Solved Computer freezing a lot + noises

[hongtd]

it's been freezing like there is no tomorrow. from time to time high pitched screeching noises come out from the mousepad area ( i have a sony vaio z laptop)
ive cleaned the registry using registry easy and ccleaner but that didnt fix anything.
ive tried defragmenting but it always freezes and sometimes the computer shuts off and restarts and a black screen comes up that says OPERATING SYSTEM NOT FOUND. and then i have to force restart it.
im guessing this is a virus?

thank you in advance

[HJT log removed - Broni]

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

ive cleaned the registry using registry easy and ccleaner

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don’t use registry cleaners
• Do I need a Registry Cleaner?

 

[hongtd]

sorry for the late response. it took FOREVER to do all these cause my computer kept freezing. unfortunately, my computer couldnt finish running malwarebytes on safe mode because it just kept freezing but i actually ran this yesterday when i still had the freezing problem. ill post the log of that.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/29/2010 3:32:14 AM
mbam-log-2010-11-29 (03-32-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 12440
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-30 00:18:09
Windows 6.1.7600
Running: e44zzxk5.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214fc18165
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214fc18165 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Nexon\\xb9Ù\xb6\xf7ÀÇ\xb3ª\xb6ó\Uninstall.exe 1

---- EOF - GMER 1.0.15 ----



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/25/2009 5:00:15 PM
System Uptime: 11/29/2010 11:52:08 PM (1 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | N/A | 2401/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 290 GiB total, 59.527 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
afreeca streamer(SBS) Á¦°Å
AIM 7
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
ArcSoft WebCam Companion 3
ASIO4ALL
Auslogics Disk Defrag
AVG 9.0
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
Boingo Wi-Fi
BufferChm
Click to Disc
Click to Disc Editor
Copy
D3DX10
Destinations
DeviceDiscovery
Diablo II
DivX Setup
DJ_AIO_03_F4200_Software_Min
Download Updater (AOL LLC)
F4200
FL Studio 9
GOM Player
Google Chrome
Gorealra3
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IL Download Manager
InterActual Player
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox (3.6.12)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music Transfer
PoiZone
Primo
Qualcomm Gobi Driver Package for Sony
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Registry Mum 1.0
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Sawer
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Setting Utility Series
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SmartWi Connection Utility
SolutionCenter
Sony Download Taxi 1.5.0.0
Sony Picture Utility
StarCraft II
StarCraft II Beta
Status
System Requirements Lab
Toolbox
Toxic Biohazard
TrayApp
UnloadSupport
VAIO Care
VAIO Control Center
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Movie Story
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Presentation Support
VAIO Update 4
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.5
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

11/30/2010 12:26:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
11/29/2010 9:54:58 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
11/29/2010 9:54:14 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/29/2010 9:49:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/29/2010 9:43:07 PM, Error: Service Control Manager [7034] - The AVG9IDSAgent service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 8:03:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
11/29/2010 7:44:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/29/2010 6:11:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
11/29/2010 3:58:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2010 3:36:55 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/29/2010 3:36:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/29/2010 3:26:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/29/2010 3:07:37 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2010 3:07:29 AM, Error: Service Control Manager [7034] - The Qualcomm Gobi Download Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 3:07:15 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2010 3:06:34 AM, Error: Service Control Manager [7034] - The CamMonitor service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 3:00:18 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 2:35:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
11/29/2010 2:34:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
11/29/2010 2:29:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
11/29/2010 2:28:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
11/29/2010 2:12:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
11/29/2010 2:11:41 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/29/2010 11:59:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/29/2010 11:59:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
11/29/2010 11:57:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/29/2010 11:57:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
11/29/2010 11:56:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/29/2010 11:56:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/29/2010 11:56:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
11/29/2010 11:53:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
11/29/2010 10:12:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/29/2010 10:12:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/29/2010 10:12:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/29/2010 10:12:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/29/2010 10:12:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2010 10:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/29/2010 10:12:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2010 10:12:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 3:09:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
11/28/2010 2:35:28 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
11/28/2010 12:33:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
11/28/2010 1:56:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
11/27/2010 8:24:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
11/27/2010 6:22:27 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
11/27/2010 12:20:39 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CE8F473D-5EF3-497E-BFBD-1492290756BD} because another computer on the network has the same name. The server could not start.
11/27/2010 10:13:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
11/26/2010 12:36:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
11/26/2010 12:36:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
11/26/2010 12:35:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
11/26/2010 12:34:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
11/26/2010 12:33:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bonjour Service service.
11/26/2010 12:33:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
11/26/2010 12:31:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
11/26/2010 12:30:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
11/26/2010 12:29:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
11/26/2010 12:28:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
11/26/2010 12:27:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
11/26/2010 11:32:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VAIO Event Service service.
11/25/2010 10:18:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR14.
11/24/2010 11:31:05 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on G: cannot be read.
11/24/2010 11:27:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/24/2010 10:44:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR12.

