00000000 __RAH C:\Windows\System32\Drivers\104D_Sony_SVE14116FXB.mrk
    2012-08-31 14:47 - 2012-08-31 14:47 - 00000020 ___SH C:\Users\Jim\ntuser.ini
    2012-08-31 10:19 - 2012-10-09 14:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-09 14:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 14:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 14:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 10:05 - 2012-10-09 14:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 14:29 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-21 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-21 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-21 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-21 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-21 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-21 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-21 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-21 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-21 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-21 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-21 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-21 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-21 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-21 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-21 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-21 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-21 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-21 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-21 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-21 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-21 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-21 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-21 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-21 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-21 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-21 23:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-21 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-21 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-21 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-21 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-21 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-21 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-11 14:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-11 14:11 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-11 14:11 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-11 14:11 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-25 18:54 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 09:01 - 2012-10-03 17:28 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 09:01 - 2012-08-21 09:01 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 09:01 - 2012-08-21 09:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 14:29 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 14:29 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 14:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 14:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 14:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 14:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 14:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 14:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 14:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 14:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 14:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 16:56 - 2012-10-09 14:29 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 14:29 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-02 09:58 - 2012-09-11 14:11 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-11 14:11 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

    ZeroAccess:
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\L
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\L\00000004.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\00000004.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\00000008.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\000000cb.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\80000000.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\80000032.@
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-20 18:08:37
    Restore point made on: 2012-09-20 18:09:00
    Restore point made on: 2012-09-21 23:00:28
    Restore point made on: 2012-09-25 23:00:39
    Restore point made on: 2012-10-03 17:26:35
    Restore point made on: 2012-10-03 18:20:14
    Restore point made on: 2012-10-09 23:00:35
    Restore point made on: 2012-10-21 05:51:31

    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 6044.36 MB
    Available physical RAM: 5324.83 MB
    Total Pagefile: 6042.56 MB
    Available Pagefile: 5315.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:679.8 GB) (Free:613.78 GB) NTFS
    2 Drive e: (Recovery) (Fixed) (Total:18.5 GB) (Free:1.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 977 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 18 GB 1024 KB
    Partition 2 Primary 350 MB 18 GB
    Partition 3 Primary 679 GB 18 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 18 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 350 MB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 679 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 976 MB 122 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 976 MB Healthy

    =========================================================

    Last Boot: 2012-10-07 18:05

    ==================== End Of Log =============================
     
  5. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Here is the search.txt log:
    Farbar Recovery Scan Tool (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-22 21:21:54
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-22 22:17:04 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_USERS\Jim\Software\Microsoft\Windows\CurrentVersion\Run\\ghbmhpbomyelvcg Value deleted successfully.
    C:\ProgramData\ghbmhpbo.exe not found.
    C:\Windows\Installer\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    I am having a problem when I start windows in normal mode. There is another virus that pops up a fake FBI warning, locks the computer, and tells me to pay $200 to "unlock" the computer. Can I install the software in safe mode with networking or will that not work?

    I can run AVG in safe mode with networking and it takes care of it for a bit, but not for long.
     
  8. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Here is the Rogue Killer report. I ran it in safe mode with networking and it seems to have worked.
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : Jim [Admin rights]
    Mode : Remove -- Date : 10/22/2012 22:27:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [STARTUP][HJNAME] ctfmon.lnk @jim : C:\ProgramData\lsass.exe -> DELETED
    [STARTUP][SUSP PATH] Epson all-in-one Registration.lnk @jim : C:\Users\Jim\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1www.007guard.com
    127.0.0.1007guard.com
    127.0.0.1008i.com
    127.0.0.1www.008k.com
    127.0.0.1008k.com
    127.0.0.1www.00hq.com
    127.0.0.100hq.com
    127.0.0.1010402.com
    127.0.0.1www.032439.com
    127.0.0.1032439.com
    127.0.0.1www.0scan.com
    127.0.0.10scan.com
    127.0.0.1www.1000gratisproben.com
    127.0.0.11000gratisproben.com
    127.0.0.11001namen.com
    127.0.0.1www.1001namen.com
    127.0.0.1100888290cs.com
    127.0.0.1www.100888290cs.com
    127.0.0.1www.100sexlinks.com
    127.0.0.1100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
    --- User ---
    [MBR] c5766751114b5d52609c88b103d92749
    [BSP] 13e0b2b2678afe476afeb7fd46e94ca9 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18940 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 38791168 | Size: 350 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 39507968 | Size: 696112 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer Mini USB Device +++++
    --- User ---
    [MBR] 2882a846eb262163e7e13d49a9cdc265
    [BSP] 526ce103d928d5b66a97a3fa3689d194 : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 976 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  9. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Leave AVG alone.

