Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant redirecting to other website


  • This topic is locked This topic is locked
25 replies to this topic

#1 eljim

eljim

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 30 January 2012 - 06:02 PM

Okay for the past couple days when you using the internet (firefox) I have been getting prompts "stating that this site is attempting to redirect you and it was blocked by firefox"

Just after doing a google searches I found people with the same problem and they where walked through the solution by running combofix with the help of someone else on a forum. I really don't know anything about any of that. So I am just reaching out for some help. I have Norton 5.0 and I have run a few scans with different settings a couple of times and I am still having the problem. Any help anyone can offer me would really be appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 31 January 2012 - 02:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 31 January 2012 - 05:51 PM

Hi Gringo,

Thanks for your help.

What I get is a message in my firefox browser just everytime I use it to surf the web is message that says firefox has prevented this site from re directing you to another page.

Here is the DDS log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Best Buy at 17:37:17 on 2012-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.6682 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDOR~1.LNK - C:\Program Files (x86)\Sendori\SendoriTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895} : NameServer = 192.168.1.254
TCP: Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895}\45568645572656A7 : DhcpNameServer = 10.188.15.20
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Best Buy\AppData\Roaming\Mozilla\Firefox\Profiles\2126mdma.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-12-25 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-22 1127448]
R2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-12-1 98624]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-12-26 6438264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-22 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-26 138360]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-31 05:30:58 49664 ----a-w- C:\Windows\System32\CamCodec.dll
2012-01-31 05:30:58 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-01-31 05:19:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9F5126FD-8F3C-488E-B7B9-0F34E03E0512}
2012-01-31 05:19:45 -------- d-----w- C:\Users\Best Buy\AppData\Local\{16D02AC4-1EF5-4607-B7A1-C214BF80A1A5}
2012-01-31 05:13:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{01E636BD-EDF7-40F4-B973-AB98B3B42EF6}
2012-01-31 05:13:44 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E4F58F82-F04E-48A1-8887-BAF4369680FB}
2012-01-31 03:46:14 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-01-31 03:46:14 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-01-31 03:46:14 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-01-31 03:46:14 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-01-31 03:46:14 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-01-31 03:46:14 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-01-31 03:46:07 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-01-31 02:24:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-30 20:55:42 98816 ----a-w- C:\Windows\sed.exe
2012-01-30 20:55:42 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-30 20:55:42 256000 ----a-w- C:\Windows\PEV.exe
2012-01-30 20:55:42 208896 ----a-w- C:\Windows\MBR.exe
2012-01-30 02:45:16 -------- d-----w- C:\Users\Best Buy\AppData\Local\{41883208-588A-47FD-A652-3DFFBC01A819}
2012-01-30 02:45:06 -------- d-----w- C:\Users\Best Buy\AppData\Local\{1700FD24-0610-4D57-A572-57213020C993}
2012-01-29 16:54:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\{96C40071-567D-44B0-972F-B9C10480F523}
2012-01-29 16:54:13 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9743BDF6-EF42-4CA8-95F4-4EB792C5ABE8}
2012-01-29 13:48:41 -------- d-----w- C:\Users\Best Buy\AppData\Local\{262D13E0-7498-476F-9855-37204F8BD482}
2012-01-29 13:48:31 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9C5EEC91-3DD3-4E4A-AA22-49CD5CECCDE3}
2012-01-29 02:01:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9EEB58DB-18D1-4AA0-8A9D-E5E5DF63EA6E}
2012-01-29 02:01:44 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FFD00D54-7C00-45A6-BC14-7BA6B299F699}
2012-01-29 00:05:28 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4EAC08C9-4960-40B4-954A-7CE047AADDC3}
2012-01-29 00:05:17 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FB9F30AA-FE5B-48A0-BC57-D275CC96A1AC}
2012-01-28 19:29:34 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0E3004F5-7795-490C-BB79-A04AFE781302}
2012-01-28 19:29:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\{48F96CA3-2D28-4C69-A078-971C48C1E54B}
2012-01-28 15:39:04 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EA90C418-747F-401A-9250-41E9EEB4EAD1}
2012-01-28 15:38:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{1D5F4C07-A922-41B5-B171-5553F5A86336}
2012-01-28 09:07:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9D718C90-8762-44BF-B435-13E9A0E0502E}
2012-01-28 09:06:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{46F5A2E6-A97E-41A6-AF43-87F403AD4CEA}
2012-01-28 08:54:07 -------- d-----w- C:\Users\Best Buy\AppData\Local\{CEA42E3A-75D1-440C-84FF-880C22380C11}
2012-01-28 08:53:57 -------- d-----w- C:\Users\Best Buy\AppData\Local\{52CE513E-CFBE-440D-B254-CB9B1D9E7B0E}
2012-01-28 08:45:31 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F8C624A4-7698-44F0-BD3F-2BFF7571180F}
2012-01-28 08:45:21 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E2428053-3AF1-466D-9B08-F2751F604ADF}
2012-01-28 08:44:17 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\SYSTEMAX Software Development
2012-01-28 08:44:17 -------- d-----w- C:\ProgramData\SYSTEMAX Software Development
2012-01-27 18:39:33 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A37A4010-46EE-41DF-AC42-217EEBCD4D3C}
2012-01-27 18:39:22 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0DD6281D-817F-495A-876F-4900D70D7F30}
2012-01-27 15:56:06 -------- d-----w- C:\Users\Best Buy\AppData\Local\{34EDDF98-80B2-44AF-80F7-1E8B3AA140F3}
2012-01-27 15:55:56 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D7459F98-B51A-4073-B778-E87ECD616228}
2012-01-27 01:36:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{801246B3-49C3-4AD1-A38F-91FD3A2DFCAA}
2012-01-26 23:32:47 -------- d-----w- C:\Users\Best Buy\AppData\Local\{046153B6-B449-4183-A0CE-C2F7D486296D}
2012-01-26 23:32:36 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0AB26A79-04E7-4BA1-9EBE-15300DE876E0}
2012-01-26 20:10:25 -------- d-----w- C:\Users\Best Buy\AppData\Local\{79193C2B-1A02-4345-90FB-8C8CB10AC723}
2012-01-26 20:10:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{690DF357-9096-4019-8983-E29B40E1B639}
2012-01-26 12:53:04 -------- d-----w- C:\Users\Best Buy\AppData\Local\{65780777-7046-4EF0-9F56-6313257D5580}
2012-01-26 12:52:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{5F509964-7F0F-41B8-938F-F1339035B32A}
2012-01-26 08:17:04 -------- d-----w- C:\Users\Best Buy\AppData\Local\{5F2C96B3-86C5-4293-B8BE-C5B4B0A7525B}
2012-01-26 08:16:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F18F2FEB-F562-48BD-974B-1BD91EE3BE1A}
2012-01-26 01:28:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BAE2D177-F5B2-4781-BFE4-87922284F7B4}
2012-01-26 01:27:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D3674606-EA17-422A-8A3C-D64DB628CA67}
2012-01-25 17:09:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B2F1143D-DEBF-4D10-B7E7-CE07323D7AF6}
2012-01-25 17:08:57 -------- d-----w- C:\Users\Best Buy\AppData\Local\{96D5935D-EA59-4BDA-9A8F-0571ECE3E9F6}
2012-01-24 22:43:58 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FD5002C4-8B6F-491A-8878-71D17D6F3987}
2012-01-24 22:43:48 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B740B1E9-1BEC-485B-A103-07CBE9886F88}
2012-01-24 17:56:29 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E2279F46-90A2-49A5-A4BC-15CE42568BF3}
2012-01-24 17:56:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{91FD3115-30B5-41FB-8576-FA6846282D64}
2012-01-24 09:25:08 -------- d-----w- C:\Program Files (x86)\Veetle
2012-01-24 08:44:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F3469356-CD61-45BD-B6B3-28478BB1BDF2}
2012-01-24 08:44:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FE3BED7D-A9A9-4CEF-9CBE-8E51B2D9C804}
2012-01-23 17:23:30 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6380E411-BCA2-4284-9F07-F07300AAFEEF}
2012-01-23 17:23:18 -------- d-----w- C:\Users\Best Buy\AppData\Local\{612A52A5-7923-4E15-880D-C0370D95EFBA}
2012-01-23 03:38:36 -------- d-----w- C:\Users\Best Buy\AppData\Local\{5BD19A4D-37CE-4EDD-8C30-1B938E952758}
2012-01-23 03:38:25 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0E717277-1E9A-48CE-AA5F-3961ED4E9991}
2012-01-23 00:43:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3D40CF86-1E7B-428D-8A57-CE8922896A14}
2012-01-23 00:43:01 -------- d-----w- C:\Users\Best Buy\AppData\Local\{54410D6F-C324-4CA5-8277-DB535E082ADE}
2012-01-23 00:23:02 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DBEBF425-9FC4-4C63-9D76-DC77C55DC6C5}
2012-01-23 00:22:52 -------- d-----w- C:\Users\Best Buy\AppData\Local\{177D0066-10F2-40FA-9195-CADA92E6694C}
2012-01-22 15:57:36 -------- d-----w- C:\Users\Best Buy\AppData\Local\{27CD142E-C14D-4E22-8B63-8B15157B2AC7}
2012-01-22 15:57:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{27144263-DE05-4B95-AA76-94ADC0DA69FD}
2012-01-21 23:15:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6F7DA8A0-1B83-42C7-9F2B-268C2813D7A4}
2012-01-21 23:15:00 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8D2D177B-B3B6-401B-952C-0A7D6F04AED5}
2012-01-21 20:54:41 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A44479FF-C5A6-4B3A-B434-ACF6C6E21CD1}
2012-01-21 20:54:29 -------- d-----w- C:\Users\Best Buy\AppData\Local\{19CD5A9F-B21A-4A3A-8837-148E64C7C4B0}
2012-01-21 08:29:25 -------- d-----w- C:\Users\Best Buy\AppData\Local\{2F6CF46E-8221-476C-AF51-FEBD6C8C6E45}
2012-01-21 08:29:15 -------- d-----w- C:\Users\Best Buy\AppData\Local\{ED7A1572-FA90-4C93-B9E7-9974543BC6A5}
2012-01-20 20:22:30 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A3569A01-6BB7-442D-B934-430800483319}
2012-01-20 20:22:20 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6FA65E27-9FAE-43F8-B24B-2030A3C5FB5A}
2012-01-20 18:17:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DE6CED6B-2DD7-44F3-A4DF-47D52ED8D9CA}
2012-01-20 18:17:40 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9F41C9A0-2E94-46AA-AB6F-4AD286DD6DC2}
2012-01-20 17:05:07 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4E2F29B1-16EE-451B-9C34-B8D77BEC1A1E}
2012-01-20 17:04:57 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6E2737B8-6E94-4A9A-9CD0-1ADAD09928FC}
2012-01-20 14:00:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{76A70CFA-0AC4-49B0-A053-B3400BB76EC8}
2012-01-20 14:00:13 -------- d-----w- C:\Users\Best Buy\AppData\Local\{597583D3-8C2E-4D3E-B4BB-A94C99E26625}
2012-01-20 08:34:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9B7A2F52-ED6A-4767-8D6E-EC6F59CD66CB}
2012-01-20 08:34:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{62481327-FB53-4832-95FA-6C7B1C24C184}
2012-01-20 04:49:13 -------- d-----w- C:\Users\Best Buy\AppData\Local\{685FD6C7-0D03-4895-9BD9-393685A25160}
2012-01-20 04:49:03 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C6BC6EBA-159B-4BCE-912F-A787D8DBAFF5}
2012-01-20 03:09:20 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C0A84C74-A6B3-4E84-9843-600F491A21B8}
2012-01-20 03:09:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{08F71B59-7641-4E0F-99F5-9201BF943146}
2012-01-19 21:43:08 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C4C53432-81EA-4CA2-9C50-548D4F9D78A8}
2012-01-19 21:42:58 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B6FBB7B7-EC86-422F-B4F6-27E35C320D1A}
2012-01-19 16:37:16 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3530CC84-F849-454D-85D5-144A7C2CD6C6}
2012-01-19 16:37:06 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FD7E37C6-4062-4FEC-B157-1FA2FFCFA8DE}
2012-01-19 09:29:33 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C342DB0B-031B-4E81-B807-C3146DCCFF8E}
2012-01-19 09:29:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\{91DD6F5D-3A05-49A9-97A8-0D7BB5C750FC}
2012-01-19 03:19:30 -------- d-----w- C:\Users\Best Buy\AppData\Local\{041BB57C-A0EC-45FD-B96B-E978BDF505C9}
2012-01-19 03:19:20 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BA76FFEC-4472-4840-B13F-BC58FE3A4CB2}
2012-01-18 23:35:27 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9D77A3EC-EFD0-4DB8-BC4C-CD7105D5C52D}
2012-01-18 19:37:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{AA6D802C-CC36-4541-A0DA-553EBAFDBC6D}
2012-01-18 19:37:16 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E82D6ACD-C75A-491E-9EA7-E681142B25D5}
2012-01-18 17:16:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EF090C99-1BC2-4DBA-A882-FE8B6F82655D}
2012-01-18 05:24:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3D9319B3-D93D-4900-994C-0049AD45E0E4}
2012-01-18 05:24:13 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7C941D36-A1A1-4A75-BA3D-93E3AB9C8204}
2012-01-18 01:40:21 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EF248464-DC2A-4FAD-869C-6473ECF379C8}
2012-01-18 01:40:11 -------- d-----w- C:\Users\Best Buy\AppData\Local\{37F4D4FC-498E-4B9B-96B0-F17439369AAC}
2012-01-17 16:37:00 -------- d-----w- C:\Users\Best Buy\AppData\Local\{237E3D16-9631-456A-BC50-A6A60032DA09}
2012-01-17 16:36:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DA6E8936-2748-4413-A7DD-596D0A723A5B}
2012-01-17 04:57:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{83645FAC-EF1E-4F86-978C-04390800F6C4}
2012-01-17 04:56:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{804A00D0-9759-423B-B786-100549EDACF9}
2012-01-17 03:27:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{49B6CF5B-F23A-400D-886F-70541A7854C7}
2012-01-17 03:27:49 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F75375A7-22A9-4934-9CD2-4A34EC9CFB00}
2012-01-16 18:12:36 -------- d-----w- C:\Users\Best Buy\AppData\Local\MPlayer
2012-01-16 18:10:49 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-16 18:02:36 -------- d-----w- C:\ProgramData\PMS
2012-01-16 18:02:32 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2012-01-16 15:43:12 -------- d-----w- C:\Users\Best Buy\AppData\Local\{562EEE4D-ABE8-4419-8182-30449E74F91F}
2012-01-16 15:43:02 -------- d-----w- C:\Users\Best Buy\AppData\Local\{1D6D7DD2-694C-46F7-9850-F76F86326B13}
2012-01-16 03:15:21 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A739BAF0-6A6D-4F99-BE09-90B2F50DCA28}
2012-01-16 03:15:12 -------- d-----w- C:\Users\Best Buy\AppData\Local\{121C79C1-A840-4C12-BCDB-0695F2C5B0D7}
2012-01-15 22:43:46 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C43BA2FF-C90E-4FB5-BCD7-830A962BDD42}
2012-01-15 22:43:33 -------- d-----w- C:\Users\Best Buy\AppData\Local\{2A47CF07-39AB-4A94-A56F-ECAA2DC8D79C}
2012-01-15 16:18:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\{36FC3753-43EE-421B-85FC-A757EDA06ECC}
2012-01-15 16:18:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DA39020B-8E04-454D-A2CB-3D85C9E94FDA}
2012-01-15 15:58:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\Apple Computer
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-15 15:17:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-15 15:16:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\Apple
2012-01-15 14:19:21 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DD0AD04B-1927-4081-81C3-7FD8318FE94E}
2012-01-15 14:19:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A9E4B6A1-F478-4719-9600-57B3FF2E79DA}
2012-01-15 06:47:25 -------- d-----w- C:\Users\Best Buy\AppData\Local\{843684E1-1632-44D5-959D-2DFB9750EC61}
2012-01-15 06:47:16 -------- d-----w- C:\Users\Best Buy\AppData\Local\{CF528CF5-569D-419B-AE19-EF33BE71D4B0}