==== End Of File ===========================





DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Tony at 0:18:16.63 on Tue 11/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4027.2467 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\RMClock\RMClock.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files (x86)\Registry Mum\RegistryMumService.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tony\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RMClock] "C:\Program Files (x86)\RMClock\RMClockLauncher.exe"
uRun: [Google Update] "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [hpqSRMon] "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\303B67~1.LNK - C:\Program Files (x86)\SBS\Gorealra3\Goreala.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60_vista.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
mRun-x64: [Skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
mRun-x64: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
mRun-x64: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
mRun-x64: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "C:\Windows\system32\igfxpers.exe"
mRun-x64: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSwa.sys [2010-8-30 27216]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-8-30 56008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-25 55856]
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-10-25 25120]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-30 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-30 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-30 317520]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-30 308136]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-8-30 5897808]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 QDLService;Qualcomm Gobi Download Service;C:\QUALCOMM\QDLService\QDLService.exe [2009-8-6 345336]
R2 RegMumService;RegistryMum Service;C:\Program Files (x86)\Registry Mum\RegistryMumService.exe [2010-11-29 1553344]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-10-25 177696]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-10-25 104960]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-10-25 19968]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-8-30 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-8-30 35920]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-25 292864]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-10-25 287960]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-25 5435904]
R3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2009-10-27 14352]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-10-25 11392]
R3 SPI;Sony Programmable I/O Control Device;C:\Windows\System32\drivers\SonyPI.sys [2009-10-25 17536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-4-7 167424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]

=============== Created Last 30 ================

2010-11-29 20:53:07 -------- d-----w- C:\Program Files\Registry Easy
2010-11-29 16:09:40 -------- d-----w- C:\Program Files (x86)\Auslogics
2010-11-29 15:32:22 -------- d-----w- C:\Program Files (x86)\Registry Mum
2010-11-29 09:25:27 -------- d-----w- C:\Users\Tony\AppData\Roaming\Malwarebytes
2010-11-29 09:25:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 09:25:21 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-29 09:25:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-29 09:25:21 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-24 08:20:16 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 08:20:16 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-17 02:09:57 -------- d-----w- C:\Program Files\CCleaner
2010-11-16 02:17:50 -------- d-----w- C:\Program Files\iPod
2010-11-16 02:17:49 -------- d-----w- C:\Program Files\iTunes
2010-11-16 02:17:49 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-09 11:32:33 -------- d-----w- C:\Program Files (x86)\Boingo
2010-11-09 11:32:33 -------- d-----w- C:\PROGRA~3\GoBoingo
2010-11-06 17:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 17:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2010-09-28 21:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 21:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-18 22:21:59 256 ----a-w- C:\Windows\SysWow64\pool.bin
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 0:26:28.81 ===============



also thank you so much for your help! i really appreciate it

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[hongtd]

the virus scan of super antispyware is cuurently at 7hours and 20minutes and it has only scanned 663 memory items and 2700 registry items. it is going very slowly. should i continue this or stop? so far there arent any infected items.

 

[Broni]

Please continue.
We don't have too many scanners for 64-bit systems, so as long as it's moving, keep it going.

 

[hongtd]

it was running for 22ish hours when it froze... had scanned all the memory, registry items and about 8000 files. no items were infected yet. should i rerun the scan?