    I still need aswMBR log.
    It can be run from safe mode as well.
     
  10. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Running that now in safe mode. Will leave AVG alone.
     
  11. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    aswMBR log:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-22 22:29:48
    -----------------------------
    22:29:48.168 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:29:48.168 Number of processors: 4 586 0x2A07
    22:29:48.168 ComputerName: JIM-VAIO UserName: Jim
    22:29:49.790 Initialize success
    22:31:13.065 AVAST engine defs: 12102201
    22:31:22.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:31:22.844 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
    22:31:22.844 Disk 0 MBR read successfully
    22:31:22.860 Disk 0 MBR scan
    22:31:22.875 Disk 0 Windows 7 default MBR code
    22:31:22.891 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18940 MB offset 2048
    22:31:22.907 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 38791168
    22:31:22.922 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 696112 MB offset 39507968
    22:31:22.969 Disk 0 scanning C:\Windows\system32\drivers
    22:31:32.931 Service scanning
    22:31:58.280 Modules scanning
    22:31:58.280 Disk 0 trace - called modules:
    22:31:58.311 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:31:58.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a79060]
    22:31:58.327 3 CLASSPNP.SYS[fffff880013c743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077fa050]
    22:32:00.105 AVAST engine scan C:\Windows
    22:32:03.022 AVAST engine scan C:\Windows\system32
    22:34:40.412 AVAST engine scan C:\Windows\system32\drivers
    22:34:51.523 AVAST engine scan C:\Users\Jim
    22:38:01.583 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
    22:38:01.583 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Here's the Combofix log:
    ComboFix 12-10-22.03 - Jim 10/22/2012 23:04:57.1.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6044.5354 [GMT -4:00]
    Running from: c:\users\Jim\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\a3e6069.pad
    c:\programdata\lsass.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-23 03:10 . 2012-10-23 03:10--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-23 01:30 . 2012-10-23 01:30--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-10-22 01:54 . 2012-10-22 01:54--------d-----w-C:\FRST
    2012-10-21 20:44 . 2012-10-21 20:44--------d-----w-C:\found.000
    2012-10-21 16:28 . 2012-10-22 00:22--------d-----w-C:\Update
    2012-10-21 13:51 . 2012-10-21 13:51--------d-----w-c:\users\Jim\AppData\Local\Programs
    2012-10-21 13:16 . 2012-10-22 00:34--------d-----w-C:\ArcSoft
    2012-10-12 20:24 . 2012-10-12 20:24--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-11 23:07 . 2012-10-11 23:07--------d-----w-c:\users\Jim\AppData\Local\ArcSoft
    2012-10-11 23:06 . 2012-10-22 00:36--------d-----w-c:\users\Jim\AppData\Roaming\ArcSoft
    2012-10-09 22:30 . 2012-08-31 18:191659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-10-09 22:30 . 2012-08-30 18:035559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-09 22:30 . 2012-08-30 17:123968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-09 22:30 . 2012-08-30 17:123914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-10-09 22:28 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
    2012-10-09 22:28 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
    2012-10-09 22:28 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-09 22:28 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-09 22:28 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-10-09 22:28 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-09 22:28 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-09 22:28 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-10-04 02:21 . 2012-10-04 02:21--------d-----w-C:\Converted
    2012-10-04 02:19 . 2012-06-01 19:20260608----a-w-c:\windows\SysWow64\snmvtsvc.exe
    2012-10-04 02:19 . 2012-05-31 19:38252928----a-w-c:\windows\SysWow64\GSService.exe
    2012-10-04 02:19 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\MP4-Converter
    2012-10-04 02:19 . 2012-06-05 14:5934088----a-w-c:\windows\system32\MP4ConverterAudio.sys
    2012-10-04 02:19 . 2012-06-05 14:5934088----a-w-c:\windows\system32\drivers\MP4ConverterAudio.sys
    2012-10-04 01:54 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\DownloadManager
    2012-10-04 01:54 . 2012-10-04 01:54--------d-----w-c:\users\Jim\AppData\Local\Giant Savings
    2012-10-04 01:54 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\Giant Savings
    2012-10-04 01:54 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\Funmoods
    2012-10-04 01:29 . 2012-10-04 01:44--------d-----w-c:\users\Jim\AppData\Roaming\Apple Computer
    2012-10-04 01:29 . 2012-10-04 01:29--------d-----w-c:\users\Jim\AppData\Local\Apple Computer
    2012-10-04 01:28 . 2012-08-21 17:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-04 01:28 . 2012-10-22 00:36--------d-----w-c:\windows\system32\DRVSTORE
    2012-10-04 01:27 . 2012-10-22 00:35--------d-----w-c:\program files\iPod
    2012-10-04 01:27 . 2012-10-22 00:35--------d-----w-c:\programdata\Apple Computer
    2012-10-04 01:27 . 2012-10-22 00:35--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-04 01:27 . 2012-10-22 00:35--------d-----w-c:\program files\iTunes
    2012-10-04 01:27 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\iTunes
    2012-10-04 01:26 . 2012-10-04 01:26--------d-----w-c:\users\Jim\AppData\Local\Apple
    2012-10-04 01:26 . 2012-10-22 00:30--------d-----w-c:\program files (x86)\Apple Software Update
    2012-10-04 01:25 . 2012-10-22 00:30--------d-----w-c:\program files\Common Files\Apple
    2012-10-04 01:25 . 2012-10-22 00:35--------d-----w-c:\program files\Bonjour
    2012-10-04 01:25 . 2012-10-22 00:35--------d-----w-c:\program files (x86)\Bonjour
    2012-10-04 01:25 . 2012-10-22 00:31--------d-----w-c:\programdata\Apple
    2012-10-04 01:25 . 2012-10-22 00:30--------d-----w-c:\program files (x86)\Common Files\Apple
    2012-09-27 01:44 . 2012-10-22 00:30--------d-----w-c:\program files (x86)\Common Files\Adobe