2012-01-15 03:37:53 -------- d-----w- C:\Users\Best Buy\AppData\Local\{428C2427-B203-4EFC-BC24-49B61FDDDF68}
2012-01-15 03:37:44 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E4F2399C-398D-4822-990D-7C1955D8E553}
2012-01-15 03:34:48 -------- d-----w- C:\Users\Best Buy\AppData\Local\{AC2C33C3-2F51-4940-B439-437EA59A6DEF}
2012-01-15 03:34:39 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8452E889-4E1E-46B9-9BA5-24C2E408FAF4}
2012-01-15 03:30:27 -------- d-----w- C:\Users\Best Buy\AppData\Local\{45148089-9202-4702-A2D9-8F52931CC801}
2012-01-15 03:30:17 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9E37E665-C638-4F95-B18A-1DFD24D1FD10}
2012-01-15 03:26:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3A2F40A4-C141-4CEC-A90B-AEBF821603F1}
2012-01-15 03:26:08 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A5C6EED3-15A7-4690-A06B-3BEF48D0E6EE}
2012-01-14 23:37:56 -------- d-----w- C:\Users\Best Buy\AppData\Local\{53764808-3D2F-4C6B-A4FE-CD87EF239CDC}
2012-01-14 23:37:46 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3ADC4CFC-00CD-4640-969B-762C57335875}
2012-01-14 22:28:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BEE5A6B6-085B-4CA5-AF81-59CCD99C0CF8}
2012-01-14 15:44:33 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9CC0BE39-F975-43A8-B325-F6CF480BF16E}
2012-01-14 15:44:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F7809735-4913-4895-8F18-C723F4AFAD0A}
2012-01-14 07:28:03 -------- d-----w- C:\Users\Best Buy\AppData\Local\{2746EAE8-F784-46C1-9435-8142ED856FA9}
2012-01-14 07:27:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{AF543A55-78D9-4EF8-8E58-94C45FF86178}
2012-01-14 05:55:22 -------- d-----w- C:\Users\Best Buy\AppData\Local\{360D6AF5-7FEB-4267-A008-8768BDC4519F}
2012-01-14 05:55:12 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D0354F69-ABBF-44C7-9C4A-B4A4DC6C975B}
2012-01-14 03:24:00 -------- d-----w- C:\Users\Best Buy\AppData\Local\{34E62DB9-2C7C-4113-8EC4-A2FC9F317C84}
2012-01-14 03:23:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{2C4A9152-A09C-4EE3-846B-715A34DCB68F}
2012-01-13 22:19:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8265BCC8-890B-438C-B00F-C1A196B53817}
2012-01-13 22:18:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9A788266-278D-4BEC-9240-9E9D2395196E}
2012-01-13 17:02:37 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0C694CF2-B6C0-4F16-B8FF-574A67824D4F}
2012-01-13 17:02:27 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0002A2DF-5E37-414C-96D3-5DB5C24C8E24}
2012-01-13 09:44:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{842D54A4-F410-487E-98E0-023EB4B0810A}
2012-01-13 09:43:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9904CD20-0815-44AB-B69B-26F2CC717796}
2012-01-13 09:19:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4AF51013-F97F-43EA-975D-10D8FBB4BAD1}
2012-01-13 09:19:00 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BE4E73FD-89E4-4512-963F-FDB82D6F0DC8}
2012-01-13 05:44:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0B14277C-B47F-475D-95F4-8699821687EE}
2012-01-13 05:44:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{ACF3140F-01C7-488A-880F-8B7EFD1A2C46}
2012-01-13 03:21:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9B96EA40-3FD8-4D39-8D05-4B0AD75FB914}
2012-01-13 03:20:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{378580FC-F733-4565-A79E-D6A9D96D09D9}
2012-01-12 18:44:39 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B5A4EB9D-5B8A-4642-9303-2378D7DC656E}
2012-01-12 18:44:29 -------- d-----w- C:\Users\Best Buy\AppData\Local\{25F906C5-A812-43CC-95AE-3F57A0E0CAD2}
2012-01-12 16:22:52 -------- d-----w- C:\Program Files\Paint.NET
2012-01-12 16:22:25 -------- d-----w- C:\Users\Best Buy\AppData\Local\Paint.NET
2012-01-12 16:19:46 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B7AA96C0-08C8-4E2E-AE8A-37DBED694CC3}
2012-01-12 16:19:35 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D5898A78-A1D8-44B1-AE95-CD485B8F9D30}
2012-01-12 13:54:40 -------- d-----w- C:\Users\Best Buy\AppData\Local\{453C4F83-8FC9-477A-A769-AEFAA7583E8F}
2012-01-12 13:54:30 -------- d-----w- C:\Users\Best Buy\AppData\Local\{1C29D946-E6CA-4E76-B6BB-FD5262E07C7C}
2012-01-11 14:19:03 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D3F0B19C-888B-4A12-A751-577CF279D710}
2012-01-11 14:18:53 -------- d-----w- C:\Users\Best Buy\AppData\Local\{AA4DC910-6631-4C5C-BE18-F9CFC8EE8F88}
2012-01-11 12:02:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DD15B154-F592-4BF5-9E34-34BD69181CA5}
2012-01-11 12:02:40 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D1102C3A-F159-4BBF-B260-EEB82B13BCB1}
2012-01-11 07:31:22 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 07:31:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 07:31:22 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 07:31:22 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 07:31:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 07:31:20 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 07:31:16 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 07:31:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 23:19:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FE070750-A3D5-4314-84F2-B7A947CFA8BA}
2012-01-10 23:19:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{00E1EE6D-BA25-4E31-A7AA-B2BA6A0EC93D}
2012-01-10 18:09:38 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DCF8CA41-CD5F-49E2-9F28-71D5057A3A4D}
2012-01-10 18:09:28 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3FDE56F2-2F0D-49C7-9D96-BBBCF50AF51C}
2012-01-10 04:49:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{332E69AF-AFCE-4572-8134-3FA2EED8832A}
2012-01-10 04:49:45 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E1DA38AB-CE77-432E-BEBB-46D8153D5FF7}
2012-01-10 03:05:29 -------- d-----w- C:\Users\Best Buy\AppData\Local\{ECE72A13-1D53-4026-A4B7-6FC41C97FFE8}
2012-01-10 03:05:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{84D9DB84-3D6D-406D-BC42-6279B2286A01}
2012-01-10 00:50:16 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\Mount&Blade With Fire and Sword
2012-01-10 00:42:28 -------- d-----w- C:\Program Files (x86)\Mount&Blade With Fire and Sword
2012-01-09 19:30:08 -------- d-----w- C:\Users\Best Buy\AppData\Local\{470681FA-AF26-4366-A1C7-1F7F76BA0930}
2012-01-09 06:37:44 -------- d-----w- C:\Users\Best Buy\AppData\Local\PackageAware
2012-01-09 04:04:25 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\Mount&Blade Warband
2012-01-09 04:02:54 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\GetRightToGo
2012-01-09 03:58:39 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2012-01-09 03:45:37 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C55958F6-36CD-4865-AB8B-4093A38441A5}
2012-01-09 03:45:27 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0ECD9B1F-2F41-4860-8B10-A3A98D91A61C}
2012-01-09 00:27:04 -------- d-----w- C:\Users\Best Buy\AppData\Local\{211B3E89-834E-4EFB-B5F9-1E7A301B0274}
2012-01-09 00:26:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{3CE3FA32-690A-43F1-80EA-49CF32F696F8}
2012-01-08 19:50:38 -------- d-----w- C:\Users\Best Buy\AppData\Local\{487AE459-8376-4F33-9468-13237F706366}
2012-01-08 19:50:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E98E1E78-F660-435D-92C3-A61258636352}
2012-01-08 17:58:32 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4018FA95-AB5C-4024-9C00-1E6B5491B3CB}
2012-01-08 17:58:18 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DD416C91-41A5-420C-AEB3-938C410F405E}
2012-01-08 04:19:53 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B957EE27-8A6F-448E-A1D9-C836FD4FB3E6}
2012-01-08 04:19:43 -------- d-----w- C:\Users\Best Buy\AppData\Local\{193EE0FB-3932-4DD7-819F-2025D876CAA8}
2012-01-08 02:36:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C98321C8-556D-4435-8395-B0A910A1AF9B}
2012-01-08 02:36:17 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6A73161C-1A1E-415A-AC75-822C7E93DA8D}
2012-01-07 21:40:15 -------- d-----w- C:\Users\Best Buy\AppData\Local\{2158BCC1-522D-4FE6-BD20-4FA73F072679}
2012-01-07 21:40:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7B2E6F5F-E464-4DCB-BCB9-8C37812765BC}
2012-01-07 20:27:22 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E653502E-D8D8-4F4B-88A5-8EF5BB50EB77}
2012-01-07 20:27:12 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D1C0142B-FAB1-451B-9696-31E882250C16}
2012-01-07 20:05:13 -------- d-----w- C:\Users\Best Buy\AppData\Local\ApplicationHistory
2012-01-07 19:13:39 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0D62696E-1BE9-4410-A1AF-3A7533DDDCD4}
2012-01-07 19:13:29 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DD4C7128-B6A0-41C9-BFB7-A1A2E1D7B696}
2012-01-07 18:29:05 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-01-07 18:12:30 -------- d-----w- C:\Program Files (x86)\SEGA
2012-01-07 05:26:35 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BB942B3D-C998-4CBD-85E4-3B4A4B10A0B2}
2012-01-07 05:26:26 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C4165013-BC6C-472F-812B-12F1CA9127A4}
2012-01-07 02:18:40 -------- d-----w- C:\Users\Best Buy\AppData\Local\{37F1E371-0750-4E30-ACAB-DA89CCAD1E4F}
2012-01-07 02:18:30 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8057639C-4454-495D-AE1A-9B24331732B0}
2012-01-06 23:00:46 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0691519B-9F1F-4C6C-823E-2C1566E35207}
2012-01-06 23:00:34 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BF9BF977-E6ED-45A5-976C-265E16DDB0A1}
2012-01-06 16:52:46 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4FB5E4CD-174F-419C-9E7B-900CC775EEB9}
2012-01-06 16:52:35 -------- d-----w- C:\Users\Best Buy\AppData\Local\{1B55A026-BC1D-486B-997C-3F4496BFE848}
2012-01-06 03:38:17 -------- d-----w- C:\Users\Best Buy\AppData\Local\{DD1385B1-F473-4CA6-8EEA-71E7DD93B546}
2012-01-06 00:06:18 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9824CF56-0E8E-4C05-9886-A5EE8B2294CE}
2012-01-06 00:06:08 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EFC37C52-74BB-4CF5-883C-CDEC90876126}
2012-01-05 18:59:43 -------- d-----w- C:\Users\Best Buy\AppData\Local\{23394E58-BE7D-481C-82A7-A5F882113621}
2012-01-05 18:59:33 -------- d-----w- C:\Users\Best Buy\AppData\Local\{891C1BD8-F4CB-4F31-BE23-9854A2B4D4BB}
2012-01-05 08:07:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D1CB434C-0728-4215-8603-2FE242A8E705}
2012-01-05 08:07:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{6D84FB24-20AF-47C5-B70A-0EF973BBF8CA}
2012-01-05 01:49:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A0541E15-A54C-4D7C-8100-8F5AB068A490}
2012-01-05 01:48:56 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7535428A-94F0-4119-91E6-FFA2EB7AA529}
2012-01-05 00:12:31 -------- d-----w- C:\Users\Best Buy\AppData\Local\{93F5FE0F-1606-43A4-A0E6-17B42E52E729}
2012-01-05 00:12:21 -------- d-----w- C:\Users\Best Buy\AppData\Local\{99C0D5E2-D664-45AD-8CDD-A4041C5DCBC5}
2012-01-04 20:36:51 -------- d-----w- C:\Users\Best Buy\AppData\Local\{B4A5A8AF-8A6B-4B51-B5CE-8753C9FDE262}
2012-01-04 20:36:42 -------- d-----w- C:\Users\Best Buy\AppData\Local\{5E33BE84-55A6-4EBF-95A4-659D38B5F60F}
2012-01-04 20:22:28 -------- d-----w- C:\Users\Best Buy\AppData\Local\{196F5BF8-0283-4747-8FB1-5DE40F561767}
2012-01-04 20:22:14 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F670395A-6882-4CC3-9DBF-3F9B40B1CF73}
2012-01-04 19:19:19 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EF3B2A7B-7AD1-4D7D-AD45-1DEDE2BDCDB7}
2012-01-04 19:19:09 -------- d-----w- C:\Users\Best Buy\AppData\Local\{969000FA-B440-487F-8ECD-9701DDEB3905}
2012-01-04 16:26:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8E180E22-943F-4A58-9C30-05051612967D}
2012-01-04 16:25:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{0AB758CC-9FE5-4CE5-8F03-8C9E9177894B}
2012-01-04 08:16:15 -------- d-----w- C:\Users\Best Buy\AppData\Local\{4197D1EF-3981-4901-A356-0F39B976A034}
2012-01-04 08:16:06 -------- d-----w- C:\Users\Best Buy\AppData\Local\{CDF1AE6E-577F-437B-BA88-98B56589C6C6}
2012-01-04 07:47:03 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F1C7B740-D016-460A-A403-7966EE238D3C}
2012-01-04 07:46:52 -------- d-----w- C:\Users\Best Buy\AppData\Local\{930E01C6-A5F4-4AC1-905D-487A2CDFF7FB}
2012-01-04 05:05:51 -------- d-----w- C:\Users\Best Buy\AppData\Local\{EFFD8FCE-57F8-4820-920A-5172AE45E4FB}
2012-01-04 05:05:41 -------- d-----w- C:\Users\Best Buy\AppData\Local\{72F564EF-2F4D-43A2-8E7C-701130249CFD}
2012-01-03 23:28:51 -------- d-----w- C:\Users\Best Buy\AppData\Local\{D8963EE4-9F77-4135-9C7A-08B87C443791}
2012-01-03 23:28:41 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8ACA1B56-17E0-48E7-88A3-1CF541A4BDFB}
2012-01-03 18:33:42 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E6575703-2D6C-4FD5-958C-15B7B077B261}
2012-01-03 18:33:31 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C3391D2F-5602-4ADD-B4E3-163463C2BF62}
2012-01-03 17:00:37 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7E9791DA-49E2-414D-AB06-87C69735E344}
2012-01-03 17:00:24 -------- d-----w- C:\Users\Best Buy\AppData\Local\{ADF8156B-BA0E-4FE2-B63D-68D07FCDDA83}
2012-01-03 09:02:03 -------- d-----w- C:\Program Files (x86)\Total War
2012-01-03 09:01:34 306688 ----a-w- C:\Windows\IsUninst.exe
2012-01-03 07:00:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{591351F9-4FE1-49FD-8D91-9D17FD9D7C02}
2012-01-03 06:59:55 -------- d-----w- C:\Users\Best Buy\AppData\Local\{8F8E9483-7996-41CF-A0CC-DE7B5B7FBABF}
2012-01-02 20:17:34 -------- d-----w- C:\Users\Best Buy\AppData\Local\{F1AA4D6C-35B1-4DB0-92D8-2C874363AFBB}
2012-01-02 20:17:23 -------- d-----w- C:\Users\Best Buy\AppData\Local\{494C3104-0B8F-4971-B6B6-A67ED3012273}
2012-01-02 19:52:56 -------- d-----w- C:\Users\Best Buy\AppData\Local\{CEC917DC-0450-4C55-AA97-887F4EF43A4E}
2012-01-02 19:52:47 -------- d-----w- C:\Users\Best Buy\AppData\Local\{E17D5A09-9127-4710-B363-C7E2F4604F6B}
2012-01-02 16:55:44 -------- d-----w- C:\Users\Best Buy\AppData\Local\Skyrim
2012-01-02 16:39:58 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-01-02 16:34:46 -------- d-----w- C:\ProgramData\Sendori
2012-01-02 16:34:45 -------- d-----w- C:\Program Files (x86)\Sendori
2012-01-02 16:34:34 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\OpenCandy
2012-01-02 16:32:56 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-02 16:32:52 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-01-02 16:32:36 -------- d-----w- C:\Users\Best Buy\AppData\Roaming\DAEMON Tools Lite
2012-01-02 16:32:33 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-01-02 15:29:05 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FDC850D9-A32A-4315-8680-6B09C631AB72}
2012-01-02 15:28:54 -------- d-----w- C:\Users\Best Buy\AppData\Local\{329D626F-4926-4477-B7B0-BECC1F63085F}
2012-01-02 04:18:18 -------- d-----w- C:\Users\Best Buy\AppData\Local\{72CCAC44-049E-47E8-AABE-C8E9E7F3820E}
2012-01-02 04:18:08 -------- d-----w- C:\Users\Best Buy\AppData\Local\{FD3D8167-53DF-4472-A2D7-CA35044C98B5}
2012-01-02 04:16:07 -------- d-----w- C:\Users\Best Buy\AppData\Local\{41C979D8-1E6F-4FC5-B92F-F01AD33C25B4}
2012-01-02 03:57:49 -------- d-----w- C:\Users\Best Buy\AppData\Local\{542329B4-084A-403A-BD23-77F7DF495613}
2012-01-02 03:51:32 -------- d-----w- C:\Users\Best Buy\AppData\Local\{9786C752-0E05-49B3-95BA-2C23CFB10F2E}
2012-01-02 02:55:58 -------- d-----w- C:\Users\Best Buy\AppData\Local\{BD8810A7-AA73-4EE6-84D5-44F9D0393093}
2012-01-02 00:12:10 -------- d-----w- C:\Users\Best Buy\AppData\Local\{A6A69711-10FE-4486-BECA-6FA73E27ADF3}
2012-01-02 00:11:59 -------- d-----w- C:\Users\Best Buy\AppData\Local\{C30DB64E-C592-4290-B82A-D825E605E405}
2012-01-01 23:14:50 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7C02A846-881E-4D6F-A4D5-DE839DA3C5BB}
2012-01-01 23:14:40 -------- d-----w- C:\Users\Best Buy\AppData\Local\{7ACC2473-035F-4765-BCFD-4F485B84B17F}
.
==================== Find3M ====================
.
2011-12-27 02:58:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-26 01:30:36 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-07 15:03:16 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:37:40.33 ===============