here is the log for MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: INSYDE
System Manufacturer: Sony Corporation
System Product Name: VGN-Z620D
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 212):
0x0305F000 \SystemRoot\system32\ntoskrnl.exe
0x03016000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CEB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D2F000 \SystemRoot\system32\PSHED.dll
0x00D43000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E6B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F0F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F1E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F75000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F7E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F88000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FC8000 \SystemRoot\System32\drivers\partmgr.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00DA1000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E15000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x00E4E000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B0000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011CC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011D5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01000000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0100B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0101B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01026000 \SystemRoot\system32\drivers\fltmgr.sys
0x01072000 \SystemRoot\system32\drivers\fileinfo.sys
0x01086000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0147A000 \SystemRoot\System32\Drivers\msrpc.sys
0x014D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F2000 \SystemRoot\System32\Drivers\cng.sys
0x01565000 \SystemRoot\System32\drivers\pcw.sys
0x01576000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0165E000 \SystemRoot\system32\drivers\ndis.sys
0x01750000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B0000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01580000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01652000 \SystemRoot\system32\DRIVERS\shpf.sys
0x017DB000 \SystemRoot\System32\Drivers\mup.sys
0x017ED000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015CC000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015E2000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x017F6000 \SystemRoot\System32\Drivers\AVGIDSwa.sys
0x02D4E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D78000 \SystemRoot\System32\Drivers\Null.SYS
0x02D81000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D88000 \SystemRoot\System32\drivers\vga.sys
0x02D96000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DBB000 \SystemRoot\System32\drivers\watchdog.sys
0x02DCB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DD4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DDD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DE6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A36000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03A87000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ACC000 \SystemRoot\system32\drivers\afd.sys
0x03B56000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B5F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B85000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B94000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C26000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C77000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C83000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C8E000 \SystemRoot\System32\drivers\discache.sys
0x03C9D000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CBB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CCC000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03CD4000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03D1B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D41000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03D57000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0536B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0925F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03E38000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F2C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03F72000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
0x03FBB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x09967000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03FC8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0404B000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x04586000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x045C4000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x045DC000 \SystemRoot\system32\DRIVERS\rimssn64.sys
0x04000000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0401E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0402D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0403C000 \SystemRoot\system32\DRIVERS\SonyPI.sys
0x099BD000 \SystemRoot\system32\drivers\tpm.sys
0x04041000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x099CC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x099D9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x099E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x099F2000 \SystemRoot\System32\Drivers\RootMdm.sys
0x09200000 \SystemRoot\system32\drivers\modem.sys
0x0920F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x09225000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x09249000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05309000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05338000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0536D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0538E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x09255000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x04044000 \SystemRoot\system32\DRIVERS\swenum.sys
0x053A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x053EB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D5C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05353000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x09E1D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03DB6000 \SystemRoot\system32\drivers\portcls.sys
0x09FCA000 \SystemRoot\system32\drivers\drmk.sys
0x09FEC000 \SystemRoot\system32\drivers\ksthunk.sys
0x0A03B000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x0A22A000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x0A08D000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x0A39E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x0A3AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x02C1E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0A3B8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0A3CB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0A3E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0A3EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0A200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0A219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0A158000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0A165000 \SystemRoot\System32\Drivers\tcusb.sys
0x0A178000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0A1A6000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x0219F000 \SystemRoot\system32\drivers\luafv.sys
0x021C2000 \SystemRoot\system32\drivers\WudfPf.sys
0x021E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02000000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02053000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02066000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0207E000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
0x0A000000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
0x026F2000 \SystemRoot\system32\drivers\HTTP.sys
0x027BA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x027D8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0262D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0267B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0269E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x0D835000 \SystemRoot\system32\drivers\peauth.sys
0x0D8DB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0D8E6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0D913000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0D925000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x0D92D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0E27E000 \SystemRoot\System32\DRIVERS\srv.sys
0x0E314000 \??\C:\Program Files (x86)\RMClock\RTCore64.sys
0x0E31A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0E3BC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x006F0000 \SystemRoot\System32\cdd.dll
0x0E3D5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x775F0000 \Windows\System32\ntdll.dll
0x481C0000 \Windows\System32\smss.exe
0xFF910000 \Windows\System32\apisetschema.dll
0xFFDD0000 \Windows\System32\autochk.exe
0xFF8E0000 \Windows\System32\imagehlp.dll
0x777C0000 \Windows\System32\psapi.dll
0xFF800000 \Windows\System32\advapi32.dll
0x774F0000 \Windows\System32\user32.dll
0xFF7F0000 \Windows\System32\lpk.dll
0x777B0000 \Windows\System32\normaliz.dll
0xFEA60000 \Windows\System32\shell32.dll
0x773D0000 \Windows\System32\kernel32.dll
0xFE800000 \Windows\System32\iertutil.dll
0xFE7F0000 \Windows\System32\nsi.dll
0xFE7A0000 \Windows\System32\Wldap32.dll
0xFE6C0000 \Windows\System32\oleaut32.dll
0xFE650000 \Windows\System32\gdi32.dll
0xFE5D0000 \Windows\System32\difxapi.dll
0xFE530000 \Windows\System32\clbcatq.dll
0xFE400000 \Windows\System32\rpcrt4.dll
0xFE360000 \Windows\System32\comdlg32.dll
0xFE340000 \Windows\System32\sechost.dll
0xFE1C0000 \Windows\System32\urlmon.dll
0xFE0B0000 \Windows\System32\msctf.dll
0xFDFE0000 \Windows\System32\usp10.dll
0xFDF90000 \Windows\System32\ws2_32.dll
0xFDE60000 \Windows\System32\wininet.dll
0xFDC80000 \Windows\System32\setupapi.dll
0xFDC00000 \Windows\System32\shlwapi.dll
0xFDBD0000 \Windows\System32\imm32.dll
0xFDB30000 \Windows\System32\msvcrt.dll
0xFD920000 \Windows\System32\ole32.dll
0xFD8E0000 \Windows\System32\wintrust.dll
0xFD8C0000 \Windows\System32\devobj.dll
0xFD820000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\KernelBase.dll
0xFD640000 \Windows\System32\crypt32.dll
0xFD600000 \Windows\System32\cfgmgr32.dll
0xFD5F0000 \Windows\System32\msasn1.dll
0x75A40000 \Windows\SysWOW64\normaliz.dll

