TechSpot

Infected Sony Vaio Vista Home Premium

Solved
By learninmypc
Oct 9, 2012
  1. Its owner told me it has a virus. It had Avg 2003 I believe on it, Registry Mechanic & Norton scanner which I think all 3 have been removed.
    When I reboot. it tries to,but don't. I've had to unplug it & boot up & I get the screen of options so I click Start Windows Normally & it starts up.
    Logs are below;


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.09.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Michelle :: PATDU-PC [administrator]

    10/9/2012 12:27:01 AM
    mbam-log-2012-10-09 (03-41-56).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 399218
    Time elapsed: 1 hour(s), 50 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com (Adware.ArcadeWeb) -> No action taken.
    C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components (Adware.ArcadeWeb) -> No action taken.

    Files Detected: 0
    (No malicious items detected)

    (end)

    This one may be the first one.
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.09.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Michelle :: PATDU-PC [administrator]

    10/9/2012 12:27:01 AM
    mbam-log-2012-10-09 (00-27-01).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 399218
    Time elapsed: 1 hour(s), 50 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

    Files Detected: 0
    (No malicious items detected)

    (end)

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/08/2012 at 06:23 PM

    Application Version : 5.5.1022

    Core Rules Database Version : 9363
    Trace Rules Database Version: 7175

    Scan type : Complete Scan
    Total Scan Time : 01:31:01

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 770
    Memory threats detected : 0
    Registry items scanned : 42395
    Registry threats detected : 0
    File items scanned : 54949
    File threats detected : 24

    Adware.ArcadeWeb
    C:\PROGRAM FILES\ARCADEWEB\AWUN.EXE
    C:\USERS\MICHELLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HGAILGALDCHAJPKKMBJDLBIMHDNMMGLD\ARCADEWEBCHROME.DLL
    C:\WINDOWS\TEMP\TMP0000007639C8ACF3A2F4899E
    C:\WINDOWS\TEMP\TMP00000061304ACD79138CEFC3