    2012-09-26 02:54 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-24 19:32 . 2012-10-22 00:31--------d-----w-c:\users\Jim\AppData\Local\Cyberlink
    2012-09-24 19:32 . 2012-10-22 00:31--------d-----w-c:\programdata\CyberLink
    2012-09-24 19:32 . 2012-09-24 19:32--------d-----w-c:\users\Jim\AppData\Roaming\CyberLink
    2012-09-23 13:46 . 2012-10-22 00:34--------d-----w-C:\Downloads
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 01:50 . 2012-05-02 06:1773656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 01:50 . 2012-05-02 06:17696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-04 01:58 . 2012-06-18 14:025591552----a-w-c:\program files\SharePod.exe
    2012-08-31 22:47 . 2011-03-29 01:3619720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-08-28 05:49 . 2012-09-18 22:519310152----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B1E8022-91C0-41F3-87B1-01E9D50506FB}\mpengine.dll
    2012-08-24 11:15 . 2012-09-22 07:0017810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 07:0010925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 07:002312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 07:001346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 07:001392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 07:001494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 07:00237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 07:0085504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 07:00173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 07:00816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 07:00599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 07:002144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 07:00729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 07:0096768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 07:002382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 07:00248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 07:001800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 07:001129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 07:001427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 07:00142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 07:00420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 07:002382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-11 22:111913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-11 22:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-11 22:11376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-11 22:11288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01 . 2012-08-21 17:01125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2012-08-21 17:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-09 22:2944032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-11 22:11574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-11 22:11490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}]
    2012-08-08 18:15572808----a-w-c:\program files (x86)\Giant Savings\Giant Savings.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
    2012-10-04 01:54243664----a-w-c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"= "c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll" [2012-10-04 251856]
    .
    [HKEY_CLASSES_ROOT\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}]
    [HKEY_CLASSES_ROOT\funmoods.dskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\funmoods.dskBnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    "AppRemover2"="wscript.exe" [2009-07-14 141824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
    R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
    R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
    R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-02-23 51872]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-02-23 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-02-24 280992]
    R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-14 274200]
    R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
    R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-05-31 252928]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
    R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-02-24 36128]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2012-06-05 34088]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
    R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-13 21264]
    R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2012-06-01 260608]
    R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
    R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]
    R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-02-22 16152]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-02-23 30368]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-02-22 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-02-22 787736]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2012-03-13 60184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2012-01-16 14336]
    S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
    S4 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
    S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
    S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgloga
    *Deregistered* - avgtp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 01:50]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001Core.job
    - c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 17:39]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001UA.job
    - c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 17:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=test331&chnl=test331&cd=2XzuyEtN2Y1L1QzutAtD0Fzy0E0D0A0E0BtC0A0AtA0EyB0BtN0D0Tzu0CtByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: yahoo.com\football.fantasysports
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-RunOnce-AppRemover - wscript.exe c:\users\Jim\AppData\Local\Temp\AppRemover_RunBatchSilently.vbs
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-22 23:12:06
    ComboFix-quarantined-files.txt 2012-10-23 03:12
    .
    Pre-Run: 658,894,061,568 bytes free
    Post-Run: 658,692,042,752 bytes free
    .
    - - End Of File - - 3290F95A555636870939170034F6F614
     
  14. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Looks good :)

    What happens when you start in normal mode now?
     