and here is the ATTACH log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/08/2011 11:20:01 AM
System Uptime: 31/01/2012 5:27:31 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AC2
Processor: Intel® Core™ i5-2390T CPU @ 2.70GHz | CPU 1 | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1851 GiB total, 1747.514 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.491 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 28/01/2012 7:25:54 PM - Norton 360 Registry Clean
RP98: 30/01/2012 3:37:39 PM - Restore Operation
.
==== Installed Programs ======================
.
3ds max 7
3ds max 7 Additional Maps and Materials
3ds max 7 Architectural Materials
3ds max 7 Reference Files
7-Zip 9.22beta
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Artweaver Free 3.0
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
DAEMON Tools Lite
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
En_bby_ScreenSaver
En_bby_ScreenSaver 001
Farm Frenzy
FATE - The Traitor Soul
Final Draft 7
Final Draft AV 2.5
Final Drive Nitro
Galerie de photos Windows Live
Google Chrome
Google Update Helper
HolidaySS_EN
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HydraVision
Inkscape 0.48.2
Intel® Management Engine Components
Java Auto Updater
Java™ 7 Update 1
Junk Mail filter update
LabelPrint
LightScribe System Software
Mah Jong Medley
Medieval - Total War ™ - Viking Invasion ™
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
Mount&Blade Warband
Mount&Blade With Fire and Sword
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Norton 360
Norton Online Backup
PaintTool SAI Ver.1
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
PS3 Media Server
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sendori
Slingo Supreme
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Veetle TV
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
30/01/2012 9:19:56 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
30/01/2012 9:17:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Edited by eljim, 31 January 2012 - 05:57 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 31 January 2012 - 06:47 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 03:22 PM

Hi Gringo, thanks again.

I ran Combofix and I still get that prompt in firefox that states that a site is attempting to redirect me to another page.
After the log was completed I also received a prompt about my tablet driver being stopped from working as well as some other software i tried after. After rebooting the tablet and other software worked fine though, but I still get the prompt about sites attempting to redirect me.