    Adware.Gamevance
    C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL

    Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .edge.ru4.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .webmasterplan.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .tracking.quisma.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    tracking.quisma.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWBKSQGS.DEFAULT\COOKIES.SQLITE ]
  2. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-09 07:54:56
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1246GSX rev.LB212A
    Running: ml5dl70v.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\kwtoapob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FA24966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  3. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Michelle at 7:58:09 on 2012-10-09
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1000 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Windows\System32\wpcumi.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.kirotv.com/
    uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    mStart Page = hxxp://www.yahoo.com/
    mDefault_Page_URL = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [cdloader] "c:\users\michelle\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Google Update] "c:\users\michelle\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Facebook Update] "c:\users\michelle\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
    mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
    mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
    mRun: [SmartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
    mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
    mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
    mRun: [VAIOSurvey] c:\program files\sony\vaio survey\Vista VAIO Survey.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [Skytel] Skytel.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\michelle\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
    TCP: Interfaces\{70654C8C-B4A7-4F27-A51E-A8534FA42658} : DhcpNameServer = 192.168.1.1 74.40.74.40
    TCP: Interfaces\{9B6666C3-B9D8-4BB9-8F82-6AB42C740BEC} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D05CB988-618B-4977-B383-7742239BFB58} : DhcpNameServer = 192.168.1.1 74.40.74.40
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\vwbksqgs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\users\michelle\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\michelle\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\michelle\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\michelle\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\michelle\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\michelle\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-8 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-8 355632]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-8 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-8 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-8 44808]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-8 1153368]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-I visual effects\uCamMonitor.exe [2008-8-5 104960]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-5 17408]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-18 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-18 43904]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2012-10-8 528896]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-18 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-18 818688]
    S2 gupdate1cadf3d526de3be;Google Update Service (gupdate1cadf3d526de3be);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-8 250808]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-18 28464]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-8 114144]
    S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-5 104288]
    S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-5 350048]
    S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-5 63328]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-18 333088]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-18 87328]
    .
    =============== Created Last 30 ================
    .
    2012-10-09 05:23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-09 05:19:23 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2012-10-09 05:19:21 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-10-09 05:19:20 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-10-09 02:18:02 -------- d-----w- c:\program files\FileHippo.com
    2012-10-09 02:12:02 -------- d-----w- c:\users\michelle\appdata\local\Macromedia
    2012-10-09 02:11:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-08 23:46:20 -------- d-----w- c:\program files\Belarc
    2012-10-08 23:41:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-10-08 23:41:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-10-08 23:27:19 -------- d-----w- c:\users\michelle\appdata\roaming\SUPERAntiSpyware.com
    2012-10-08 23:25:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-08 23:22:18 -------- d-----w- c:\program files\SpywareBlaster
    2012-10-08 23:18:56 -------- d-----w- c:\users\michelle\appdata\roaming\Malwarebytes
    2012-10-08 23:18:41 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-08 23:18:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-08 23:18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-08 22:11:59 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-08 22:11:43 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-08 22:05:02 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-08 22:03:37 -------- d-----w- c:\programdata\AVAST Software
    2012-10-08 22:03:37 -------- d-----w- c:\program files\AVAST Software
    2012-10-08 21:19:58 528896 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2012-10-06 08:35:17 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{90ef20c5-3d45-4373-8bbf-a291c4f29302}\mpengine.dll
    2012-10-04 04:41:47 0 ----a-w- C:\DFR1D5C.tmp
    2012-10-01 02:52:09 -------- d-----w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    2012-10-09 02:42:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 7:59:02.06 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/5/2008 9:07:56 AM
    System Uptime: 10/9/2012 7:14:24 AM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | N/A | 2000/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 104 GiB total, 1.139 GiB free.
    D: is Removable
    E: is Removable
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0009