  15. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    I will try and let you know.
     
  16. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    I am running in normal mode now. Got a couple of script errors on start up:
    Can not find script file "C:\Users\Jim\AppData\Local\Temp\AppRemover_RunBatchSilently.vbs". and
    Can not find script file "C:\Users\Jim\AppData\Local\Temp\openURL.vbs".

    Think this may have happened because I had to uninstall AVG 2013 completely, not just disable it. I just clicked OK for each, and the system booted up fine.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Very well.

    You can reinstall AVG now.

    Then...

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    MBAB Log:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.23.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jim :: JIM-VAIO [administrator]

    10/23/2012 12:03:37 AM
    mbam-log-2012-10-23 (00-03-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202188
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 23
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Funmoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

    Files Detected: 12
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
    C:\Users\Jim\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Jim\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

    (end)
     
  19. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    OTL.txt part 1:
    OTL logfile created on: 10/23/2012 12:15:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.90 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 74.11% Memory free
    11.80 Gb Paging File | 10.16 Gb Available in Paging File | 86.06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 679.80 Gb Total Space | 614.70 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
    Drive D: | 976.13 Mb Total Space | 974.53 Mb Free Space | 99.84% Space Free | Partition Type: FAT
    Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JIM-VAIO | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/22 12:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
    PRC - [2012/03/20 16:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    PRC - [2012/03/13 12:01:29 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/03/13 12:00:11 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/03/07 21:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    PRC - [2012/03/07 21:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    PRC - [2012/02/23 20:09:58 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2012/02/22 13:10:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2012/02/21 15:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    PRC - [2012/02/21 15:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    PRC - [2011/11/29 23:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/09/20 19:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    PRC - [2011/07/13 14:05:24 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/02 04:08:33 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
    MOD - [2012/09/02 04:06:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/09/02 04:06:10 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/09/02 04:06:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/09/02 04:05:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/09/02 04:05:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/09/02 04:05:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/09/02 04:05:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/09/02 04:05:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/09/02 04:05:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/09/02 04:05:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/09/02 03:58:16 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
    MOD - [2012/09/02 03:56:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
    MOD - [2012/09/02 03:56:28 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/09/02 03:37:36 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/09/02 03:37:27 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/09/02 03:37:26 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/09/02 03:37:19 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/09/02 03:37:18 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/09/02 03:34:18 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/09/02 03:34:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/09/02 03:34:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
    MOD - [2012/09/02 03:34:11 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/09/02 03:34:10 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/09/02 03:31:40 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/03/20 16:43:38 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
    MOD - [2012/03/20 16:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    MOD - [2012/03/20 16:43:36 | 000,160,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 12:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2012/03/21 20:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
    SRV:64bit: - [2012/02/03 01:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2012/01/20 18:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2012/01/13 13:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2012/01/10 16:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2011/12/21 16:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2011/12/21 16:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2011/12/01 13:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
    SRV:64bit: - [2011/11/30 21:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Start_Pending] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2011/08/26 21:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV:64bit: - [2010/12/28 04:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/08 21:50:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/01 15:20:18 | 000,260,608 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
    SRV - [2012/05/31 15:38:32 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
    SRV - [2012/03/14 03:57:36 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/03/13 12:02:03 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/03/13 12:01:48 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/03/13 12:01:29 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/03/13 12:00:11 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/03/07 21:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
    SRV - [2012/02/23 20:09:58 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
    SRV - [2012/02/23 19:51:40 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2012/02/21 15:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2012/02/08 12:36:01 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/01/06 19:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2012/01/06 19:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2011/12/29 19:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2011/12/05 16:56:04 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
    SRV - [2011/11/29 23:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/09/23 20:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
    SRV - [2011/09/15 13:58:42 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/07/13 14:05:24 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
    SRV - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/06/05 10:59:14 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
    DRV:64bit: - [2012/04/07 06:51:34 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2012/03/14 04:22:23 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/03/14 04:11:47 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/13 13:03:03 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/03/13 13:01:03 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
    DRV:64bit: - [2012/03/13 12:00:42 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 20:01:34 | 000,036,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leath_hid.sys -- (lehidmini)
    DRV:64bit: - [2012/02/23 20:01:04 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2012/02/23 20:00:34 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