Processes (total 103):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
440 csrss.exe
504 C:\Windows\System32\wininit.exe
524 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
532 csrss.exe
540 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
588 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
704 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
468 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
112 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1440 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\nvvsvc.exe
1592 C:\Program Files\Protector Suite\upeksvr.exe
1660 C:\Windows\System32\spoolsv.exe
1688 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2028 C:\Windows\System32\taskhost.exe
2000 C:\Windows\System32\dwm.exe
1876 C:\Windows\explorer.exe
1744 C:\Windows\System32\taskeng.exe
1616 C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
2144 C:\Program Files\Apoint\Apoint.exe
2152 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2188 C:\Program Files\Apoint\ApMsgFwd.exe
2220 C:\Windows\WindowsMobile\wmdc.exe
2260 C:\Windows\System32\igfxpers.exe
2332 C:\Program Files (x86)\uTorrent\uTorrent.exe
2348 C:\Program Files\Protector Suite\psqltray.exe
2436 C:\Windows\System32\igfxsrvc.exe
2672 C:\Program Files\Apoint\ApntEx.exe
2888 C:\Program Files (x86)\RMClock\RMClock.exe
3028 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
2056 C:\Windows\System32\conhost.exe
2200 C:\Windows\System32\svchost.exe
2640 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1736 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2788 C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1720 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2448 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
2744 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
2544 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2944 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2276 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3128 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
3136 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3208 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
3440 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3472 C:\Windows\System32\conhost.exe
3564 C:\Windows\System32\svchost.exe
3588 C:\Windows\SysWOW64\svchost.exe
3628 C:\Windows\System32\svchost.exe
3776 C:\Program Files (x86)\AVG\AVG9\avgam.exe
3812 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2012 C:\QUALCOMM\QDLService\QDLService.exe
2864 C:\Program Files (x86)\Registry Mum\RegistryMumService.exe
3704 C:\Windows\System32\svchost.exe
4052 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
4156 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
4192 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
4228 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
4256 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
4312 dllhost.exe
4392 C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
4456 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
4592 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4604 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
4840 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
4872 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4940 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
5252 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
5424 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5644 C:\Program Files\iPod\bin\iPodService.exe
5672 C:\Windows\System32\svchost.exe
5748 C:\Windows\System32\svchost.exe
5788 C:\Windows\System32\svchost.exe
5992 WUDFHost.exe
5440 C:\Program Files\Sony\VAIO Care\VCsystray.exe
6344 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
6208 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
6572 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
5920 C:\Windows\System32\audiodg.exe
4576 C:\Program Files (x86)\iTunes\iTunes.exe
6340 C:\Windows\System32\StikyNot.exe
6980 C:\Windows\System32\svchost.exe
4376 WmiPrvSE.exe
5988 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6488 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
2180 C:\Windows\System32\SearchIndexer.exe
4292 C:\Windows\System32\SearchProtocolHost.exe
6968 C:\Windows\System32\SearchFilterHost.exe
2628 C:\Windows\System32\dllhost.exe
5384 C:\Users\Tony\Downloads\MBRCheck.exe
6316 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`1de00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010A

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

Leave Super alone for now...

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[hongtd]

i think the link is broken?

nvm found it

 

[hongtd]

finally finished after 2 hours...
here are the logs

extra=
OTL Extras logfile created on: 12/2/2010 11:18:11 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tony\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.62 Gb Total Space | 59.32 Gb Free Space | 20.48% Space Free | Partition Type: NTFS

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PROSet" = Intel(R) Network Connections Drivers
"Registry Easy_is1" = Registry Easy v5.6
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{223A0070-C924-48E3-AEB6-2E06CC835CC0}" = VAIO Care
"{235C31BC-BBAE-4932-9F17-15395C65907B}" = Boingo Wi-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{87CDA192-73F1-44AB-B40B-D9A338820810}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A814E9FB-2272-4AC8-ABCD-DF399581B897}" = Qualcomm Gobi Driver Package for Sony
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C54CF9B1-B0A9-4FB6-9E9E-0F151754D823}_is1" = Registry Mum 1.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1F4446B-4B36-4EA2-A080-21A3CAFFB015}" = Gorealra3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afreecastreamer(SBS)" = afreeca streamer(SBS) Á¦°Å
"AIM_7" = AIM 7
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG 9.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"FL Studio 9" = FL Studio 9
"GOM Player" = GOM Player
"IL Download Manager" = IL Download Manager
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PoiZone" = PoiZone
"RealPlayer 12.0" = RealPlayer
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2010 11:52:18 PM | Computer Name = Tony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: TQUERY.DLL, version: 7.0.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x0000000000006648
Faulting
process id: 0xde0 Faulting application start time: 0x01cb929b7b7841a7 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: b8f3857c-fe90-11df-bb37-00214fc18165