Here is the Combofix log:

ComboFix 12-02-01.01 - Best Buy 01/02/2012 13:57:01.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.6646 [GMT -5:00]
Running from: c:\users\Best Buy\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 19:02 . 2012-02-01 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 05:30 . 2012-01-31 05:30 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-01-31 05:30 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-31 03:46 . 2012-01-31 03:46 -------- d-----w- c:\windows\system32\drivers\N360x64\0502000.00D
2012-01-28 08:44 . 2012-01-28 08:44 -------- d-----w- c:\users\Best Buy\AppData\Roaming\SYSTEMAX Software Development
2012-01-28 08:44 . 2012-01-28 08:44 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2012-01-24 09:25 . 2012-01-24 09:26 -------- d-----w- c:\program files (x86)\Google
2012-01-24 09:25 . 2012-01-24 09:25 -------- d-----w- c:\program files (x86)\Veetle
2012-01-16 18:12 . 2012-01-16 18:12 -------- d-----w- c:\users\Best Buy\AppData\Local\MPlayer
2012-01-16 18:12 . 2012-01-16 18:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-16 18:10 . 2012-01-16 18:10 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-16 18:10 . 2012-01-16 18:10 -------- d-----w- c:\program files (x86)\Java
2012-01-16 18:02 . 2012-01-16 18:12 -------- d-----w- c:\programdata\PMS
2012-01-16 18:02 . 2012-01-16 18:12 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-01-15 16:17 . 2012-01-15 16:17 -------- d-----w- c:\users\Best Buy\AppData\Roaming\Apple Computer
2012-01-15 15:58 . 2012-01-15 15:58 -------- d-----w- c:\users\Best Buy\AppData\Local\Apple Computer
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-15 15:17 . 2012-01-15 15:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-15 15:17 . 2012-01-15 15:17 -------- d-----w- c:\program files (x86)\QuickTime
2012-01-15 15:17 . 2012-01-15 15:17 -------- d-----w- c:\programdata\Apple Computer
2012-01-15 15:16 . 2012-01-15 15:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-01-15 15:16 . 2012-01-15 15:16 -------- d-----w- c:\users\Best Buy\AppData\Local\Apple
2012-01-15 15:16 . 2012-01-15 15:16 -------- d-----w- c:\programdata\Apple
2012-01-15 15:16 . 2012-01-15 15:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-12 16:22 . 2012-01-12 16:23 -------- d-----w- c:\program files\Paint.NET
2012-01-12 16:22 . 2012-02-01 13:53 -------- d-----w- c:\users\Best Buy\AppData\Local\Paint.NET
2012-01-11 07:31 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 07:31 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:31 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 07:31 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 07:31 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:31 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 07:31 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:31 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 00:50 . 2012-01-23 08:42 -------- d-----w- c:\users\Best Buy\AppData\Roaming\Mount&Blade With Fire and Sword
2012-01-10 00:42 . 2012-01-10 00:44 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2012-01-09 06:37 . 2012-01-09 06:37 -------- d-----w- c:\users\Best Buy\AppData\Local\PackageAware
2012-01-09 04:04 . 2012-01-09 05:34 -------- d-----w- c:\users\Best Buy\AppData\Roaming\Mount&Blade Warband
2012-01-09 04:02 . 2012-01-09 05:15 -------- d-----w- c:\users\Best Buy\AppData\Roaming\GetRightToGo
2012-01-09 03:58 . 2012-01-09 06:39 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2012-01-07 20:17 . 2012-01-07 20:17 -------- d-----w- c:\users\Best Buy\AppData\Roaming\InstallShield
2012-01-07 20:05 . 2012-01-28 11:31 -------- d-----w- c:\users\Best Buy\AppData\Local\ApplicationHistory
2012-01-07 18:29 . 2012-01-07 18:29 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-01-07 18:12 . 2012-01-07 18:12 -------- d-----w- c:\program files (x86)\SEGA
2012-01-03 09:02 . 2012-01-03 09:02 -------- d-----w- c:\program files (x86)\Total War
2012-01-03 09:01 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 16:35 . 2012-01-02 16:32 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-27 21:31 . 2011-12-27 21:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 21:31 . 2011-12-27 21:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 21:31 . 2011-12-27 21:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 21:31 . 2011-12-27 21:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 21:31 . 2011-12-27 21:31 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 21:31 . 2011-12-27 21:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 21:31 . 2011-12-27 21:31 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 21:31 . 2011-12-27 21:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 21:31 . 2011-12-27 21:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 21:31 . 2011-12-27 21:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 21:31 . 2011-12-27 21:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 21:31 . 2011-12-27 21:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 21:31 . 2011-12-27 21:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 21:31 . 2011-12-27 21:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 21:31 . 2011-12-27 21:31 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 21:31 . 2011-12-27 21:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 21:31 . 2011-12-27 21:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 21:31 . 2011-12-27 21:31 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 21:31 . 2011-12-27 21:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 21:31 . 2011-12-27 21:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 21:31 . 2011-12-27 21:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 21:31 . 2011-12-27 21:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 21:31 . 2011-12-27 21:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 21:31 . 2011-12-27 21:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 21:31 . 2011-12-27 21:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 21:31 . 2011-12-27 21:31 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 21:31 . 2011-12-27 21:31 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 21:31 . 2011-12-27 21:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 21:31 . 2011-12-27 21:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 21:31 . 2011-12-27 21:31 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-27 21:31 . 2011-12-27 21:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 21:31 . 2011-12-27 21:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 21:31 . 2011-12-27 21:31 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 21:31 . 2011-12-27 21:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 21:31 . 2011-12-27 21:31 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 21:31 . 2011-12-27 21:31 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 21:31 . 2011-12-27 21:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 21:31 . 2011-12-27 21:31 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 21:31 . 2011-12-27 21:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 21:31 . 2011-12-27 21:31 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 21:31 . 2011-12-27 21:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 21:31 . 2011-12-27 21:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 02:58 . 2011-12-27 02:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 00:21 . 2011-12-27 00:21 51712 ----a-r- c:\users\Best Buy\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2011-12-27 00:21 . 2011-12-27 00:21 51712 ----a-r- c:\users\Best Buy\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2011-12-27 00:21 . 2011-12-27 00:21 51712 ----a-r- c:\users\Best Buy\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2011-12-27 00:21 . 2011-12-27 00:21 27648 ----a-r- c:\users\Best Buy\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2011-12-26 01:30 . 2011-12-26 01:30 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-26 00:59 . 2011-12-07 16:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-12-26 00:59 . 2011-12-07 15:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-12-26 00:59 . 2011-10-29 19:33 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-23 05:01 . 2011-12-07 14:57 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-16 13:29 . 2011-10-29 19:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-12-12 14:36 . 2011-10-29 19:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-07 15:03 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 05:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-23 22:54 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA13823-074C-4768-9EF0-239CDDC59B5C}\mpengine.dll
2011-11-05 05:32 . 2011-12-14 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 05:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_02.18.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-30 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-01 17:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-30 20:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 17:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-30 20:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 17:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-02-01 18:50 44112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-01 18:50 35284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 03:46 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\N360x64\0502000.00D\srtspx64.sys
+ 2011-12-27 20:41 . 2012-02-01 19:02 57484 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2009-07-14 04:46 . 2012-01-31 02:31 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-09 14:31 . 2012-02-01 18:50 9542 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-861803347-409576657-327302605-1000_UserData.bin
- 2012-01-31 02:17 . 2012-01-31 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 19:02 . 2012-02-01 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-31 02:17 . 2012-01-31 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-01 19:02 . 2012-02-01 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-30 20:43 673234 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-01 18:52 673234 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-01 18:52 129228 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-30 20:43 129228 c:\windows\system32\perfc009.dat
+ 2012-01-31 03:46 . 2011-04-21 01:37 386168 c:\windows\system32\drivers\N360x64\0502000.00D\symnets.sys
+ 2012-01-31 03:46 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\N360x64\0502000.00D\symefa64.sys
+ 2012-01-31 03:46 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\N360x64\0502000.00D\symds64.sys
+ 2012-01-31 03:46 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\N360x64\0502000.00D\srtsp64.sys
+ 2012-01-31 03:46 . 2010-11-16 01:45 171128 c:\windows\system32\drivers\N360x64\0502000.00D\ironx64.sys
- 2009-07-14 05:01 . 2012-01-31 02:17 231448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-01 19:02 231448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-31 10:10 . 2012-01-31 09:18 892528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-861803347-409576657-327302605-1000-4096.dat
- 2011-12-31 10:10 . 2012-01-21 22:26 892528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-861803347-409576657-327302605-1000-4096.dat
+ 2011-12-27 03:06 . 2012-01-31 09:18 872692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-861803347-409576657-327302605-1000-12288.dat
- 2011-12-27 03:06 . 2012-01-28 09:05 872692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-861803347-409576657-327302605-1000-12288.dat
+ 2011-09-08 22:58 . 2012-02-01 19:02 24134944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-861803347-409576657-327302605-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
c:\users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sendori Tray Icon.lnk - c:\program files (x86)\Sendori\SendoriTray.exe [2011-12-1 76096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120131.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-12-01 98624]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-27 138360]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 09:25]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 09:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.254
FF - ProfilePath - c:\users\Best Buy\AppData\Roaming\Mozilla\Firefox\Profiles\2126mdma.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-02-01 14:05:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 19:05
.
Pre-Run: 1,876,069,076,992 bytes free
Post-Run: 1,875,984,072,704 bytes free
.
- - End Of File - - EAF8A2EA614B314B737D21B15F5B2107

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 01 February 2012 - 04:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 07:34 PM

Here is the TDSSkiller log Gringo:

9:29:09.0443 0480 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
19:29:10.0317 0480 ============================================================
19:29:10.0317 0480 Current date / time: 2012/02/01 19:29:10.0317
19:29:10.0317 0480 SystemInfo:
19:29:10.0317 0480
19:29:10.0317 0480 OS Version: 6.1.7601 ServicePack: 1.0
19:29:10.0317 0480 Product type: Workstation
19:29:10.0317 0480 ComputerName: EL
19:29:10.0317 0480 UserName: Best Buy
19:29:10.0317 0480 Windows directory: C:\Windows
19:29:10.0317 0480 System windows directory: C:\Windows
19:29:10.0317 0480 Running under WOW64
19:29:10.0317 0480 Processor architecture: Intel x64
19:29:10.0317 0480 Number of processors: 4
19:29:10.0317 0480 Page size: 0x1000
19:29:10.0317 0480 Boot type: Normal boot
19:29:10.0317 0480 ============================================================
19:29:10.0691 0480 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:29:10.0707 0480 \Device\Harddisk0\DR0:
19:29:10.0707 0480 MBR used
19:29:10.0707 0480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:29:10.0707 0480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE757A800
19:29:10.0707 0480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE75AD000, BlocksNum 0x185B000
19:29:10.0785 0480 Initialize success
19:29:10.0785 0480 ============================================================
19:29:14.0856 3608 ============================================================
19:29:14.0856 3608 Scan started
19:29:14.0856 3608 Mode: Manual;
19:29:14.0856 3608 ============================================================
19:29:15.0543 3608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:29:15.0558 3608 1394ohci - ok
19:29:15.0636 3608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:29:15.0636 3608 ACPI - ok
19:29:15.0714 3608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:29:15.0714 3608 AcpiPmi - ok
19:29:15.0948 3608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:29:15.0948 3608 adp94xx - ok
19:29:16.0151 3608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:29:16.0151 3608 adpahci - ok
19:29:16.0323 3608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:29:16.0323 3608 adpu320 - ok
19:29:16.0541 3608 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:29:16.0541 3608 AFD - ok
19:29:16.0713 3608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:29:16.0713 3608 agp440 - ok
19:29:16.0900 3608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:29:16.0900 3608 aliide - ok
19:29:17.0103 3608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:29:17.0103 3608 amdide - ok
19:29:17.0274 3608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:29:17.0274 3608 AmdK8 - ok
19:29:17.0586 3608 amdkmdag (600c89344a1dc910e5af3852a0bc86f4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:17.0711 3608 amdkmdag - ok
19:29:17.0773 3608 amdkmdap (b191851b6fbf30532470d3541a104eef) C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:17.0773 3608 amdkmdap - ok
19:29:17.0789 3608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:29:17.0789 3608 AmdPPM - ok
19:29:17.0820 3608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:29:17.0820 3608 amdsata - ok
19:29:17.0867 3608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:29:17.0867 3608 amdsbs - ok
19:29:17.0883 3608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:29:17.0883 3608 amdxata - ok
19:29:17.0992 3608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:29:17.0992 3608 AppID - ok
19:29:18.0039 3608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:29:18.0039 3608 arc - ok
19:29:18.0070 3608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:29:18.0070 3608 arcsas - ok
19:29:18.0132 3608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:18.0132 3608 AsyncMac - ok
19:29:18.0210 3608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:29:18.0210 3608 atapi - ok
19:29:18.0475 3608 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
19:29:18.0475 3608 AtiHDAudioService - ok
19:29:18.0631 3608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:29:18.0631 3608 b06bdrv - ok
19:29:18.0803 3608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:18.0803 3608 b57nd60a - ok
19:29:18.0865 3608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:29:18.0865 3608 Beep - ok
19:29:19.0037 3608 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
19:29:19.0053 3608 BHDrvx64 - ok
19:29:19.0084 3608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:29:19.0084 3608 blbdrive - ok
19:29:19.0131 3608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:29:19.0131 3608 bowser - ok
19:29:19.0146 3608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:29:19.0146 3608 BrFiltLo - ok
19:29:19.0146 3608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:29:19.0162 3608 BrFiltUp - ok
19:29:19.0224 3608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:29:19.0224 3608 BridgeMP - ok
19:29:19.0271 3608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:29:19.0271 3608 Brserid - ok
19:29:19.0302 3608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:19.0302 3608 BrSerWdm - ok
19:29:19.0318 3608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:19.0318 3608 BrUsbMdm - ok
19:29:19.0333 3608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:19.0333 3608 BrUsbSer - ok
19:29:19.0349 3608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:29:19.0349 3608 BTHMODEM - ok
19:29:19.0380 3608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:29:19.0380 3608 cdfs - ok
19:29:19.0427 3608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:29:19.0427 3608 cdrom - ok
19:29:19.0443 3608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:29:19.0443 3608 circlass - ok
19:29:19.0489 3608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:29:19.0489 3608 CLFS - ok
19:29:19.0536 3608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:29:19.0536 3608 CmBatt - ok
19:29:19.0567 3608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:29:19.0567 3608 cmdide - ok
19:29:19.0614 3608 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:29:19.0614 3608 CNG - ok
19:29:19.0645 3608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:29:19.0645 3608 Compbatt - ok
19:29:19.0661 3608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:29:19.0661 3608 CompositeBus - ok
19:29:19.0692 3608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:29:19.0692 3608 crcdisk - ok
19:29:19.0739 3608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:29:19.0739 3608 DfsC - ok
19:29:19.0770 3608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:29:19.0770 3608 discache - ok
19:29:19.0770 3608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:29:19.0770 3608 Disk - ok
19:29:19.0817 3608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:29:19.0817 3608 drmkaud - ok
19:29:19.0879 3608 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:29:19.0879 3608 dtsoftbus01 - ok
19:29:19.0911 3608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:29:19.0911 3608 DXGKrnl - ok
19:29:20.0004 3608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:29:20.0051 3608 ebdrv - ok
19:29:20.0160 3608 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:29:20.0176 3608 eeCtrl - ok
19:29:20.0223 3608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:29:20.0238 3608 elxstor - ok
19:29:20.0301 3608 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:29:20.0301 3608 EraserUtilRebootDrv - ok
19:29:20.0332 3608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:29:20.0332 3608 ErrDev - ok
19:29:20.0379 3608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:29:20.0379 3608 exfat - ok
19:29:20.0394 3608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:29:20.0410 3608 fastfat - ok
19:29:20.0457 3608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:29:20.0457 3608 fdc - ok
19:29:20.0472 3608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:29:20.0472 3608 FileInfo - ok
19:29:20.0503 3608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:29:20.0503 3608 Filetrace - ok
19:29:20.0519 3608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:29:20.0519 3608 flpydisk - ok
19:29:20.0550 3608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:29:20.0550 3608 FltMgr - ok
19:29:20.0566 3608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:29:20.0566 3608 FsDepends - ok
19:29:20.0581 3608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:29:20.0581 3608 Fs_Rec - ok
19:29:20.0613 3608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:29:20.0628 3608 fvevol - ok
19:29:20.0659 3608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:29:20.0659 3608 gagp30kx - ok
19:29:20.0706 3608 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:29:20.0706 3608 GEARAspiWDM - ok
19:29:20.0769 3608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:29:20.0769 3608 hcw85cir - ok
19:29:20.0800 3608 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:29:20.0815 3608 HdAudAddService - ok
19:29:20.0847 3608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:29:20.0847 3608 HDAudBus - ok
19:29:20.0862 3608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:29:20.0862 3608 HidBatt - ok
19:29:20.0893 3608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:29:20.0893 3608 HidBth - ok
19:29:20.0909 3608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:29:20.0925 3608 HidIr - ok
19:29:20.0940 3608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:29:20.0940 3608 HidUsb - ok
19:29:20.0987 3608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:29:20.0987 3608 HpSAMD - ok
19:29:21.0018 3608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:29:21.0018 3608 HTTP - ok
19:29:21.0049 3608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:29:21.0049 3608 hwpolicy - ok
19:29:21.0065 3608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:29:21.0065 3608 i8042prt - ok
19:29:21.0081 3608 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
19:29:21.0096 3608 iaStor - ok
19:29:21.0112 3608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:29:21.0127 3608 iaStorV - ok
19:29:21.0299 3608 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120131.002\IDSvia64.sys
19:29:21.0315 3608 IDSVia64 - ok
19:29:21.0455 3608 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:29:21.0549 3608 igfx - ok
19:29:21.0595 3608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:29:21.0595 3608 iirsp - ok
19:29:21.0689 3608 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
19:29:21.0705 3608 IntcAzAudAddService - ok
19:29:21.0736 3608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:29:21.0736 3608 intelide - ok
19:29:21.0767 3608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:29:21.0767 3608 intelppm - ok
19:29:21.0798 3608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:21.0798 3608 IpFilterDriver - ok
19:29:21.0814 3608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:29:21.0814 3608 IPMIDRV - ok
19:29:21.0845 3608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:29:21.0845 3608 IPNAT - ok
19:29:21.0861 3608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:29:21.0861 3608 IRENUM - ok
19:29:21.0876 3608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:29:21.0876 3608 isapnp - ok
19:29:21.0892 3608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:29:21.0907 3608 iScsiPrt - ok
19:29:21.0954 3608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:21.0954 3608 kbdclass - ok
19:29:21.0985 3608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:21.0985 3608 kbdhid - ok
19:29:22.0032 3608 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:29:22.0032 3608 KSecDD - ok
19:29:22.0048 3608 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:29:22.0048 3608 KSecPkg - ok
19:29:22.0063 3608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:29:22.0063 3608 ksthunk - ok
19:29:22.0126 3608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:29:22.0126 3608 lltdio - ok
19:29:22.0173 3608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:29:22.0173 3608 LSI_FC - ok
19:29:22.0204 3608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:29:22.0204 3608 LSI_SAS - ok
19:29:22.0219 3608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:29:22.0219 3608 LSI_SAS2 - ok
19:29:22.0235 3608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:29:22.0235 3608 LSI_SCSI - ok
19:29:22.0251 3608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:29:22.0266 3608 luafv - ok
19:29:22.0266 3608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:29:22.0266 3608 megasas - ok
19:29:22.0282 3608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:29:22.0282 3608 MegaSR - ok
19:29:22.0329 3608 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
19:29:22.0329 3608 MEIx64 - ok
19:29:22.0344 3608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:29:22.0344 3608 Modem - ok
19:29:22.0375 3608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:29:22.0375 3608 monitor - ok
19:29:22.0391 3608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:29:22.0391 3608 mouclass - ok
19:29:22.0422 3608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:29:22.0422 3608 mouhid - ok
19:29:22.0438 3608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:29:22.0438 3608 mountmgr - ok
19:29:22.0469 3608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:29:22.0469 3608 mpio - ok
19:29:22.0469 3608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:29:22.0469 3608 mpsdrv - ok
19:29:22.0500 3608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:29:22.0500 3608 MRxDAV - ok
19:29:22.0547 3608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:22.0547 3608 mrxsmb - ok
19:29:22.0563 3608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:22.0563 3608 mrxsmb10 - ok
19:29:22.0594 3608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:22.0594 3608 mrxsmb20 - ok
19:29:22.0609 3608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:29:22.0609 3608 msahci - ok
19:29:22.0625 3608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:29:22.0625 3608 msdsm - ok
19:29:22.0656 3608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:29:22.0656 3608 Msfs - ok
19:29:22.0672 3608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:29:22.0672 3608 mshidkmdf - ok
19:29:22.0687 3608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:29:22.0687 3608 msisadrv - ok
19:29:22.0719 3608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:29:22.0719 3608 MSKSSRV - ok
19:29:22.0750 3608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:22.0750 3608 MSPCLOCK - ok
19:29:22.0765 3608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:29:22.0765 3608 MSPQM - ok
19:29:22.0797 3608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:29:22.0797 3608 MsRPC - ok
19:29:22.0812 3608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:29:22.0828 3608 mssmbios - ok
19:29:22.0843 3608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:29:22.0843 3608 MSTEE - ok
19:29:22.0859 3608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:29:22.0859 3608 MTConfig - ok
19:29:22.0890 3608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:29:22.0890 3608 Mup - ok
19:29:22.0953 3608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:29:22.0953 3608 NativeWifiP - ok
19:29:23.0124 3608 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120131.032\ENG64.SYS
19:29:23.0124 3608 NAVENG - ok
19:29:23.0187 3608 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120131.032\EX64.SYS
19:29:23.0202 3608 NAVEX15 - ok
19:29:23.0265 3608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:29:23.0265 3608 NDIS - ok
19:29:23.0296 3608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:23.0296 3608 NdisCap - ok
19:29:23.0327 3608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:23.0327 3608 NdisTapi - ok
19:29:23.0358 3608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:23.0358 3608 Ndisuio - ok
19:29:23.0358 3608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:23.0358 3608 NdisWan - ok
19:29:23.0405 3608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:29:23.0405 3608 NDProxy - ok
19:29:23.0436 3608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:29:23.0436 3608 NetBIOS - ok
19:29:23.0467 3608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:29:23.0467 3608 NetBT - ok
19:29:23.0514 3608 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
19:29:23.0530 3608 netr28x - ok
19:29:23.0577 3608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:29:23.0577 3608 nfrd960 - ok
19:29:23.0608 3608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:29:23.0608 3608 Npfs - ok
19:29:23.0623 3608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:29:23.0623 3608 nsiproxy - ok
19:29:23.0686 3608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:29:23.0717 3608 Ntfs - ok
19:29:23.0748 3608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:29:23.0748 3608 Null - ok
19:29:23.0795 3608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:29:23.0795 3608 nvraid - ok
19:29:23.0826 3608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:29:23.0826 3608 nvstor - ok
19:29:23.0857 3608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:29:23.0857 3608 nv_agp - ok
19:29:23.0873 3608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:29:23.0873 3608 ohci1394 - ok
19:29:23.0904 3608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:29:23.0904 3608 Parport - ok
19:29:23.0920 3608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:29:23.0920 3608 partmgr - ok
19:29:23.0935 3608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:29:23.0951 3608 pci - ok
19:29:23.0967 3608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:29:23.0967 3608 pciide - ok
19:29:23.0998 3608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:29:23.0998 3608 pcmcia - ok
19:29:24.0029 3608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:29:24.0029 3608 pcw - ok
19:29:24.0060 3608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:29:24.0060 3608 PEAUTH - ok
19:29:24.0154 3608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:24.0154 3608 PptpMiniport - ok
19:29:24.0154 3608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:29:24.0154 3608 Processor - ok
19:29:24.0201 3608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:29:24.0201 3608 Psched - ok
19:29:24.0247 3608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:29:24.0263 3608 ql2300 - ok
19:29:24.0294 3608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:29:24.0294 3608 ql40xx - ok
19:29:24.0310 3608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:29:24.0310 3608 QWAVEdrv - ok
19:29:24.0341 3608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:24.0341 3608 RasAcd - ok
19:29:24.0357 3608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:24.0357 3608 RasAgileVpn - ok
19:29:24.0388 3608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:24.0388 3608 Rasl2tp - ok
19:29:24.0435 3608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:24.0435 3608 RasPppoe - ok
19:29:24.0450 3608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:24.0450 3608 RasSstp - ok
19:29:24.0481 3608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:24.0481 3608 rdbss - ok
19:29:24.0481 3608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:29:24.0481 3608 rdpbus - ok
19:29:24.0513 3608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:24.0513 3608 RDPCDD - ok
19:29:24.0528 3608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:29:24.0528 3608 RDPENCDD - ok
19:29:24.0559 3608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:29:24.0559 3608 RDPREFMP - ok
19:29:24.0591 3608 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:29:24.0591 3608 RDPWD - ok
19:29:24.0622 3608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:29:24.0622 3608 rdyboost - ok
19:29:24.0684 3608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:24.0684 3608 rspndr - ok
19:29:24.0731 3608 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:24.0731 3608 RTL8167 - ok
19:29:24.0762 3608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:29:24.0762 3608 sbp2port - ok
19:29:24.0793 3608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:29:24.0793 3608 scfilter - ok
19:29:24.0809 3608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:29:24.0809 3608 secdrv - ok
19:29:24.0856 3608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:29:24.0856 3608 Serenum - ok
19:29:24.0871 3608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:29:24.0871 3608 Serial - ok
19:29:24.0887 3608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:29:24.0887 3608 sermouse - ok
19:29:24.0918 3608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:29:24.0918 3608 sffdisk - ok
19:29:24.0934 3608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:29:24.0949 3608 sffp_mmc - ok
19:29:24.0965 3608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:29:24.0965 3608 sffp_sd - ok
19:29:24.0981 3608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:29:24.0996 3608 sfloppy - ok
19:29:25.0043 3608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:29:25.0043 3608 SiSRaid2 - ok
19:29:25.0059 3608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:29:25.0074 3608 SiSRaid4 - ok
19:29:25.0090 3608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:29:25.0090 3608 Smb - ok
19:29:25.0121 3608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:29:25.0121 3608 spldr - ok
19:29:25.0183 3608 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
19:29:25.0183 3608 SRTSP - ok
19:29:25.0230 3608 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
19:29:25.0230 3608 SRTSPX - ok
19:29:25.0277 3608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:29:25.0277 3608 srv - ok
19:29:25.0324 3608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:29:25.0324 3608 srv2 - ok
19:29:25.0355 3608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:29:25.0355 3608 srvnet - ok
19:29:25.0402 3608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:29:25.0402 3608 stexstor - ok
19:29:25.0433 3608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:29:25.0433 3608 swenum - ok
19:29:25.0464 3608 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
19:29:25.0464 3608 SymDS - ok
19:29:25.0573 3608 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
19:29:25.0573 3608 SymEFA - ok
19:29:25.0620 3608 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:29:25.0620 3608 SymEvent - ok
19:29:25.0651 3608 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
19:29:25.0651 3608 SymIRON - ok
19:29:25.0667 3608 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
19:29:25.0667 3608 SymNetS - ok
19:29:25.0761 3608 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:29:25.0792 3608 Tcpip - ok
19:29:25.0839 3608 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:29:25.0854 3608 TCPIP6 - ok
19:29:25.0870 3608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:29:25.0870 3608 tcpipreg - ok
19:29:25.0885 3608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:29:25.0885 3608 TDPIPE - ok
19:29:25.0917 3608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:29:25.0917 3608 TDTCP - ok
19:29:25.0932 3608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:29:25.0932 3608 tdx - ok
19:29:25.0963 3608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:29:25.0963 3608 TermDD - ok
19:29:25.0979 3608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:25.0979 3608 tssecsrv - ok
19:29:26.0010 3608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:29:26.0010 3608 TsUsbFlt - ok
19:29:26.0026 3608 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:29:26.0026 3608 TsUsbGD - ok
19:29:26.0057 3608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:29:26.0057 3608 tunnel - ok
19:29:26.0073 3608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:29:26.0088 3608 uagp35 - ok
19:29:26.0104 3608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:29:26.0104 3608 udfs - ok
19:29:26.0135 3608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:29:26.0135 3608 uliagpkx - ok
19:29:26.0151 3608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:29:26.0151 3608 umbus - ok
19:29:26.0166 3608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:29:26.0166 3608 UmPass - ok
19:29:26.0229 3608 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:29:26.0229 3608 usbaudio - ok
19:29:26.0260 3608 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:26.0260 3608 usbccgp - ok
19:29:26.0291 3608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:29:26.0291 3608 usbcir - ok
19:29:26.0307 3608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:29:26.0307 3608 usbehci - ok
19:29:26.0322 3608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:29:26.0338 3608 usbhub - ok
19:29:26.0369 3608 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:29:26.0369 3608 usbohci - ok
19:29:26.0385 3608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:29:26.0385 3608 usbprint - ok
19:29:26.0400 3608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:26.0400 3608 USBSTOR - ok
19:29:26.0431 3608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:29:26.0431 3608 usbuhci - ok
19:29:26.0463 3608 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:29:26.0478 3608 usbvideo - ok
19:29:26.0494 3608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:29:26.0494 3608 vdrvroot - ok
19:29:26.0525 3608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:26.0525 3608 vga - ok
19:29:26.0541 3608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:29:26.0541 3608 VgaSave - ok
19:29:26.0572 3608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:29:26.0572 3608 vhdmp - ok
19:29:26.0587 3608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:29:26.0587 3608 viaide - ok
19:29:26.0603 3608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:29:26.0603 3608 volmgr - ok
19:29:26.0634 3608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:29:26.0634 3608 volmgrx - ok
19:29:26.0650 3608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:29:26.0665 3608 volsnap - ok
19:29:26.0697 3608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:29:26.0697 3608 vsmraid - ok
19:29:26.0728 3608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:26.0728 3608 vwifibus - ok
19:29:26.0759 3608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:26.0759 3608 vwififlt - ok
19:29:26.0853 3608 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:29:26.0853 3608 vwifimp - ok
19:29:26.0899 3608 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:29:26.0899 3608 wacmoumonitor - ok
19:29:26.0931 3608 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:29:26.0931 3608 wacommousefilter - ok
19:29:26.0946 3608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:29:26.0946 3608 WacomPen - ok
19:29:26.0993 3608 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
19:29:26.0993 3608 wacomvhid - ok
19:29:27.0024 3608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:27.0024 3608 WANARP - ok
19:29:27.0040 3608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:27.0040 3608 Wanarpv6 - ok
19:29:27.0087 3608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:29:27.0087 3608 Wd - ok
19:29:27.0118 3608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:29:27.0133 3608 Wdf01000 - ok
19:29:27.0165 3608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:27.0165 3608 WfpLwf - ok
19:29:27.0180 3608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:29:27.0180 3608 WIMMount - ok
19:29:27.0243 3608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:29:27.0243 3608 WmiAcpi - ok
19:29:27.0274 3608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:29:27.0274 3608 ws2ifsl - ok
19:29:27.0289 3608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:29:27.0289 3608 WudfPf - ok
19:29:27.0305 3608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:27.0305 3608 WUDFRd - ok
19:29:27.0336 3608 MBR (0x1B8) (014f5e41be749ec57e72a1aa1fb8a43a) \Device\Harddisk0\DR0
19:29:27.0508 3608 \Device\Harddisk0\DR0 - ok
19:29:27.0508 3608 Boot (0x1200) (bf6433052ac8d872007d9f2c5a240c0c) \Device\Harddisk0\DR0\Partition0
19:29:27.0508 3608 \Device\Harddisk0\DR0\Partition0 - ok
19:29:27.0523 3608 Boot (0x1200) (7fc3b9dfd1a1629a8654c31c094d5218) \Device\Harddisk0\DR0\Partition1
19:29:27.0523 3608 \Device\Harddisk0\DR0\Partition1 - ok
19:29:27.0555 3608 Boot (0x1200) (1a18b549102918ee0d1a47ad1ddf43d6) \Device\Harddisk0\DR0\Partition2
19:29:27.0555 3608 \Device\Harddisk0\DR0\Partition2 - ok
19:29:27.0555 3608 ============================================================
19:29:27.0555 3608 Scan finished
19:29:27.0555 3608 ============================================================
19:29:27.0570 4308 Detected object count: 0
19:29:27.0570 4308 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 01 February 2012 - 07:57 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 08:27 PM