    DRV:64bit: - [2012/02/23 20:00:16 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2012/02/23 20:00:04 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2012/02/23 19:59:34 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2012/02/23 19:59:16 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2012/02/23 19:59:04 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2012/02/23 19:58:46 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2012/02/23 19:58:28 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2012/02/23 19:57:58 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:64bit: - [2012/02/22 13:10:17 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/02/22 13:10:12 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/02/22 13:10:10 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2012/02/22 02:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/02/13 05:21:29 | 000,675,432 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/02/08 12:36:36 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2012/01/16 05:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=te...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=te...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    IE - HKLM\..\SearchScopes\{7166ACC9-BCD2-2B79-5C79-42C82577D9F4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\..\SearchScopes\{7166ACC9-BCD2-2B79-5C79-42C82577D9F4}: "URL" = https://isearch.avg.com/search?cid=...672ae8826a8&lang=en&ds=AVG&pr=fr&d=2012-09-20 22:10:40&v=12.2.5.34&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-770038861-190149619-3254999276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Jim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Funmoods = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
    CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: New Tab = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.0_0\
    CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Giant Savings = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\crossrider
    CHR - Extension: Giant Savings = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\
    CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
  20. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    OTL.txt part 2:
    O1 HOSTS File: ([2012/10/22 23:10:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-770038861-190149619-3254999276-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-770038861-190149619-3254999276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\MP4-Converter\YouTubeRipper.dll ()
    O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\MP4-Converter\YouTubeRipper.dll ()
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-770038861-190149619-3254999276-1001\..Trusted Domains: yahoo.com ([football.fantasysports] http in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3047B09C-D541-47A2-9857-9AECBB1B184A}: DhcpNameServer = 62.24.0.10 62.24.0.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41B6F70D-E0F3-4CAF-9C2C-477DDD151E6B}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/23 00:14:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2012/10/23 00:13:34 | 000,000,000 | R--D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    [2012/10/22 23:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes
    [2012/10/22 23:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/22 23:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/22 23:59:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/22 23:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/22 23:55:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\AVG2013
    [2012/10/22 23:54:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/10/22 23:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/22 23:53:19 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/10/22 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Avg2013
    [2012/10/22 23:32:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/22 23:12:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/22 23:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/22 23:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/22 23:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/22 22:59:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/22 22:59:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/22 22:42:51 | 004,987,434 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
    [2012/10/22 22:26:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\RK_Quarantine
    [2012/10/22 22:02:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
    [2012/10/22 21:30:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/10/21 21:54:04 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/21 16:44:08 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/10/21 12:28:45 | 000,000,000 | ---D | C] -- C:\Update
    [2012/10/21 09:51:07 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Programs
    [2012/10/21 09:50:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\WebCam Media
    [2012/10/21 09:16:53 | 000,000,000 | ---D | C] -- C:\ArcSoft
    [2012/10/18 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EE5A87E0-318C-485B-B50F-3B7CE4C15B70}
    [2012/10/17 21:55:07 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6DA602AC-B60A-4ECA-872A-D6CDC78E70AA}
    [2012/10/17 06:23:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{88559C51-1587-4B0E-A97B-7E95FC32A01C}
    [2012/10/16 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F6F3F0CA-E4C4-4865-B0C9-90E0C4C7CFED}
    [2012/10/15 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FA4BEF3E-3FA2-45C4-A066-B45D890A255A}
    [2012/10/12 16:06:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{72DE389D-4BB1-4302-9505-5C63E7CFC5D5}
    [2012/10/11 19:07:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\ArcSoft
    [2012/10/11 19:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\ArcSoft
    [2012/10/11 18:41:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B59ADBA3-7FF2-4B5C-BB8B-97F3A54F065E}
    [2012/10/11 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A6DF6C27-F40F-48C2-8ADE-E8A6FCCE433E}
    [2012/10/10 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{ECCC1833-EBB3-4449-9C52-FD9E7187805F}
    [2012/10/10 06:26:25 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{79BCC48C-12B4-4209-AC87-13EAEEA287CF}
    [2012/10/09 18:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{ED75F15E-BB0D-4FC7-A441-E78E79C2D54D}
    [2012/10/08 19:58:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C46D6CC5-5812-4921-B311-24CA551CC355}
    [2012/10/08 07:58:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1D73A6D5-4347-4A08-BF30-0C3B3DBDD927}
    [2012/10/07 19:52:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{50600E1B-A148-49B7-B220-7F5D44187E0C}
    [2012/10/05 07:42:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8CFDB3AE-2F1D-401E-A9B3-30831FFD78FE}
    [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/04 18:17:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D38F0391-C255-46DB-B18D-07ACAA60AECE}
    [2012/10/04 06:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{15E46865-E31E-47C3-8622-53FB15C4DB7F}
    [2012/10/03 22:21:51 | 000,000,000 | ---D | C] -- C:\Converted
    [2012/10/03 22:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4-Converter
    [2012/10/03 22:19:40 | 000,260,608 | ---- | C] (SMServer) -- C:\Windows\SysWow64\snmvtsvc.exe
    [2012/10/03 22:19:39 | 000,034,088 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\MP4ConverterAudio.sys
    [2012/10/03 22:19:39 | 000,034,088 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\MP4ConverterAudio.sys
    [2012/10/03 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP4-Converter
    [2012/10/03 21:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadManager
    [2012/10/03 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Giant Savings
    [2012/10/03 21:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
    [2012/10/03 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
    [2012/10/03 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Apple Computer
    [2012/10/03 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Apple Computer
    [2012/10/03 21:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/10/03 21:28:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2012/10/03 21:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/10/03 21:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/10/03 21:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/10/03 21:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2012/10/03 21:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/10/03 21:26:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Apple
    [2012/10/03 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/10/03 21:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/10/03 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/10/03 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2012/10/03 21:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2012/10/03 21:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2012/10/03 18:05:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{94DF0E26-CF66-4970-855D-8992E9758F98}