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #8
    PNP Device ID: ROOT\*6TO4MP\0009
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0010
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #9
    PNP Device ID: ROOT\*6TO4MP\0010
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0012
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #11
    PNP Device ID: ROOT\*6TO4MP\0012
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #4
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #5
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #6
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0007
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0007
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0010
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #9
    PNP Device ID: ROOT\*ISATAP\0010
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0012
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #10
    PNP Device ID: ROOT\*ISATAP\0012
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0013
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #11
    PNP Device ID: ROOT\*ISATAP\0013
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0015
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #12
    PNP Device ID: ROOT\*ISATAP\0015
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0019
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #13
    PNP Device ID: ROOT\*ISATAP\0019
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP1065: 10/8/2012 7:45:38 PM - Installed Adobe Reader X (10.1.0).
    RP1066: 10/9/2012 3:00:13 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcGIS Explorer
    ArcSoft Magic-I Visual Effects
    ArcSoft WebCam Companion 2
    avast! Free Antivirus
    Belarc Advisor 8.2
    Belkin Setup and Router Monitor
    Bonjour
    BufferChm
    Business Contact Manager for Outlook 2007 SP2
    C4400
    C4400_Help
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SX20 IS Camera User Guide
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cards_Calendar_OrderGift_DoMorePlugout
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Copy
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Setup
    DocProc
    DocProcQFolder
    Dogpile Bundle Toolbar
    eSupportQFolder
    Facebook Video Calling 1.0.0.8953
    FileHippo.com Update Checker
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Instant Mode
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) SE Runtime Environment 6
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Rocket
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    OCR Software by I.R.I.S. 10.0
    OM Explorer for KRM for Excel 2007
    OpenMG Secure Module 5.0.00
    PanoStandAlone
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    QuickBooks Simple Start 2008
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Safari
    Scan
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Setting Utility Series
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 5.10
    SmartWebPrintingOC
    SmartWi Connection Utility
    SolutionCenter
    Sony Video Shared Library
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    Status
    SUPERAntiSpyware
    SupportSoft Assisted Service
    swMSM
    Synaptics Pointing Device Driver
    TaxCut Premium + State + Efile 2008
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media plus
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO My Memory Center
    VAIO OOBE and Welcome Center
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Startup Assistant
    VAIO Survey
    VAIO Update 3
    VAIO Wallpaper Contents
    VAIO Wireless Wizard
    VC80CRTRedist - 8.0.50727.6195
    VideoToolkit01
    VLC media player 1.0.5
    WebReg
    WIDCOMM Bluetooth Software 6.1.0.2200
    WinDVD for VAIO
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2012 7:17:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    10/9/2012 7:17:17 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/9/2012 7:17:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    10/9/2012 7:17:17 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/9/2012 7:17:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/9/2012 7:17:15 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    10/9/2012 7:17:07 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    10/9/2012 7:15:42 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/9/2012 7:15:07 AM, Error: EventLog [6008] - The previous system shutdown at 7:13:32 AM on 10/9/2012 was unexpected.
    10/9/2012 7:15:04 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/9/2012 4:44:42 AM, Error: EventLog [6008] - The previous system shutdown at 4:42:28 AM on 10/9/2012 was unexpected.
    10/9/2012 12:22:14 AM, Error: EventLog [6008] - The previous system shutdown at 12:19:39 AM on 10/9/2012 was unexpected.
    10/8/2012 6:54:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:50:46 PM on 10/8/2012 was unexpected.
    10/8/2012 6:51:00 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
    10/8/2012 6:51:00 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    10/8/2012 4:34:26 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    10/8/2012 3:27:27 PM, Error: EventLog [6008] - The previous system shutdown at 3:25:49 PM on 10/8/2012 was unexpected.
    10/8/2012 2:59:34 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/8/2012 2:11:39 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00215C0F78E1. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    10/8/2012 10:24:11 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    10/7/2012 3:56:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    10/7/2012 3:56:22 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/7/2012 3:56:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/7/2012 3:21:52 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
    10/6/2012 5:59:52 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
    10/6/2012 5:59:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1450" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    10/6/2012 5:49:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
    10/6/2012 11:12:46 PM, Error: EventLog [6008] - The previous system shutdown at 11:09:49 PM on 10/6/2012 was unexpected.
    10/6/2012 1:40:40 AM, Error: volsnap [15] - The shadow copies of volume C: were aborted because of insufficient paged heap.
    10/6/2012 1:39:36 AM, Error: volsnap [6] - The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory.