Here is the aswMBR log Gringo and again thanks for your help.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 20:15:45
-----------------------------
20:15:45.519 OS Version: Windows x64 6.1.7601 Service Pack 1
20:15:45.519 Number of processors: 4 586 0x2A07
20:15:45.519 ComputerName: EL UserName:
20:15:47.141 Initialize success
20:23:54.267 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:54.267 Disk 0 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 3
20:23:54.283 Disk 0 MBR read successfully
20:23:54.298 Disk 0 MBR scan
20:23:54.298 Disk 0 unknown MBR code
20:23:54.298 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:23:54.314 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1895157 MB offset 206848
20:23:54.345 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12470 MB offset 3881488384
20:23:54.345 Service scanning
20:23:55.250 Modules scanning
20:23:55.250 Disk 0 trace - called modules:
20:23:55.250 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:23:55.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009674790]
20:23:55.265 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800777f050]
20:23:55.265 Scan finished successfully
20:24:30.334 Disk 0 MBR has been saved successfully to "C:\Users\Best Buy\Desktop\MBR.dat"
20:24:30.334 The log file has been saved successfully to "C:\Users\Best Buy\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 01 February 2012 - 08:46 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 09:31 PM

Okay this was OTL log:

OTL logfile created on: 2/1/2012 9:19:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Best Buy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.71% Memory free
15.96 Gb Paging File | 14.32 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.74 Gb Total Space | 1750.67 Gb Free Space | 94.59% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.49 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: EL | User Name: Best Buy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Best Buy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
PRC - C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
SRV - (Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120201.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120201.003\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120131.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/19
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/19