    [2012/10/03 06:05:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1ECC667C-CC7F-4EBF-8EDD-0D0CBCFC6905}
    [2012/10/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6E695C1D-EA87-43ED-8252-D19E30DABBB6}
    [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/10/01 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{15C3B862-493B-4EF6-9DE2-FD0B778FA626}
    [2012/09/30 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E461E881-3E77-4280-A204-F0089437A857}
    [2012/09/30 08:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5117E04E-E15B-422A-8C62-13E94EFCDBD7}
    [2012/09/29 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A2F9BBFD-553F-4C1E-9B53-FA008723BF00}
    [2012/09/29 08:31:24 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{91383E65-2251-4C39-8822-96BF4690B9B6}
    [2012/09/28 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9BD8BBCB-9BEA-41A4-9221-447C805EFDFC}
    [2012/09/27 21:28:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{788C0246-FCD2-4D9A-9CE3-DC4420E50541}
    [2012/09/26 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/09/26 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/09/26 20:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F8FF1EFC-8009-4A31-835D-2994FF9693B1}
    [2012/09/25 06:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3962C4FA-D2F0-4910-AD14-949FD9F2059C}
    [2012/09/24 15:32:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Cyberlink
    [2012/09/24 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\CyberLink
    [2012/09/24 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\CyberLink
    [2012/09/24 15:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2012/09/23 09:46:52 | 000,000,000 | ---D | C] -- C:\Downloads
    [2012/06/18 10:02:22 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Program Files\SharePod.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/10/23 00:12:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/23 00:12:36 | 458,510,335 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/23 00:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/22 23:59:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/22 23:54:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 23:38:13 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 23:38:13 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 23:10:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/22 22:59:23 | 004,987,434 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
    [2012/10/22 22:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Jim\Desktop\MBR.dat
    [2012/10/22 12:48:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2012/10/22 12:26:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
    [2012/10/22 12:25:29 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/10/22 12:21:10 | 001,425,920 | ---- | M] () -- C:\Users\Jim\Desktop\RogueKiller.exe
    [2012/10/21 17:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001UA.job
    [2012/10/21 09:36:23 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/21 09:36:23 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/21 09:36:23 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/21 09:01:23 | 000,129,024 | ---- | M] () -- C:\Users\Jim\Documents\9606e3a.dll
    [2012/10/21 08:35:24 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-770038861-190149619-3254999276-1001Core.job
    [2012/10/14 08:46:14 | 000,097,652 | ---- | M] () -- C:\ProgramData\eolbudrbawuxzlv
    [2012/10/11 06:09:04 | 000,002,473 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
    [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/03 22:19:50 | 000,001,977 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\MP4-Converter.lnk
    [2012/10/03 22:19:50 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\MP4-Converter.lnk
    [2012/10/03 22:19:50 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\MP4-Converter CDRipper.lnk
    [2012/10/03 22:19:50 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Buy MP4-Converter Now.lnk
    [2012/10/03 21:58:19 | 005,591,552 | ---- | M] (Jeffrey Harris) -- C:\Program Files\SharePod.exe
    [2012/10/03 21:55:20 | 000,002,073 | ---- | M] () -- C:\Users\Jim\Desktop\JDownloader.lnk
    [2012/10/03 21:55:20 | 000,002,037 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
    [2012/10/03 21:54:05 | 000,141,086 | ---- | M] () -- C:\Users\Jim\AppData\Local\funmoods-speeddial_sf.crx
    [2012/10/03 21:31:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/10/03 21:29:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/03 20:54:54 | 000,001,241 | ---- | M] () -- C:\Users\Jim\Desktop\Videos - Shortcut.lnk
    [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/26 21:44:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/22 23:59:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/22 23:54:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 23:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/22 23:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/22 23:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/22 23:03:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/22 23:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/22 22:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Jim\Desktop\MBR.dat
    [2012/10/22 22:01:49 | 001,425,920 | ---- | C] () -- C:\Users\Jim\Desktop\RogueKiller.exe
    [2012/10/21 09:43:43 | 000,008,031 | ---- | C] () -- C:\Users\Jim\Documents\080704_065046.jpg
    [2012/10/21 09:01:23 | 000,129,024 | ---- | C] () -- C:\Users\Jim\Documents\9606e3a.dll
    [2012/10/14 08:46:05 | 000,097,652 | ---- | C] () -- C:\ProgramData\eolbudrbawuxzlv
    [2012/10/03 22:19:50 | 000,001,977 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\MP4-Converter.lnk
    [2012/10/03 22:19:50 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\MP4-Converter.lnk
    [2012/10/03 22:19:50 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\MP4-Converter CDRipper.lnk
    [2012/10/03 22:19:50 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Buy MP4-Converter Now.lnk
    [2012/10/03 22:19:40 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
    [2012/10/03 22:19:39 | 000,022,019 | ---- | C] () -- C:\Windows\SysNative\MP4ConverterAudio.inf
    [2012/10/03 22:19:39 | 000,008,023 | ---- | C] () -- C:\Windows\SysNative\MP4ConverterAudio.cat
    [2012/10/03 21:55:20 | 000,002,073 | ---- | C] () -- C:\Users\Jim\Desktop\JDownloader.lnk
    [2012/10/03 21:55:20 | 000,002,037 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
    [2012/10/03 21:55:00 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
    [2012/10/03 21:55:00 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
    [2012/10/03 21:55:00 | 000,001,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
    [2012/10/03 21:54:18 | 000,141,086 | ---- | C] () -- C:\Users\Jim\AppData\Local\funmoods-speeddial_sf.crx
    [2012/10/03 21:31:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/10/03 21:29:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/03 21:26:19 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/10/03 20:54:54 | 000,001,241 | ---- | C] () -- C:\Users\Jim\Desktop\Videos - Shortcut.lnk
    [2012/09/26 21:44:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/09/26 21:44:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/09/02 16:22:56 | 000,000,071 | ---- | C] () -- C:\Windows\ENX330.ini
    [2012/03/14 16:54:37 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/03/14 16:54:36 | 013,184,512 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/03/14 16:54:36 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/03/14 16:54:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/03/14 16:54:36 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/02/03 01:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2011/02/10 19:03:27 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/12 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/12 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/10/22 23:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG2013
    [2012/10/10 03:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BitComet
    [2012/09/12 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Epson
    [2012/09/12 06:27:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leader Technologies
    [2012/09/02 16:29:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leadertech
    [2012/09/20 22:10:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
    [2012/09/09 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
     