    10/5/2012 9:59:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/5/2012 2:29:21 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    10/5/2012 10:04:44 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-E59094EF5 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{70654C8C-B4A7-4F27-A51E-A8. The master browser is stopping or an election is being forced.
    10/2/2012 7:23:51 PM, Error: EventLog [6008] - The previous system shutdown at 7:22:26 PM on 10/2/2012 was unexpected.
    .
    ==== End Of File ===========================
  4. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    How do I post the Avast logs?
  5. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    I don't need Avast log.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    08:56:08.0958 4396 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    08:56:09.0566 4396 ============================================================
    08:56:09.0566 4396 Current date / time: 2012/10/09 08:56:09.0566
    08:56:09.0566 4396 SystemInfo:
    08:56:09.0566 4396
    08:56:09.0566 4396 OS Version: 6.0.6002 ServicePack: 2.0
    08:56:09.0566 4396 Product type: Workstation
    08:56:09.0566 4396 ComputerName: PATDU-PC
    08:56:09.0566 4396 UserName: Michelle
    08:56:09.0566 4396 Windows directory: C:\Windows
    08:56:09.0566 4396 System windows directory: C:\Windows
    08:56:09.0566 4396 Processor architecture: Intel x86
    08:56:09.0566 4396 Number of processors: 2
    08:56:09.0566 4396 Page size: 0x1000
    08:56:09.0566 4396 Boot type: Normal boot
    08:56:09.0566 4396 ============================================================
    08:56:11.0360 4396 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    08:56:11.0407 4396 Drive \Device\Harddisk2\DR2 - Size: 0x1D9988C00 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    08:56:11.0407 4396 ============================================================
    08:56:11.0407 4396 \Device\Harddisk0\DR0:
    08:56:11.0407 4396 MBR partitions:
    08:56:11.0407 4396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF8B000, BlocksNum 0xD0093B0
    08:56:11.0407 4396 \Device\Harddisk2\DR2:
    08:56:11.0407 4396 MBR partitions:
    08:56:11.0407 4396 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
    08:56:11.0407 4396 ============================================================
    08:56:11.0454 4396 C: <-> \Device\Harddisk0\DR0\Partition1
    08:56:11.0454 4396 ============================================================
    08:56:11.0454 4396 Initialize success
    08:56:11.0454 4396 ============================================================
    08:56:57.0006 1136 ============================================================
    08:56:57.0006 1136 Scan started
    08:56:57.0006 1136 Mode: Manual;
    08:56:57.0006 1136 ============================================================
    08:57:14.0665 1136 ================ Scan system memory ========================
    08:57:14.0665 1136 System memory - ok
    08:57:14.0665 1136 ================ Scan services =============================
    08:57:15.0070 1136 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    08:57:15.0133 1136 !SASCORE - ok
    08:57:16.0334 1136 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    08:57:16.0350 1136 ACPI - ok
    08:57:16.0677 1136 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    08:57:16.0693 1136 AdobeARMservice - ok
    08:57:16.0989 1136 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    08:57:17.0036 1136 AdobeFlashPlayerUpdateSvc - ok
    08:57:17.0192 1136 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    08:57:17.0239 1136 adp94xx - ok
    08:57:17.0348 1136 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    08:57:17.0379 1136 adpahci - ok
    08:57:17.0410 1136 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    08:57:17.0426 1136 adpu160m - ok
    08:57:17.0473 1136 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    08:57:17.0504 1136 adpu320 - ok
    08:57:17.0551 1136 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    08:57:17.0566 1136 AeLookupSvc - ok
    08:57:17.0738 1136 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    08:57:17.0754 1136 AFD - ok
    08:57:18.0034 1136 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    08:57:18.0081 1136 AffinegyService - ok
    08:57:18.0175 1136 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    08:57:18.0190 1136 agp440 - ok
    08:57:18.0237 1136 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    08:57:18.0268 1136 aic78xx - ok
    08:57:18.0315 1136 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    08:57:18.0331 1136 ALG - ok
    08:57:18.0346 1136 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    08:57:18.0362 1136 aliide - ok
    08:57:18.0424 1136 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    08:57:18.0440 1136 amdagp - ok
    08:57:18.0471 1136 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    08:57:18.0487 1136 amdide - ok
    08:57:18.0549 1136 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    08:57:18.0549 1136 AmdK7 - ok
    08:57:18.0580 1136 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    08:57:18.0580 1136 AmdK8 - ok
    08:57:18.0674 1136 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    08:57:18.0690 1136 Appinfo - ok
    08:57:19.0048 1136 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:57:19.0048 1136 Apple Mobile Device - ok
    08:57:19.0158 1136 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    08:57:19.0204 1136 arc - ok
    08:57:19.0267 1136 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    08:57:19.0298 1136 arcsas - ok
    08:57:19.0392 1136 [ 6B3AB8F67B37402A4174CAA45002903E ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    08:57:19.0392 1136 ArcSoftKsUFilter - ok
    08:57:19.0470 1136 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    08:57:19.0470 1136 aswFsBlk - ok
    08:57:19.0516 1136 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    08:57:19.0532 1136 aswMonFlt - ok
    08:57:19.0563 1136 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
    08:57:19.0563 1136 AswRdr - ok
    08:57:19.0688 1136 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    08:57:19.0782 1136 aswSnx - ok
    08:57:19.0860 1136 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    08:57:19.0875 1136 aswSP - ok
    08:57:19.0938 1136 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    08:57:19.0938 1136 aswTdi - ok
    08:57:20.0000 1136 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    08:57:20.0016 1136 AsyncMac - ok
    08:57:20.0078 1136 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    08:57:20.0078 1136 atapi - ok