Error - 12/2/2010 11:52:18 PM | Computer Name = Tony-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 12/2/2010 11:58:41 PM | Computer Name = Tony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: TQUERY.DLL, version: 7.0.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x0000000000006648
Faulting
process id: 0xa80 Faulting application start time: 0x01cb929dbbd17820 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: 9d335c60-fe91-11df-bb37-00214fc18165

Error - 12/2/2010 11:58:41 PM | Computer Name = Tony-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 12/3/2010 12:18:10 AM | Computer Name = Tony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: TQUERY.DLL, version: 7.0.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x0000000000006648
Faulting
process id: 0x160 Faulting application start time: 0x01cb92a01f469f74 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: 55cd6a5d-fe94-11df-bb37-00214fc18165

Error - 12/3/2010 12:18:10 AM | Computer Name = Tony-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 12/3/2010 12:21:44 AM | Computer Name = Tony-PC | Source = Application Hang | ID = 1002
Description = The program StikyNot.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8d0 Start
Time: 01cb929ae8fc087d Termination Time: 18 Application Path: C:\Windows\System32\StikyNot.exe

Report
Id: ad0d97cc-fe94-11df-bb37-00214fc18165

Error - 12/3/2010 12:29:17 AM | Computer Name = Tony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: TQUERY.DLL, version: 7.0.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x0000000000006648
Faulting
process id: 0x1af0 Faulting application start time: 0x01cb92a19a961b97 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: e34b18e6-fe95-11df-bb37-00214fc18165

Error - 12/3/2010 12:29:17 AM | Computer Name = Tony-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 12/3/2010 1:04:35 AM | Computer Name = Tony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: TQUERY.DLL, version: 7.0.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x0000000000006648
Faulting
process id: 0x85c Faulting application start time: 0x01cb92a6cd781685 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\TQUERY.DLL
Report
Id: d1997265-fe9a-11df-bb37-00214fc18165

[ System Events ]
Error - 7/25/2010 11:08:40 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AudioSrv service.

Error - 7/25/2010 11:09:10 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AudioSrv service.

Error - 7/25/2010 11:09:40 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AudioSrv service.

Error - 7/25/2010 11:10:10 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 7/25/2010 11:10:40 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 7/25/2010 11:11:10 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 7/25/2010 11:11:40 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AudioSrv service.

Error - 7/25/2010 11:12:10 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 7/25/2010 11:13:23 PM | Computer Name = Tony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:03:36 PM on ?7/?25/?2010 was unexpected.

Error - 7/25/2010 11:13:31 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.


< End of report >

 

[hongtd]

OTL logfile created on: 12/2/2010 11:18:11 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tony\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.62 Gb Total Space | 59.32 Gb Free Space | 20.48% Space Free | Partition Type: NTFS

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/02 23:11:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Downloads\OTL.com
PRC - [2010/11/26 22:35:20 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/11/26 22:35:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/13 15:31:37 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/25 16:17:06 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/09/01 00:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/30 16:04:07 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/08/30 16:04:07 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/08/30 16:04:05 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/07/19 10:48:16 | 001,553,344 | ---- | M] (Weskysoft Inc.) -- C:\Program Files (x86)\Registry Mum\RegistryMumService.exe
PRC - [2010/02/02 17:20:18 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/26 16:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/08/26 16:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/08/26 16:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/08/26 16:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/08/06 10:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2009/07/23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/14 11:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 08:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/02/29 17:58:43 | 001,750,016 | ---- | M] (NGO Science Center "RightMark") -- C:\Program Files (x86)\RMClock\RMClock.exe