  21. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Extras.txt:
    OTL Extras logfile created on: 10/23/2012 12:15:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.90 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 74.11% Memory free
    11.80 Gb Paging File | 10.16 Gb Available in Paging File | 86.06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 679.80 Gb Total Space | 614.70 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
    Drive D: | 976.13 Mb Total Space | 974.53 Mb Free Space | 99.84% Space Free | Partition Type: FAT
    Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JIM-VAIO | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{0EB7792D-EFA2-42AB-9A22-F33D9458E974}" = Media Gallery
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
    "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
    "{2C43E67B-0CDC-48BE-A374-23BEB0E48A72}" = AVG 2013
    "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
    "{34EB42BE-F4D3-44C1-B28E-9740115DB72C}" = VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
    "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
    "{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}" = VAIO Care
    "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
    "{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}" = VAIO - PlayMemories Home Plug-in
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BD8411DB-FBD5-40C2-B797-464F92FD3AA9}" = AVG 2013
    "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
    "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "EPSON NX330 Series" = EPSON NX330 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{0A013EA1-A1D3-11E0-8DCF-005056C00008}" = Sound Forge Audio Studio 10.0
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2F41EF61-A066-4EBF-84F8-21C1B317A780}" = VAIO - TrackID™ with BRAVIA
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5156C9BF-1C27-430B-96D8-7129F11699A8}" = VAIO Data Restore Tool
    "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-I Visual Effects 2
    "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6466EF6E-700E-470F-94CB-D0050302C84E}" = Remote Keyboard
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
    "{6FD21053-829D-40E7-B04C-CAFB7D5CD025}" = KUx86
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79E06DF1-24FE-11E1-913F-F04DA23A5C58}" = DVD Architect Studio 5.0
    "{7A6374F0-6D04-11E0-92E0-005056C00008}" = ACID Music Studio 8.0
    "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
    "{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
    "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
    "{858B32BD-121C-4AC8-BD87-CE37C51C03E2}" = TrackID(TM) with BRAVIA
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
    "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}" = Bing Bar
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AE5F3379-8B81-457E-8E09-7E61D941AFA4}" = VAIO Gate
    "{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
    "{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU Fan Diagnostic
    "{C14EAE86-C526-4E00-B245-CFF86233C3D2}" = VAIO 3D Portal
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
    "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
    "{C8544A9A-76BE-4F82-811E-979799AE493B}" = VAIO Gesture Control
    "{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}" = VAIO Help and Support
    "{CE3DE3AE-F384-11E0-B00E-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF5B430D-C563-4EE6-803D-A8A133DFCE5E}" = Reader for PC
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4E7BB46-310E-4A21-B261-052A5997EA2F}" = V3DPx86
    "{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}" = Remote Play with PlayStation(R)3
    "{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}" = VAIO OOBE
    "{DB1A3EA7-0C25-4BEC-A108-176195190369}" = VHD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
    "{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E682702C-609C-4017-99E7-3129C163955F}" = VAIO - Remote Keyboard with PlayStation®3
    "{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation
    "{EBBB8461-52A2-11E1-8EBF-005056C00008}" = MSVCRT Redists
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard_Shortcuts
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Application Manager for VAIO" = Application Manager for VAIO
    "BitComet_x64" = BitComet 1.33 64-bit
    "EPSON Scanner" = EPSON Scan
    "experience-sony-bundle" = TriDef 3D (Sony) 2.0.5
    "Giant Savings" = Giant Savings
    "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
    "LTCM Client" = LTCM Client
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MP4-Converter_is1" = MP4-Converter 4.3.8
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "VAIO Messenger" = VAIO Messenger
    "VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-770038861-190149619-3254999276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/12/2012 4:06:17 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 35013738