    08:57:20.0187 1136 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    08:57:20.0265 1136 AudioEndpointBuilder - ok
    08:57:20.0312 1136 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    08:57:20.0312 1136 Audiosrv - ok
    08:57:20.0406 1136 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    08:57:20.0421 1136 avast! Antivirus - ok
    08:57:20.0640 1136 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    08:57:20.0671 1136 BcmSqlStartupSvc - ok
    08:57:20.0733 1136 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    08:57:20.0749 1136 Beep - ok
    08:57:20.0858 1136 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    08:57:20.0952 1136 BFE - ok
    08:57:21.0170 1136 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    08:57:21.0295 1136 BITS - ok
    08:57:21.0357 1136 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    08:57:21.0357 1136 blbdrive - ok
    08:57:21.0529 1136 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    08:57:21.0576 1136 Bonjour Service - ok
    08:57:21.0669 1136 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    08:57:21.0685 1136 bowser - ok
    08:57:21.0747 1136 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    08:57:21.0763 1136 BrFiltLo - ok
    08:57:21.0794 1136 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    08:57:21.0810 1136 BrFiltUp - ok
    08:57:21.0856 1136 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    08:57:21.0856 1136 Browser - ok
    08:57:21.0919 1136 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    08:57:21.0919 1136 Brserid - ok
    08:57:21.0981 1136 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    08:57:21.0997 1136 BrSerWdm - ok
    08:57:22.0012 1136 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    08:57:22.0028 1136 BrUsbMdm - ok
    08:57:22.0044 1136 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    08:57:22.0044 1136 BrUsbSer - ok
    08:57:22.0106 1136 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    08:57:22.0122 1136 BthEnum - ok
    08:57:22.0168 1136 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    08:57:22.0184 1136 BTHMODEM - ok
    08:57:22.0246 1136 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    08:57:22.0262 1136 BthPan - ok
    08:57:22.0402 1136 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    08:57:22.0480 1136 BTHPORT - ok
    08:57:22.0512 1136 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
    08:57:22.0512 1136 BthServ - ok
    08:57:22.0558 1136 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    08:57:22.0590 1136 BTHUSB - ok
    08:57:22.0652 1136 [ 7F256D9FFF384FAA40DF5DB1CB8531D9 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    08:57:22.0699 1136 btwaudio - ok
    08:57:22.0746 1136 [ D87D990131AAABB27D4046790292366D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    08:57:22.0777 1136 btwavdt - ok
    08:57:22.0824 1136 [ D02F4D18AA4A38F781BEEFEB1892E144 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    08:57:22.0824 1136 btwl2cap - ok
    08:57:22.0902 1136 [ E1771C0FB49E747AB2B2D29DA50510F9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    08:57:22.0917 1136 btwrchid - ok
    08:57:23.0058 1136 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    08:57:23.0073 1136 cdfs - ok
    08:57:23.0167 1136 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    08:57:23.0182 1136 cdrom - ok
    08:57:23.0276 1136 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    08:57:23.0307 1136 CertPropSvc - ok
    08:57:23.0354 1136 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    08:57:23.0370 1136 circlass - ok
    08:57:23.0557 1136 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    08:57:23.0744 1136 CLFS - ok
    08:57:23.0947 1136 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:57:23.0947 1136 clr_optimization_v2.0.50727_32 - ok
    08:57:25.0678 1136 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    08:57:25.0866 1136 CmBatt - ok
    08:57:25.0881 1136 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    08:57:25.0897 1136 cmdide - ok
    08:57:25.0959 1136 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    08:57:25.0959 1136 Compbatt - ok
    08:57:25.0975 1136 COMSysApp - ok
    08:57:26.0084 1136 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    08:57:26.0084 1136 crcdisk - ok
    08:57:26.0209 1136 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    08:57:26.0209 1136 Crusoe - ok
    08:57:26.0474 1136 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    08:57:26.0490 1136 CryptSvc - ok
    08:57:26.0661 1136 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    08:57:26.0770 1136 DcomLaunch - ok
    08:57:26.0848 1136 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    08:57:26.0864 1136 DfsC - ok
    08:57:27.0394 1136 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    08:57:27.0504 1136 DFSR - ok
    08:57:27.0613 1136 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    08:57:27.0644 1136 Dhcp - ok
    08:57:27.0706 1136 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    08:57:27.0722 1136 disk - ok
    08:57:27.0769 1136 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
    08:57:27.0784 1136 DMICall - ok
    08:57:27.0878 1136 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    08:57:27.0894 1136 Dnscache - ok
    08:57:27.0956 1136 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    08:57:27.0987 1136 dot3svc - ok
    08:57:28.0081 1136 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    08:57:28.0096 1136 Dot4 - ok
    08:57:28.0174 1136 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    08:57:28.0174 1136 Dot4Print - ok
    08:57:28.0206 1136 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    08:57:28.0221 1136 dot4usb - ok
    08:57:28.0330 1136 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    08:57:28.0346 1136 DPS - ok
    08:57:28.0424 1136 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    08:57:28.0424 1136 drmkaud - ok
    08:57:28.0564 1136 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    08:57:28.0689 1136 DXGKrnl - ok
    08:57:28.0752 1136 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    08:57:28.0767 1136 E1G60 - ok
    08:57:28.0814 1136 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    08:57:28.0830 1136 EapHost - ok
    08:57:28.0955 1136 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    08:57:28.0971 1136 Ecache - ok
    08:57:29.0080 1136 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    08:57:29.0080 1136 ehRecvr - ok