========== Modules (SafeList) ==========

MOD - [2010/12/02 23:11:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Downloads\OTL.com
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:15:36 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\imekr8\imkrtip.dll
MOD - [2009/07/13 19:15:36 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\imekr8\imkrapi.dll
MOD - [2009/07/13 19:15:35 | 000,374,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\shared\IMETIP.DLL
MOD - [2009/07/13 19:15:35 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\shared\IMJKAPI.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/09/17 00:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/07/23 13:34:00 | 000,177,696 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/26 22:35:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/30 16:04:07 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/19 10:48:16 | 001,553,344 | ---- | M] (Weskysoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Registry Mum\RegistryMumService.exe -- (RegMumService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/15 14:51:02 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/08/06 10:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2009/07/23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 09:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 10:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 10:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/30 16:04:12 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/08/30 16:04:12 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/08/30 16:04:08 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/08/30 16:04:06 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/08/30 16:04:05 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/08/11 22:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/22 18:57:59 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 14:47:28 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/09/16 11:07:20 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/09/16 10:19:44 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/09/15 16:29:54 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/09/15 14:51:02 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/09/15 14:51:00 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/09/15 14:51:00 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/09/15 14:51:00 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/09/15 14:51:00 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/09/15 13:45:30 | 000,017,536 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SonyPI.sys -- (SPI)
DRV:64bit: - [2009/09/15 13:34:44 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/09/03 09:31:34 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/13 13:26:48 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/26 02:11:50 | 000,063,504 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/08/30 16:04:08 | 000,132,688 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys -- (AVGIDSDriverw7a)
DRV - [2010/08/30 16:04:08 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys -- (AVGIDSFilterw7a)
DRV - [2009/01/23 19:59:34 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 46 65 27 A7 6C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/25 19:28:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/26 22:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/14 21:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/18 14:10:43 | 000,000,000 | ---D | M]

[2009/10/25 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2010/12/02 22:38:41 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\evc2pdhu.default\extensions
[2009/10/26 08:45:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\evc2pdhu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/09 22:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\evc2pdhu.default\extensions\firebug@software.joehewitt.com
[2010/12/02 21:47:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/22 18:30:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 23:41:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 22:30:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/30 15:54:11 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [RMClock] C:\Program Files (x86)\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} https://plugin.inicis.com/wallet60/INIwallet60_vista.cab (INIwallet60 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.59.1.7 129.59.2.7
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d7ae3a4-f027-11de-87de-00214fc18165}\Shell - "" = AutoRun
O33 - MountPoints2\{edf07b95-f469-11df-88db-00214fc18165}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 00:49:02 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/01 00:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/01 00:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/01 00:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/29 14:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/11/29 10:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2010/11/29 09:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mum
[2010/11/29 03:25:27 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2010/11/29 03:25:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 03:25:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 03:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/29 03:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/16 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/15 20:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/15 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/09 05:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBoingo
[2010/11/09 05:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boingo

========== Files - Modified Within 30 Days ==========

[2010/12/03 00:36:14 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1508522717-3367662436-1627625686-1000UA.job
[2010/12/02 21:43:35 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 21:43:35 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 21:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 21:33:04 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 17:06:50 | 068,414,509 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/02 16:49:38 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1508522717-3367662436-1627625686-1000Core.job
[2010/11/30 01:37:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/30 01:37:08 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/30 01:37:08 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/29 15:01:31 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2010/11/29 14:58:04 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\RegistryEasy.lie
[2010/11/29 14:53:08 | 000,000,835 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk
[2010/11/29 09:47:55 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2010/11/29 03:25:24 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/24 01:00:29 | 000,005,574 | ---- | M] () -- C:\test.xml
[2010/11/16 20:14:10 | 000,006,914 | ---- | M] () -- C:\Users\Public\Documents\cc_20101116_201403.reg
[2010/11/16 20:09:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/11/29 14:58:04 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\RegistryEasy.lie
[2010/11/29 14:53:11 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2010/11/29 14:53:08 | 000,000,835 | ---- | C] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk
[2010/11/29 09:47:55 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2010/11/29 03:25:24 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 20:14:05 | 000,006,914 | ---- | C] () -- C:\Users\Public\Documents\cc_20101116_201403.reg
[2010/11/16 20:09:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/09/19 16:26:22 | 000,061,952 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 16:25:50 | 000,000,154 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/19 16:24:09 | 000,000,807 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/04/17 01:44:59 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/01/18 11:31:21 | 000,007,951 | ---- | C] () -- C:\Users\Tony\AppData\Local\backup.vtp
[2009/12/22 13:15:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/12/22 13:15:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/12/22 13:15:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/10/25 20:55:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/10/25 19:14:49 | 000,001,432 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/10/25 16:13:16 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\acccore
[2010/11/29 10:09:47 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Auslogics
[2010/05/07 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Hardcore
[2010/01/18 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Protector Suite
[2010/09/19 16:25:59 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Research In Motion
[2010/05/22 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SystemRequirementsLab
[2010/12/03 01:24:17 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\uTorrent
[2010/10/27 02:17:13 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Windows Live Writer
[2010/09/08 00:33:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/29 15:01:31 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Schedule Task Weekly.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/10/25 18:51:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/29 09:47:55 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2010/05/08 13:57:22 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/12/02 21:33:04 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/10/25 20:47:56 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2009/10/25 16:12:46 | 000,000,351 | -H-- | M] () -- C:\IPH.PH
[2010/12/02 21:33:11 | 4222,435,328 | -HS- | M] () -- C:\pagefile.sys
[2010/08/30 15:54:11 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2010/08/30 15:54:11 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2009/12/08 08:32:23 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\putty.exe
[2009/10/25 20:28:12 | 000,001,992 | ---- | M] () -- C:\RHDSetup.log
[2010/11/24 01:00:29 | 000,005,574 | ---- | M] () -- C:\test.xml
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[1 C:\Users\Tony\AppData\Roaming\Microsoft\*.tmp files -> C:\Users\Tony\AppData\Roaming\Microsoft\*.tmp -> ]