    Error - 10/12/2012 4:11:41 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/12/2012 4:11:41 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1061

    Error - 10/12/2012 4:11:41 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error - 10/12/2012 4:11:42 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/12/2012 4:11:42 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2075

    Error - 10/12/2012 4:11:42 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2075

    Error - 10/12/2012 4:11:43 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/12/2012 4:11:43 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3120

    Error - 10/12/2012 4:11:43 PM | Computer Name = Jim-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3120

    [ System Events ]
    Error - 10/12/2012 4:28:10 PM | Computer Name = Jim-VAIO | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/15/2012 7:37:23 PM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =

    Error - 10/18/2012 9:16:20 PM | Computer Name = Jim-VAIO | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/18/2012 9:17:46 PM | Computer Name = Jim-VAIO | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/18/2012 9:17:53 PM | Computer Name = Jim-VAIO | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/20/2012 12:20:51 AM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2012 12:21:22 AM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2012 12:21:53 AM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2012 12:21:58 AM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2012 12:22:02 AM | Computer Name = Jim-VAIO | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Uninstall McAfee Security Scan, typical foistware.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=te...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=te...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
      IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
      CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...ByByBtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1885513689
      O15 - HKU\S-1-5-21-770038861-190149619-3254999276-1001\..Trusted Domains: yahoo.com ([football.fantasysports] http in Trusted sites)
      [2012/10/21 21:54:04 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    OTL Log:
    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Registry key HKEY_USERS\S-1-5-21-770038861-190149619-3254999276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\football.fantasysports\ deleted successfully.
    C:\FRST\Quarantine\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\U folder moved successfully.
    C:\FRST\Quarantine\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542}\L folder moved successfully.
    C:\FRST\Quarantine\{08ecf3da-99cf-b7a0-f7b4-a264fefc9542} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jim
    ->Temp folder emptied: 515795 bytes
    ->Temporary Internet Files folder emptied: 362080443 bytes
    ->Java cache emptied: 64511 bytes
    ->Google Chrome cache emptied: 24074158 bytes
    ->Flash cache emptied: 25550 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 96 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50621464 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 417.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jim
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jim
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10232012_182806

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
    C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  24. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    Security check text file:
    Results of screen317's Security Check version 0.99.53
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 7 Update 1
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  25. JPJohnson_2012

    JPJohnson_2012 TS Rookie Topic Starter Posts: 29

    FSS text file:
    Farbar Service Scanner Version: 19-10-2012
    Ran by Jim (administrator) on 23-10-2012 at 19:01:47
    Running from "C:\Users\Jim\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.