    08:57:29.0096 1136 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    08:57:29.0127 1136 ehSched - ok
    08:57:29.0158 1136 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    08:57:29.0174 1136 ehstart - ok
    08:57:29.0299 1136 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    08:57:29.0345 1136 elxstor - ok
    08:57:29.0470 1136 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    08:57:29.0564 1136 EMDMgmt - ok
    08:57:29.0657 1136 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    08:57:29.0657 1136 ErrDev - ok
    08:57:29.0751 1136 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    08:57:29.0782 1136 EventSystem - ok
    08:57:29.0891 1136 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    08:57:29.0923 1136 exfat - ok
    08:57:30.0016 1136 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    08:57:30.0047 1136 fastfat - ok
    08:57:30.0094 1136 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    08:57:30.0110 1136 fdc - ok
    08:57:30.0141 1136 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    08:57:30.0141 1136 fdPHost - ok
    08:57:30.0188 1136 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    08:57:30.0203 1136 FDResPub - ok
    08:57:30.0437 1136 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    08:57:30.0453 1136 FileInfo - ok
    08:57:30.0453 1136 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    08:57:30.0469 1136 Filetrace - ok
    08:57:30.0484 1136 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    08:57:30.0500 1136 flpydisk - ok
    08:57:30.0547 1136 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    08:57:30.0547 1136 FltMgr - ok
    08:57:30.0749 1136 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
    08:57:30.0749 1136 FontCache - ok
    08:57:30.0843 1136 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    08:57:30.0843 1136 FontCache3.0.0.0 - ok
    08:57:31.0046 1136 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    08:57:31.0061 1136 FreeAgentGoNext Service - ok
    08:57:31.0264 1136 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    08:57:31.0264 1136 Fs_Rec - ok
    08:57:31.0295 1136 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    08:57:31.0295 1136 gagp30kx - ok
    08:57:31.0358 1136 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    08:57:31.0358 1136 GEARAspiWDM - ok
    08:57:31.0405 1136 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    08:57:31.0420 1136 gpsvc - ok
    08:57:31.0701 1136 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cadf3d526de3be C:\Program Files\Google\Update\GoogleUpdate.exe
    08:57:31.0763 1136 gupdate1cadf3d526de3be - ok
    08:57:31.0935 1136 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    08:57:31.0935 1136 gupdatem - ok
    08:57:32.0044 1136 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    08:57:32.0044 1136 gusvc - ok
    08:57:32.0107 1136 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    08:57:32.0122 1136 HdAudAddService - ok
    08:57:32.0169 1136 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    08:57:32.0185 1136 HDAudBus - ok
    08:57:32.0200 1136 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    08:57:32.0216 1136 HidBth - ok
    08:57:32.0247 1136 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    08:57:32.0247 1136 HidIr - ok
    08:57:32.0294 1136 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    08:57:32.0294 1136 hidserv - ok
    08:57:32.0341 1136 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    08:57:32.0356 1136 HidUsb - ok
    08:57:32.0387 1136 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    08:57:32.0387 1136 hkmsvc - ok
    08:57:32.0434 1136 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    08:57:32.0434 1136 HpCISSs - ok
    08:57:32.0575 1136 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    08:57:32.0590 1136 hpqcxs08 - ok
    08:57:32.0637 1136 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    08:57:32.0637 1136 hpqddsvc - ok
    08:57:32.0715 1136 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    08:57:32.0715 1136 HSFHWAZL - ok
    08:57:32.0809 1136 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
    08:57:32.0824 1136 HSF_DPV - ok
    08:57:32.0855 1136 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    08:57:32.0871 1136 HSXHWAZL - ok
    08:57:32.0902 1136 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    08:57:32.0918 1136 HTTP - ok
    08:57:32.0980 1136 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    08:57:32.0996 1136 i2omp - ok
    08:57:33.0089 1136 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    08:57:33.0089 1136 i8042prt - ok
    08:57:33.0136 1136 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    08:57:33.0136 1136 iaStorV - ok
    08:57:33.0199 1136 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    08:57:33.0230 1136 idsvc - ok
    08:57:33.0308 1136 [ 62448322731AC1BEDA52E2B3327046EE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    08:57:33.0323 1136 igfx - ok
    08:57:33.0370 1136 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    08:57:33.0370 1136 iirsp - ok
    08:57:33.0417 1136 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    08:57:33.0417 1136 IKEEXT - ok
    08:57:33.0511 1136 [ D729199B204C3FB78C58FF30550D965C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    08:57:33.0542 1136 IntcAzAudAddService - ok
    08:57:33.0589 1136 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    08:57:33.0589 1136 intelide - ok
    08:57:33.0620 1136 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    08:57:33.0620 1136 intelppm - ok
    08:57:33.0651 1136 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    08:57:33.0651 1136 IPBusEnum - ok
    08:57:33.0698 1136 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:57:33.0698 1136 IpFilterDriver - ok
    08:57:33.0760 1136 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    08:57:33.0760 1136 iphlpsvc - ok
    08:57:33.0776 1136 IpInIp - ok
    08:57:33.0807 1136 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    08:57:33.0807 1136 IPMIDRV - ok
    08:57:33.0854 1136 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    08:57:33.0869 1136 IPNAT - ok
    08:57:33.0932 1136 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    08:57:33.0947 1136 iPod Service - ok
    08:57:33.0979 1136 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    08:57:33.0979 1136 IRENUM - ok
    08:57:33.0994 1136 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    08:57:33.0994 1136 isapnp - ok
    08:57:34.0041 1136 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    08:57:34.0041 1136 iScsiPrt - ok