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/25 16:07:27 | 000,000,221 | -HS- | M] () -- C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/29 21:40:09 | 000,296,448 | ---- | M] () -- C:\Users\Tony\Desktop\e44zzxk5.exe
[2010/12/01 00:46:36 | 000,080,384 | ---- | M] () -- C:\Users\Tony\Desktop\MBRCheck.exe
[2010/12/01 00:47:09 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tony\Desktop\SUPERAntiSpyware.exe
[2010/11/29 21:38:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\TFC.exe
[4 C:\Users\Tony\Desktop\*.tmp files -> C:\Users\Tony\Desktop\*.tmp -> ]

 

[hongtd]

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/15 12:19:47 | 000,000,402 | -HS- | M] () -- C:\Users\Tony\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/10/25 19:30:47 | 000,001,432 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/01/31 15:33:11 | 000,010,500 | ---- | M] ()(C:\Users\Tony\Documents\?????.docx) -- C:\Users\Tony\Documents\바람의나라.docx
[2009/10/25 16:18:16 | 000,000,000 | ---D | M](C:\Users\Tony\Documents\? ??) -- C:\Users\Tony\Documents\내 스캔
[2009/10/25 16:18:16 | 000,000,000 | ---D | C](C:\Users\Tony\Documents\? ??) -- C:\Users\Tony\Documents\내 스캔
[2009/10/25 16:17:19 | 000,010,500 | ---- | C] ()(C:\Users\Tony\Documents\?????.docx) -- C:\Users\Tony\Documents\바람의나라.docx

< End of report >

 

[hongtd]

first part of OTL needs to be approved by a moderator???

 

[Broni]

OTL log looks perfectly clean.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[hongtd]

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.4.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

Looks good
Go on....

 

[hongtd]

scan has been running for 19hrs and 30min and has scanned about 80000files... so far has found 2 threats associated with registry easy application. just reporting since it might freeze again...


also it has been making short high pitched noises. dont know if its coming from the motherboard or the hard drive?...

 

[Broni]

You have no choice, but keep it going.

 

[hongtd]

wow im so sorry this is such a difficult process but it froze at 86000ish... it had 3 threats all associated with easy registry. is there no hope for it to be fixed?...

 

[Broni]

Try this one. it should be faster...

Please run a BitDefender Online Scan

• Disable your antivirus program.
• Click Start Scanner button.
• Click Start scan button
• Allow browser plug-in to be installed when prompted.
• Click I Agree to agree to the EULA.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on View log.
• Notepad will open with scan results.
• Save the report to your desktop and post its content in your next reply.

 

[hongtd]

QuickScan Beta 32-bit v0.9.9.57
-------------------------------
Scan date: Sun Dec 05 21:58:04 2010
Machine ID: 52B8ED91



No infection found.
-------------------



Processes
---------
hpwuSchd Application 2180 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
AVG IDS 1984 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
AVG IDS 3860 C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
AVG Internet Security 3984 C:\Program Files (x86)\AVG\AVG9\avgam.exe
AVG Internet Security 2428 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
AVG Internet Security 2292 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
Boingo Wi-Fi 3104 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
CCP 3452 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
DivX Update 2676 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Firefox 4312 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 6812 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Google Chrome 1280 C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2888 C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2196 C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 6748 C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 6120 C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Google Update 2812 C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
GPCore COM object 568 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
HP Digital Imaging 4936 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 3120 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
HP Digital Imaging 2856 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
HP Smart Web Printing 3364 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
ISB Utility 2612 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
iTunes 3160 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 1308 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MgiSvr 4188 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
Microsoft® Windows® Operating System 4388 C:\Windows\SysWOW64\dllhost.exe
Microsoft® Windows® Operating System 3496 C:\Windows\SysWOW64\svchost.exe
PowerManager 5300 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
QUALCOMM Gobi Download Service 3732 C:\QUALCOMM\QDLService\QDLService.exe
RAID Event Monitor 2168 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RAID Monitor 4544 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
RealPlayer (32-bit) 2824 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
Registry Mum 3912 C:\Program Files (x86)\Registry Mum\RegistryMumService.exe
RightMark CPU Clock Utility 2056 C:\Program Files (x86)\RMClock\RMClock.exe
SmartWi Connection Utility 4428 C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
ThirdPartyAppMgr 5284 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
VAIO Content Folder Watcher 4260 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
VAIO Entertainment 4928 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
VAIO Entertainment 4288 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
VAIO Event Service 4228 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
VAIO Event Service 4632 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
µTorrent 2748 C:\Program Files (x86)\uTorrent\uTorrent.exe