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861803347-409576657-327302605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/19
IE - HKU\S-1-5-21-861803347-409576657-327302605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/22 04:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/22 04:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/22 04:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/01 21:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/02/01 21:13:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 10:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 21:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Best Buy\AppData\Roaming\mozilla\Extensions
[2012/01/16 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/16 13:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Best Buy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Best Buy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Best Buy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/01 14:03:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861803347-409576657-327302605-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861803347-409576657-327302605-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861803347-409576657-327302605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{031B4F07-C33E-481C-8072-3268D3BA8895}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 21:15:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Best Buy\Desktop\OTL.exe
[2012/02/01 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{7E528270-D128-41D0-92FD-1F3075E265BB}
[2012/02/01 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{875AFFA0-C75F-4A13-AE16-10558FD1D5AA}
[2012/02/01 15:14:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 14:05:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/01 13:56:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/01 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\LOGS
[2012/02/01 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{06FFE933-6A4E-4E20-861C-EE658EB8EA74}
[2012/02/01 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BEDEC14D-7F43-4F9D-B020-5F9524CC1D03}
[2012/01/31 00:30:58 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/01/31 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/01/31 00:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/01/31 00:19:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9F5126FD-8F3C-488E-B7B9-0F34E03E0512}
[2012/01/31 00:19:45 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{16D02AC4-1EF5-4607-B7A1-C214BF80A1A5}
[2012/01/31 00:13:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{01E636BD-EDF7-40F4-B973-AB98B3B42EF6}
[2012/01/31 00:13:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E4F58F82-F04E-48A1-8887-BAF4369680FB}
[2012/01/30 15:55:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 15:55:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 15:55:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 15:55:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 15:55:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 21:45:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{41883208-588A-47FD-A652-3DFFBC01A819}
[2012/01/29 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{1700FD24-0610-4D57-A572-57213020C993}
[2012/01/29 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{96C40071-567D-44B0-972F-B9C10480F523}
[2012/01/29 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9743BDF6-EF42-4CA8-95F4-4EB792C5ABE8}
[2012/01/29 08:48:41 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{262D13E0-7498-476F-9855-37204F8BD482}
[2012/01/29 08:48:31 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9C5EEC91-3DD3-4E4A-AA22-49CD5CECCDE3}
[2012/01/28 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9EEB58DB-18D1-4AA0-8A9D-E5E5DF63EA6E}
[2012/01/28 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FFD00D54-7C00-45A6-BC14-7BA6B299F699}
[2012/01/28 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4EAC08C9-4960-40B4-954A-7CE047AADDC3}
[2012/01/28 19:05:17 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FB9F30AA-FE5B-48A0-BC57-D275CC96A1AC}
[2012/01/28 14:29:34 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0E3004F5-7795-490C-BB79-A04AFE781302}
[2012/01/28 14:29:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{48F96CA3-2D28-4C69-A078-971C48C1E54B}
[2012/01/28 10:39:04 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EA90C418-747F-401A-9250-41E9EEB4EAD1}
[2012/01/28 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{1D5F4C07-A922-41B5-B171-5553F5A86336}
[2012/01/28 04:07:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9D718C90-8762-44BF-B435-13E9A0E0502E}
[2012/01/28 04:06:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{46F5A2E6-A97E-41A6-AF43-87F403AD4CEA}
[2012/01/28 03:54:07 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{CEA42E3A-75D1-440C-84FF-880C22380C11}
[2012/01/28 03:53:57 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{52CE513E-CFBE-440D-B254-CB9B1D9E7B0E}
[2012/01/28 03:45:31 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F8C624A4-7698-44F0-BD3F-2BFF7571180F}
[2012/01/28 03:45:21 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E2428053-3AF1-466D-9B08-F2751F604ADF}
[2012/01/28 03:44:17 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\SYSTEMAX Software Development
[2012/01/28 03:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SYSTEMAX Software Development
[2012/01/28 03:43:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Desktop\PaintToolSAI
[2012/01/27 13:39:33 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A37A4010-46EE-41DF-AC42-217EEBCD4D3C}
[2012/01/27 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0DD6281D-817F-495A-876F-4900D70D7F30}
[2012/01/27 10:56:06 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{34EDDF98-80B2-44AF-80F7-1E8B3AA140F3}
[2012/01/27 10:55:56 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D7459F98-B51A-4073-B778-E87ECD616228}
[2012/01/26 20:36:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{801246B3-49C3-4AD1-A38F-91FD3A2DFCAA}
[2012/01/26 18:32:47 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{046153B6-B449-4183-A0CE-C2F7D486296D}
[2012/01/26 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0AB26A79-04E7-4BA1-9EBE-15300DE876E0}
[2012/01/26 15:10:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{79193C2B-1A02-4345-90FB-8C8CB10AC723}
[2012/01/26 15:10:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{690DF357-9096-4019-8983-E29B40E1B639}
[2012/01/26 07:53:04 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{65780777-7046-4EF0-9F56-6313257D5580}
[2012/01/26 07:52:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{5F509964-7F0F-41B8-938F-F1339035B32A}
[2012/01/26 03:17:04 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{5F2C96B3-86C5-4293-B8BE-C5B4B0A7525B}
[2012/01/26 03:16:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F18F2FEB-F562-48BD-974B-1BD91EE3BE1A}
[2012/01/25 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BAE2D177-F5B2-4781-BFE4-87922284F7B4}
[2012/01/25 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D3674606-EA17-422A-8A3C-D64DB628CA67}
[2012/01/25 17:50:40 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/25 17:50:40 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/25 17:50:39 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/25 17:50:39 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/25 17:50:39 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/25 17:50:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/25 12:09:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B2F1143D-DEBF-4D10-B7E7-CE07323D7AF6}
[2012/01/25 12:08:57 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{96D5935D-EA59-4BDA-9A8F-0571ECE3E9F6}
[2012/01/24 17:43:58 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FD5002C4-8B6F-491A-8878-71D17D6F3987}
[2012/01/24 17:43:48 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B740B1E9-1BEC-485B-A103-07CBE9886F88}
[2012/01/24 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E2279F46-90A2-49A5-A4BC-15CE42568BF3}
[2012/01/24 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{91FD3115-30B5-41FB-8576-FA6846282D64}
[2012/01/24 04:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/24 04:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/01/24 04:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012/01/24 03:44:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F3469356-CD61-45BD-B6B3-28478BB1BDF2}
[2012/01/24 03:44:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FE3BED7D-A9A9-4CEF-9CBE-8E51B2D9C804}
[2012/01/23 14:05:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\My Received Files
[2012/01/23 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6380E411-BCA2-4284-9F07-F07300AAFEEF}
[2012/01/23 12:23:18 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{612A52A5-7923-4E15-880D-C0370D95EFBA}
[2012/01/22 22:38:36 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{5BD19A4D-37CE-4EDD-8C30-1B938E952758}
[2012/01/22 22:38:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0E717277-1E9A-48CE-AA5F-3961ED4E9991}
[2012/01/22 19:43:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3D40CF86-1E7B-428D-8A57-CE8922896A14}
[2012/01/22 19:43:01 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{54410D6F-C324-4CA5-8277-DB535E082ADE}
[2012/01/22 19:23:02 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DBEBF425-9FC4-4C63-9D76-DC77C55DC6C5}
[2012/01/22 19:22:52 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{177D0066-10F2-40FA-9195-CADA92E6694C}
[2012/01/22 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{27CD142E-C14D-4E22-8B63-8B15157B2AC7}
[2012/01/22 10:57:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{27144263-DE05-4B95-AA76-94ADC0DA69FD}
[2012/01/21 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6F7DA8A0-1B83-42C7-9F2B-268C2813D7A4}
[2012/01/21 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8D2D177B-B3B6-401B-952C-0A7D6F04AED5}
[2012/01/21 15:54:41 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A44479FF-C5A6-4B3A-B434-ACF6C6E21CD1}
[2012/01/21 15:54:29 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{19CD5A9F-B21A-4A3A-8837-148E64C7C4B0}
[2012/01/21 03:29:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{2F6CF46E-8221-476C-AF51-FEBD6C8C6E45}
[2012/01/21 03:29:15 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{ED7A1572-FA90-4C93-B9E7-9974543BC6A5}
[2012/01/21 01:34:27 | 000,000,000 | R--D | C] -- C:\Users\Best Buy\Documents\Scanned Documents
[2012/01/21 01:34:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\Fax
[2012/01/20 15:22:30 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A3569A01-6BB7-442D-B934-430800483319}
[2012/01/20 15:22:20 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6FA65E27-9FAE-43F8-B24B-2030A3C5FB5A}
[2012/01/20 13:17:50 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DE6CED6B-2DD7-44F3-A4DF-47D52ED8D9CA}
[2012/01/20 13:17:40 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9F41C9A0-2E94-46AA-AB6F-4AD286DD6DC2}
[2012/01/20 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4E2F29B1-16EE-451B-9C34-B8D77BEC1A1E}
[2012/01/20 12:04:57 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6E2737B8-6E94-4A9A-9CD0-1ADAD09928FC}
[2012/01/20 09:00:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{76A70CFA-0AC4-49B0-A053-B3400BB76EC8}
[2012/01/20 09:00:13 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{597583D3-8C2E-4D3E-B4BB-A94C99E26625}
[2012/01/20 03:34:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9B7A2F52-ED6A-4767-8D6E-EC6F59CD66CB}
[2012/01/20 03:34:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{62481327-FB53-4832-95FA-6C7B1C24C184}
[2012/01/19 23:49:13 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{685FD6C7-0D03-4895-9BD9-393685A25160}
[2012/01/19 23:49:03 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C6BC6EBA-159B-4BCE-912F-A787D8DBAFF5}
[2012/01/19 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C0A84C74-A6B3-4E84-9843-600F491A21B8}
[2012/01/19 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{08F71B59-7641-4E0F-99F5-9201BF943146}
[2012/01/19 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C4C53432-81EA-4CA2-9C50-548D4F9D78A8}
[2012/01/19 16:42:58 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B6FBB7B7-EC86-422F-B4F6-27E35C320D1A}
[2012/01/19 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3530CC84-F849-454D-85D5-144A7C2CD6C6}
[2012/01/19 11:37:06 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FD7E37C6-4062-4FEC-B157-1FA2FFCFA8DE}
[2012/01/19 04:29:33 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C342DB0B-031B-4E81-B807-C3146DCCFF8E}
[2012/01/19 04:29:23 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{91DD6F5D-3A05-49A9-97A8-0D7BB5C750FC}
[2012/01/18 22:19:30 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{041BB57C-A0EC-45FD-B96B-E978BDF505C9}
[2012/01/18 22:19:20 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BA76FFEC-4472-4840-B13F-BC58FE3A4CB2}
[2012/01/18 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9D77A3EC-EFD0-4DB8-BC4C-CD7105D5C52D}
[2012/01/18 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{AA6D802C-CC36-4541-A0DA-553EBAFDBC6D}
[2012/01/18 14:37:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E82D6ACD-C75A-491E-9EA7-E681142B25D5}
[2012/01/18 12:16:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EF090C99-1BC2-4DBA-A882-FE8B6F82655D}
[2012/01/18 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3D9319B3-D93D-4900-994C-0049AD45E0E4}
[2012/01/18 00:24:13 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{7C941D36-A1A1-4A75-BA3D-93E3AB9C8204}
[2012/01/17 20:40:21 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EF248464-DC2A-4FAD-869C-6473ECF379C8}
[2012/01/17 20:40:11 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{37F4D4FC-498E-4B9B-96B0-F17439369AAC}
[2012/01/17 11:37:00 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{237E3D16-9631-456A-BC50-A6A60032DA09}
[2012/01/17 11:36:50 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DA6E8936-2748-4413-A7DD-596D0A723A5B}
[2012/01/16 23:57:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{83645FAC-EF1E-4F86-978C-04390800F6C4}
[2012/01/16 23:56:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{804A00D0-9759-423B-B786-100549EDACF9}
[2012/01/16 22:27:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{49B6CF5B-F23A-400D-886F-70541A7854C7}
[2012/01/16 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F75375A7-22A9-4934-9CD2-4A34EC9CFB00}
[2012/01/16 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\MPlayer
[2012/01/16 13:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/16 13:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/16 13:10:49 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/16 13:10:49 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/01/16 13:10:49 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/01/16 13:10:48 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/01/16 13:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/01/16 13:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/01/16 13:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/01/16 13:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012/01/16 10:43:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{562EEE4D-ABE8-4419-8182-30449E74F91F}
[2012/01/16 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{1D6D7DD2-694C-46F7-9850-F76F86326B13}
[2012/01/15 22:15:21 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A739BAF0-6A6D-4F99-BE09-90B2F50DCA28}
[2012/01/15 22:15:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{121C79C1-A840-4C12-BCDB-0695F2C5B0D7}
[2012/01/15 17:43:46 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C43BA2FF-C90E-4FB5-BCD7-830A962BDD42}
[2012/01/15 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{2A47CF07-39AB-4A94-A56F-ECAA2DC8D79C}
[2012/01/15 11:18:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{36FC3753-43EE-421B-85FC-A757EDA06ECC}
[2012/01/15 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DA39020B-8E04-454D-A2CB-3D85C9E94FDA}
[2012/01/15 11:17:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Apple Computer
[2012/01/15 10:58:23 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\Apple Computer
[2012/01/15 10:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/15 10:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/01/15 10:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/15 10:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/01/15 10:16:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\Apple
[2012/01/15 10:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/15 10:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/15 09:19:21 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DD0AD04B-1927-4081-81C3-7FD8318FE94E}
[2012/01/15 09:19:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A9E4B6A1-F478-4719-9600-57B3FF2E79DA}
[2012/01/15 01:47:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{843684E1-1632-44D5-959D-2DFB9750EC61}
[2012/01/15 01:47:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{CF528CF5-569D-419B-AE19-EF33BE71D4B0}
[2012/01/14 22:37:53 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{428C2427-B203-4EFC-BC24-49B61FDDDF68}
[2012/01/14 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E4F2399C-398D-4822-990D-7C1955D8E553}
[2012/01/14 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{AC2C33C3-2F51-4940-B439-437EA59A6DEF}
[2012/01/14 22:34:39 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8452E889-4E1E-46B9-9BA5-24C2E408FAF4}
[2012/01/14 22:30:27 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{45148089-9202-4702-A2D9-8F52931CC801}
[2012/01/14 22:30:17 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9E37E665-C638-4F95-B18A-1DFD24D1FD10}
[2012/01/14 22:26:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3A2F40A4-C141-4CEC-A90B-AEBF821603F1}
[2012/01/14 22:26:08 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A5C6EED3-15A7-4690-A06B-3BEF48D0E6EE}
[2012/01/14 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{53764808-3D2F-4C6B-A4FE-CD87EF239CDC}
[2012/01/14 18:37:46 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3ADC4CFC-00CD-4640-969B-762C57335875}
[2012/01/14 17:28:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BEE5A6B6-085B-4CA5-AF81-59CCD99C0CF8}
[2012/01/14 10:44:33 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9CC0BE39-F975-43A8-B325-F6CF480BF16E}
[2012/01/14 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F7809735-4913-4895-8F18-C723F4AFAD0A}
[2012/01/14 02:28:03 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{2746EAE8-F784-46C1-9435-8142ED856FA9}
[2012/01/14 02:27:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{AF543A55-78D9-4EF8-8E58-94C45FF86178}
[2012/01/14 00:55:22 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{360D6AF5-7FEB-4267-A008-8768BDC4519F}
[2012/01/14 00:55:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D0354F69-ABBF-44C7-9C4A-B4A4DC6C975B}
[2012/01/13 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{34E62DB9-2C7C-4113-8EC4-A2FC9F317C84}
[2012/01/13 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{2C4A9152-A09C-4EE3-846B-715A34DCB68F}
[2012/01/13 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8265BCC8-890B-438C-B00F-C1A196B53817}
[2012/01/13 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9A788266-278D-4BEC-9240-9E9D2395196E}
[2012/01/13 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0C694CF2-B6C0-4F16-B8FF-574A67824D4F}
[2012/01/13 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0002A2DF-5E37-414C-96D3-5DB5C24C8E24}
[2012/01/13 04:44:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{842D54A4-F410-487E-98E0-023EB4B0810A}
[2012/01/13 04:43:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9904CD20-0815-44AB-B69B-26F2CC717796}
[2012/01/13 04:19:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4AF51013-F97F-43EA-975D-10D8FBB4BAD1}
[2012/01/13 04:19:00 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BE4E73FD-89E4-4512-963F-FDB82D6F0DC8}
[2012/01/13 00:44:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0B14277C-B47F-475D-95F4-8699821687EE}
[2012/01/13 00:44:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{ACF3140F-01C7-488A-880F-8B7EFD1A2C46}
[2012/01/12 22:21:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9B96EA40-3FD8-4D39-8D05-4B0AD75FB914}
[2012/01/12 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{378580FC-F733-4565-A79E-D6A9D96D09D9}
[2012/01/12 13:44:39 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B5A4EB9D-5B8A-4642-9303-2378D7DC656E}
[2012/01/12 13:44:29 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{25F906C5-A812-43CC-95AE-3F57A0E0CAD2}
[2012/01/12 11:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/01/12 11:22:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\Paint.NET
[2012/01/12 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B7AA96C0-08C8-4E2E-AE8A-37DBED694CC3}
[2012/01/12 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D5898A78-A1D8-44B1-AE95-CD485B8F9D30}
[2012/01/12 08:54:40 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{453C4F83-8FC9-477A-A769-AEFAA7583E8F}
[2012/01/12 08:54:30 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{1C29D946-E6CA-4E76-B6BB-FD5262E07C7C}
[2012/01/11 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D3F0B19C-888B-4A12-A751-577CF279D710}
[2012/01/11 09:18:53 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{AA4DC910-6631-4C5C-BE18-F9CFC8EE8F88}
[2012/01/11 07:02:50 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DD15B154-F592-4BF5-9E34-34BD69181CA5}
[2012/01/11 07:02:40 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D1102C3A-F159-4BBF-B260-EEB82B13BCB1}
[2012/01/11 02:31:22 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 02:31:22 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 02:31:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 02:31:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 02:31:20 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 02:31:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 02:31:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 18:19:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{FE070750-A3D5-4314-84F2-B7A947CFA8BA}
[2012/01/10 18:19:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{00E1EE6D-BA25-4E31-A7AA-B2BA6A0EC93D}
[2012/01/10 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DCF8CA41-CD5F-49E2-9F28-71D5057A3A4D}
[2012/01/10 13:09:28 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3FDE56F2-2F0D-49C7-9D96-BBBCF50AF51C}
[2012/01/10 04:23:07 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total War
[2012/01/10 04:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2012/01/09 23:49:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{332E69AF-AFCE-4572-8134-3FA2EED8832A}
[2012/01/09 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E1DA38AB-CE77-432E-BEBB-46D8153D5FF7}
[2012/01/09 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{ECE72A13-1D53-4026-A4B7-6FC41C97FFE8}
[2012/01/09 22:05:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{84D9DB84-3D6D-406D-BC42-6279B2286A01}
[2012/01/09 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\Mount&Blade With Fire and Sword
[2012/01/09 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/01/09 19:44:01 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2012/01/09 19:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2012/01/09 19:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mount&Blade With Fire and Sword
[2012/01/09 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{470681FA-AF26-4366-A1C7-1F7F76BA0930}
[2012/01/09 01:37:44 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\PackageAware
[2012/01/09 01:04:28 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\Mount&Blade Warband
[2012/01/08 23:07:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\Mount&Blade Warband Savegames
[2012/01/08 23:04:25 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Mount&Blade Warband
[2012/01/08 23:02:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\GetRightToGo
[2012/01/08 23:02:54 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\Documents\Downloads
[2012/01/08 22:59:28 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
[2012/01/08 22:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
[2012/01/08 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mount&Blade Warband
[2012/01/08 22:45:37 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C55958F6-36CD-4865-AB8B-4093A38441A5}
[2012/01/08 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0ECD9B1F-2F41-4860-8B10-A3A98D91A61C}
[2012/01/08 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{211B3E89-834E-4EFB-B5F9-1E7A301B0274}
[2012/01/08 19:26:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{3CE3FA32-690A-43F1-80EA-49CF32F696F8}
[2012/01/08 14:50:38 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{487AE459-8376-4F33-9468-13237F706366}
[2012/01/08 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E98E1E78-F660-435D-92C3-A61258636352}
[2012/01/08 12:58:32 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4018FA95-AB5C-4024-9C00-1E6B5491B3CB}
[2012/01/08 12:58:18 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DD416C91-41A5-420C-AEB3-938C410F405E}
[2012/01/07 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B957EE27-8A6F-448E-A1D9-C836FD4FB3E6}
[2012/01/07 23:19:43 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{193EE0FB-3932-4DD7-819F-2025D876CAA8}
[2012/01/07 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C98321C8-556D-4435-8395-B0A910A1AF9B}
[2012/01/07 21:36:17 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6A73161C-1A1E-415A-AC75-822C7E93DA8D}
[2012/01/07 16:40:15 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{2158BCC1-522D-4FE6-BD20-4FA73F072679}
[2012/01/07 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{7B2E6F5F-E464-4DCB-BCB9-8C37812765BC}
[2012/01/07 15:27:22 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E653502E-D8D8-4F4B-88A5-8EF5BB50EB77}
[2012/01/07 15:27:12 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D1C0142B-FAB1-451B-9696-31E882250C16}
[2012/01/07 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\InstallShield
[2012/01/07 15:05:13 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\ApplicationHistory
[2012/01/07 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0D62696E-1BE9-4410-A1AF-3A7533DDDCD4}
[2012/01/07 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DD4C7128-B6A0-41C9-BFB7-A1A2E1D7B696}
[2012/01/07 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\WinRAR
[2012/01/07 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/07 14:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/07 14:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/01/07 13:29:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/01/07 13:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/01/07 13:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2012/01/07 00:26:35 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BB942B3D-C998-4CBD-85E4-3B4A4B10A0B2}
[2012/01/07 00:26:26 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C4165013-BC6C-472F-812B-12F1CA9127A4}
[2012/01/06 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{37F1E371-0750-4E30-ACAB-DA89CCAD1E4F}
[2012/01/06 21:18:30 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8057639C-4454-495D-AE1A-9B24331732B0}
[2012/01/06 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0691519B-9F1F-4C6C-823E-2C1566E35207}
[2012/01/06 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{BF9BF977-E6ED-45A5-976C-265E16DDB0A1}
[2012/01/06 11:52:46 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4FB5E4CD-174F-419C-9E7B-900CC775EEB9}
[2012/01/06 11:52:35 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{1B55A026-BC1D-486B-997C-3F4496BFE848}
[2012/01/05 22:38:17 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{DD1385B1-F473-4CA6-8EEA-71E7DD93B546}
[2012/01/05 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{9824CF56-0E8E-4C05-9886-A5EE8B2294CE}
[2012/01/05 19:06:08 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EFC37C52-74BB-4CF5-883C-CDEC90876126}
[2012/01/05 13:59:43 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{23394E58-BE7D-481C-82A7-A5F882113621}
[2012/01/05 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{891C1BD8-F4CB-4F31-BE23-9854A2B4D4BB}
[2012/01/05 03:07:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D1CB434C-0728-4215-8603-2FE242A8E705}
[2012/01/05 03:07:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{6D84FB24-20AF-47C5-B70A-0EF973BBF8CA}
[2012/01/04 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{A0541E15-A54C-4D7C-8100-8F5AB068A490}
[2012/01/04 20:48:56 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{7535428A-94F0-4119-91E6-FFA2EB7AA529}
[2012/01/04 19:12:31 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{93F5FE0F-1606-43A4-A0E6-17B42E52E729}
[2012/01/04 19:12:21 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{99C0D5E2-D664-45AD-8CDD-A4041C5DCBC5}
[2012/01/04 15:36:51 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{B4A5A8AF-8A6B-4B51-B5CE-8753C9FDE262}
[2012/01/04 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{5E33BE84-55A6-4EBF-95A4-659D38B5F60F}
[2012/01/04 15:22:28 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{196F5BF8-0283-4747-8FB1-5DE40F561767}
[2012/01/04 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F670395A-6882-4CC3-9DBF-3F9B40B1CF73}
[2012/01/04 14:19:19 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EF3B2A7B-7AD1-4D7D-AD45-1DEDE2BDCDB7}
[2012/01/04 14:19:09 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{969000FA-B440-487F-8ECD-9701DDEB3905}
[2012/01/04 11:26:10 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8E180E22-943F-4A58-9C30-05051612967D}
[2012/01/04 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{0AB758CC-9FE5-4CE5-8F03-8C9E9177894B}
[2012/01/04 03:16:15 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{4197D1EF-3981-4901-A356-0F39B976A034}
[2012/01/04 03:16:06 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{CDF1AE6E-577F-437B-BA88-98B56589C6C6}
[2012/01/04 02:47:03 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{F1C7B740-D016-460A-A403-7966EE238D3C}
[2012/01/04 02:46:52 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{930E01C6-A5F4-4AC1-905D-487A2CDFF7FB}
[2012/01/04 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{EFFD8FCE-57F8-4820-920A-5172AE45E4FB}
[2012/01/04 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{72F564EF-2F4D-43A2-8E7C-701130249CFD}
[2012/01/03 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{D8963EE4-9F77-4135-9C7A-08B87C443791}
[2012/01/03 18:28:41 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8ACA1B56-17E0-48E7-88A3-1CF541A4BDFB}
[2012/01/03 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{E6575703-2D6C-4FD5-958C-15B7B077B261}
[2012/01/03 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{C3391D2F-5602-4ADD-B4E3-163463C2BF62}
[2012/01/03 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{7E9791DA-49E2-414D-AB06-87C69735E344}
[2012/01/03 12:00:24 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{ADF8156B-BA0E-4FE2-B63D-68D07FCDDA83}
[2012/01/03 04:05:41 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/03 04:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War
[2012/01/03 04:01:34 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012/01/03 02:00:05 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{591351F9-4FE1-49FD-8D91-9D17FD9D7C02}
[2012/01/03 01:59:55 | 000,000,000 | ---D | C] -- C:\Users\Best Buy\AppData\Local\{8F8E9483-7996-41CF-A0CC-DE7B5B7FBABF}