    08:57:34.0088 1136 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    08:57:34.0088 1136 iteatapi - ok
    08:57:34.0119 1136 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    08:57:34.0119 1136 iteraid - ok
    08:57:34.0150 1136 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    08:57:34.0150 1136 IviRegMgr - ok
    08:57:34.0166 1136 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
  7. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    Sorry, probably some over lap.
    C:\Windows\system32\drivers\iteatapi.sys
    08:57:34.0088 1136 iteatapi - ok
    08:57:34.0119 1136 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    08:57:34.0119 1136 iteraid - ok
    08:57:34.0150 1136 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    08:57:34.0150 1136 IviRegMgr - ok
    08:57:34.0166 1136 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    08:57:34.0166 1136 kbdclass - ok
    08:57:34.0197 1136 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    08:57:34.0197 1136 kbdhid - ok
    08:57:34.0259 1136 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    08:57:34.0275 1136 KeyIso - ok
    08:57:34.0322 1136 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    08:57:34.0337 1136 KSecDD - ok
    08:57:34.0400 1136 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    08:57:34.0415 1136 KtmRm - ok
    08:57:34.0447 1136 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    08:57:34.0447 1136 LanmanServer - ok
    08:57:34.0478 1136 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    08:57:34.0493 1136 LanmanWorkstation - ok
    08:57:34.0525 1136 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    08:57:34.0525 1136 lltdio - ok
    08:57:34.0556 1136 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    08:57:34.0571 1136 lltdsvc - ok
    08:57:34.0587 1136 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    08:57:34.0603 1136 lmhosts - ok
    08:57:34.0649 1136 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    08:57:34.0649 1136 LSI_FC - ok
    08:57:34.0681 1136 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    08:57:34.0681 1136 LSI_SAS - ok
    08:57:34.0712 1136 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    08:57:34.0712 1136 LSI_SCSI - ok
    08:57:34.0727 1136 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    08:57:34.0743 1136 luafv - ok
    08:57:34.0774 1136 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    08:57:34.0805 1136 Mcx2Svc - ok
    08:57:34.0899 1136 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    08:57:34.0915 1136 mdmxsdk - ok
    08:57:34.0977 1136 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    08:57:34.0977 1136 megasas - ok
    08:57:35.0071 1136 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    08:57:35.0102 1136 MegaSR - ok
    08:57:35.0164 1136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    08:57:35.0164 1136 MMCSS - ok
    08:57:35.0211 1136 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    08:57:35.0227 1136 Modem - ok
    08:57:35.0273 1136 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    08:57:35.0289 1136 monitor - ok
    08:57:35.0305 1136 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    08:57:35.0320 1136 mouclass - ok
    08:57:35.0367 1136 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    08:57:35.0367 1136 mouhid - ok
    08:57:35.0570 1136 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    08:57:35.0570 1136 MountMgr - ok
    08:57:35.0679 1136 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    08:57:35.0679 1136 MozillaMaintenance - ok
    08:57:35.0741 1136 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    08:57:35.0757 1136 mpio - ok
    08:57:35.0788 1136 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    08:57:35.0788 1136 mpsdrv - ok
    08:57:35.0866 1136 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    08:57:35.0913 1136 MpsSvc - ok
    08:57:35.0929 1136 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    08:57:35.0929 1136 Mraid35x - ok
    08:57:35.0991 1136 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    08:57:36.0007 1136 MRxDAV - ok
    08:57:36.0069 1136 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:57:36.0085 1136 mrxsmb - ok
    08:57:36.0163 1136 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:57:36.0178 1136 mrxsmb10 - ok
    08:57:36.0225 1136 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:57:36.0225 1136 mrxsmb20 - ok
    08:57:36.0272 1136 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
    08:57:36.0303 1136 msahci - ok
    08:57:36.0443 1136 [ 31FE01F58C95E1296F909BE52DEA63DD ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    08:57:36.0443 1136 MSCSPTISRV - ok
    08:57:36.0521 1136 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    08:57:36.0521 1136 msdsm - ok
    08:57:36.0537 1136 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    08:57:36.0553 1136 MSDTC - ok
    08:57:36.0584 1136 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    08:57:36.0584 1136 Msfs - ok
    08:57:36.0646 1136 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    08:57:36.0662 1136 msisadrv - ok
    08:57:36.0693 1136 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    08:57:36.0724 1136 MSiSCSI - ok
    08:57:36.0740 1136 msiserver - ok
    08:57:36.0771 1136 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    08:57:36.0787 1136 MSKSSRV - ok
    08:57:36.0818 1136 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    08:57:36.0818 1136 MSPCLOCK - ok
    08:57:36.0833 1136 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    08:57:36.0849 1136 MSPQM - ok
    08:57:36.0911 1136 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    08:57:36.0911 1136 MsRPC - ok
    08:57:36.0943 1136 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    08:57:36.0958 1136 mssmbios - ok
    08:57:37.0161 1136 MSSQL$MSSMLBIZ - ok
    08:57:37.0239 1136 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    08:57:37.0270 1136 MSSQLServerADHelper - ok
    08:57:37.0317 1136 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    08:57:37.0333 1136 MSTEE - ok
    08:57:37.0379 1136 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    08:57:37.0395 1136 Mup - ok
    08:57:37.0442 1136 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    08:57:37.0457 1136 napagent - ok
    08:57:37.0535 1136 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    08:57:37.0551 1136 NativeWifiP - ok
    08:57:37.0645 1136 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    08:57:37.0676 1136 NDIS - ok