Network activity
----------------
Process firefox.exe (4312) connected on port 80 (HTTP) --> 204.2.249.75
Process firefox.exe (4312) connected on port 80 (HTTP) --> 204.2.249.41
Process firefox.exe (4312) connected on port 80 (HTTP) --> 74.125.229.4
Process firefox.exe (4312) connected on port 80 (HTTP) --> 66.220.149.11
Process firefox.exe (4312) connected on port 80 (HTTP) --> 204.2.249.8
Process firefox.exe (4312) connected on port 80 (HTTP) --> 74.125.45.102
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.229.19
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.229.16
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.229.16
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.229.16
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.45.95
Process chrome.exe (6748) connected on port 80 (HTTP) --> 204.2.249.8
Process chrome.exe (6748) connected on port 80 (HTTP) --> 204.2.249.66
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.229.4
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.229.16
Process chrome.exe (6748) connected on port 80 (HTTP) --> 66.220.149.18
Process chrome.exe (6748) connected on port 80 (HTTP) --> 209.170.117.66
Process chrome.exe (6748) connected on port 80 (HTTP) --> 204.2.249.41
Process chrome.exe (6748) connected on port 80 (HTTP) --> 204.2.249.41
Process chrome.exe (6748) connected on port 80 (HTTP) --> 204.2.249.41
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.229.11
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.45.132
Process chrome.exe (6748) connected on port 80 (HTTP) --> 66.235.143.118

Process uTorrent.exe (2748) listens on ports: 18588
Process VCSW.exe (4928) listens on ports: 51493


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AVG Internet Security C:\Program Files (x86)\AVG\AVG9\avgtray.exe
Boingo.lnk C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Google Update C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe
HP Digital Imaging C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
HpqSRmon Application C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
ISB Utility C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
RE.exe C:\Program Files\Registry Easy\RE.exe
RealPlayer (32-bit) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
RightMark CPU Clock Utility Launcher C:\Program Files (x86)\RMClock\RMClockLauncher.exe
SmartWi Helper C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe
VAIO Event Service C:\Windows\system32\VESWinlogon.dll
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
µTorrent C:\Program Files (x86)\uTorrent\uTorrent.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files (x86)\avg\avg9\avgssie.dll
BitDefender QuickScan C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.57_0\npqscan.dll
BitDefender QuickScan C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.57_0\npqslauncher.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
downloadUpdater C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
downloadUpdater2 C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
getPlusPlus for Adobe 16248 C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
Google Update C:\Users\Tony\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
INIwallet60 ActiveX Control Module C:\Windows\Downloaded Program Files\INIwallet60.ocx
Java Deployment Toolkit 6.0.220.4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
NPWebSLLauncher.dll C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
SBS Starter ActiveX Control Module C:\Users\Tony\AppData\Local\AFCSBS\npAFCSbsStarter.dll
SBS Starter ActiveX Control Module C:\Windows\Downloaded Program Files\AFCSbsStarter.ocx
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll


Scan
----


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.08 MB sent, 1.40 KB recvd
Scanned 1125 files and modules - 37 seconds

==============================================================================

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[hongtd]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tony
->Temp folder emptied: 383490 bytes
->Temporary Internet Files folder emptied: 5097112 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101882273 bytes
->Google Chrome cache emptied: 8188902 bytes
->Flash cache emptied: 1131 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74441 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_221704

Files\Folders moved on Reboot...
C:\Users\Tony\AppData\Local\Temp\Composition Symbols for Profesora Botero.doc moved successfully.
C:\Users\Tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tony\AppData\Local\Temp\~DF28D30BE025EB5F0A.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{57696C3A-D36C-4361-8136-EACE71E8082F}.tmp not found!
File\Folder C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{81F71B34-3593-4DA8-A5DD-4CB619BE6C4E}.tmp not found!
File\Folder C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A380163B-9398-4B6D-9547-C7B37689A205}.tmp not found!

Registry entries deleted on Reboot...

 

[hongtd]

jeez this is so weird... its suddenly normal again... was there even something wrong with the computer?

 

[Broni]

I don't know what to tell you.
There was only one bad entry removed by MBAM.
Maybe....you know, when you feel bad and you finally decide to go to see a doctor, you already feel better.....LOL