========== Files - Modified Within 30 Days ==========

[2012/02/01 21:20:42 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 21:20:42 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 21:17:51 | 000,792,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/01 21:17:51 | 000,673,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 21:17:51 | 000,129,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 21:16:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Best Buy\Desktop\OTL.exe
[2012/02/01 21:13:34 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 21:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 21:13:19 | 2133,745,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 20:41:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 20:24:30 | 000,000,512 | ---- | M] () -- C:\Users\Best Buy\Desktop\MBR.dat
[2012/02/01 14:03:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 04:39:40 | 000,001,255 | ---- | M] () -- C:\Users\Best Buy\.recently-used.xbel
[2012/01/31 20:31:51 | 000,003,113 | ---- | M] () -- C:\Users\Best Buy\Desktop\ElliottResume.rtf
[2012/01/30 21:26:43 | 000,000,168 | ---- | M] () -- C:\Users\Best Buy\defogger_reenable
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012/01/24 04:26:17 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/24 04:26:17 | 000,002,237 | ---- | M] () -- C:\Users\Best Buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 13:10:41 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/16 13:10:41 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/01/16 13:10:41 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/01/16 13:10:41 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/01/15 10:17:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/13 04:46:42 | 000,002,586 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/01/12 11:23:20 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/01/11 19:29:41 | 008,076,838 | ---- | M] () -- C:\Users\Best Buy\firstvect.svg
[2012/01/10 04:23:08 | 000,000,285 | ---- | M] () -- C:\Windows\VTW.INI
[2012/01/07 13:29:32 | 000,800,242 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/04 12:01:14 | 000,003,088 | ---- | M] () -- C:\Users\Best Buy\Documents\oldresume4edit.rtf
[2012/01/04 12:00:32 | 000,001,064 | ---- | M] () -- C:\Users\Best Buy\Documents\newresume.rtf

========== Files Created - No Company Name ==========

[2012/02/01 20:24:30 | 000,000,512 | ---- | C] () -- C:\Users\Best Buy\Desktop\MBR.dat
[2012/02/01 04:39:40 | 000,001,255 | ---- | C] () -- C:\Users\Best Buy\.recently-used.xbel
[2012/01/31 20:23:49 | 000,003,113 | ---- | C] () -- C:\Users\Best Buy\Desktop\ElliottResume.rtf
[2012/01/30 21:26:43 | 000,000,168 | ---- | C] () -- C:\Users\Best Buy\defogger_reenable
[2012/01/30 15:55:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 15:55:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 15:55:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 15:55:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 15:55:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/28 03:43:45 | 000,000,643 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
[2012/01/24 04:26:17 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/24 04:26:17 | 000,002,237 | ---- | C] () -- C:\Users\Best Buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/24 04:25:13 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 04:25:12 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/15 10:17:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/15 10:16:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/12 11:23:20 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/01/12 11:23:18 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/01/11 19:29:40 | 008,076,838 | ---- | C] () -- C:\Users\Best Buy\firstvect.svg
[2012/01/10 04:23:08 | 000,000,285 | ---- | C] () -- C:\Windows\VTW.INI
[2012/01/04 12:01:14 | 000,003,088 | ---- | C] () -- C:\Users\Best Buy\Documents\oldresume4edit.rtf
[2012/01/04 12:00:32 | 000,001,064 | ---- | C] () -- C:\Users\Best Buy\Documents\newresume.rtf
[2011/12/26 19:30:36 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2011/12/26 19:29:38 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769171121
[2011/12/26 19:21:34 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2011/12/26 19:17:30 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2011/07/22 03:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/22 03:43:15 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 12:15:43 | 000,800,242 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#12 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 09:36 PM

Can I delete the MBR.dat file from my desktop that was created or can I move it somewhere else?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 01 February 2012 - 09:37 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/12/26 19:30:36 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2011/12/26 19:29:38 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769171121
    [2011/12/26 19:21:34 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    [2011/12/26 19:17:30 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 eljim

eljim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 01 February 2012 - 10:00 PM

Since you didn't specify for me I ran the OTL.eexe with the default settings, did you want me run it with the previous settings checked such as safelist?
I get the prompt that this site is attempting to redirect you to another page. It happens every time I come to this forum.


This is the log report that came up though.

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Best Buy\Desktop\cmd.bat deleted successfully.
C:\Users\Best Buy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Best Buy
->Temp folder emptied: 2653952 bytes
->Temporary Internet Files folder emptied: 33639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55375612 bytes
->Google Chrome cache emptied: 18646798 bytes
->Flash cache emptied: 43042 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.00 mb


[EMPTYJAVA]

User: All Users

User: Best Buy
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Best Buy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02012012_215154

Files\Folders moved on Reboot...
C:\Users\Best Buy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 01 February 2012 - 10:10 PM

How are things running



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users