    08:57:37.0738 1136 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    08:57:37.0754 1136 NdisTapi - ok
    08:57:37.0785 1136 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    08:57:37.0801 1136 Ndisuio - ok
    08:57:37.0847 1136 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    08:57:37.0863 1136 NdisWan - ok
    08:57:37.0957 1136 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    08:57:37.0972 1136 NDProxy - ok
    08:57:38.0050 1136 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    08:57:38.0066 1136 Net Driver HPZ12 - ok
    08:57:38.0128 1136 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    08:57:38.0128 1136 NetBIOS - ok
    08:57:38.0175 1136 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    08:57:38.0191 1136 netbt - ok
    08:57:38.0206 1136 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    08:57:38.0206 1136 Netlogon - ok
    08:57:38.0269 1136 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    08:57:38.0284 1136 Netman - ok
    08:57:38.0315 1136 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    08:57:38.0331 1136 netprofm - ok
    08:57:38.0393 1136 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    08:57:38.0393 1136 NetTcpPortSharing - ok
    08:57:38.0549 1136 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
    08:57:38.0659 1136 NETw4v32 - ok
    08:57:38.0690 1136 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    08:57:38.0690 1136 nfrd960 - ok
    08:57:38.0752 1136 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    08:57:38.0768 1136 NlaSvc - ok
    08:57:38.0815 1136 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    08:57:38.0830 1136 Npfs - ok
    08:57:38.0877 1136 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    08:57:38.0893 1136 nsi - ok
    08:57:38.0924 1136 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    08:57:38.0924 1136 nsiproxy - ok
    08:57:38.0986 1136 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    08:57:39.0049 1136 Ntfs - ok
    08:57:39.0095 1136 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    08:57:39.0095 1136 ntrigdigi - ok
    08:57:39.0111 1136 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    08:57:39.0111 1136 Null - ok
    08:57:39.0158 1136 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    08:57:39.0173 1136 nvraid - ok
    08:57:39.0205 1136 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    08:57:39.0205 1136 nvstor - ok
    08:57:39.0220 1136 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    08:57:39.0220 1136 nv_agp - ok
    08:57:39.0236 1136 NwlnkFlt - ok
    08:57:39.0236 1136 NwlnkFwd - ok
    08:57:39.0345 1136 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    08:57:39.0376 1136 odserv - ok
    08:57:39.0423 1136 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    08:57:39.0439 1136 ohci1394 - ok
    08:57:39.0485 1136 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:57:39.0517 1136 ose - ok
    08:57:39.0610 1136 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    08:57:39.0641 1136 p2pimsvc - ok
    08:57:39.0688 1136 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    08:57:39.0704 1136 p2psvc - ok
    08:57:39.0735 1136 [ F5395A0379C51283471354402F7B949D ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    08:57:39.0751 1136 PACSPTISVR - ok
    08:57:39.0797 1136 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    08:57:39.0844 1136 Parport - ok
    08:57:39.0891 1136 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    08:57:39.0907 1136 partmgr - ok
    08:57:39.0938 1136 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    08:57:39.0938 1136 Parvdm - ok
    08:57:39.0985 1136 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    08:57:39.0985 1136 PcaSvc - ok
    08:57:40.0031 1136 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    08:57:40.0031 1136 pci - ok
    08:57:40.0063 1136 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
    08:57:40.0078 1136 pciide - ok
    08:57:40.0156 1136 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    08:57:40.0187 1136 pcmcia - ok
    08:57:40.0297 1136 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    08:57:40.0359 1136 PEAUTH - ok
    08:57:40.0499 1136 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    08:57:40.0593 1136 pla - ok
    08:57:40.0687 1136 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    08:57:40.0702 1136 PlugPlay - ok
    08:57:40.0733 1136 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    08:57:40.0749 1136 Pml Driver HPZ12 - ok
    08:57:40.0796 1136 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    08:57:40.0827 1136 PNRPAutoReg - ok
    08:57:40.0843 1136 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    08:57:40.0858 1136 PNRPsvc - ok
    08:57:40.0889 1136 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    08:57:40.0936 1136 PolicyAgent - ok
    08:57:40.0983 1136 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    08:57:40.0983 1136 PptpMiniport - ok
    08:57:41.0030 1136 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
    08:57:41.0061 1136 Processor - ok
    08:57:41.0108 1136 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    08:57:41.0123 1136 ProfSvc - ok
    08:57:41.0139 1136 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    08:57:41.0186 1136 ProtectedStorage - ok
    08:57:41.0389 1136 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
    08:57:41.0451 1136 ProtexisLicensing - ok
    08:57:41.0529 1136 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    08:57:41.0560 1136 PSched - ok
    08:57:41.0623 1136 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    08:57:41.0638 1136 PxHelp20 - ok
    08:57:41.0825 1136 [ 0A2C21B3168F2EFC3468B35FF5508CEA ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    08:57:41.0825 1136 QBCFMonitorService - ok
    08:57:41.0888 1136 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    08:57:41.0935 1136 QBFCService - ok
    08:57:42.0106 1136 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    08:57:42.0356 1136 ql2300 - ok
    08:57:42.0387 1136 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    08:57:42.0387 1136 ql40xx - ok
    08:57:42.0418 1136 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    08:57:42.0434 1136 QWAVE - ok
    08:57:42.0465 1136 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    08:57:42.0465 1136 QWAVEdrv - ok
    08:57:42.0590 1136 [ 68E04F3944E6F82C64B53F8A8F13FB3A ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
    08:57:42.0590 1136 R5U870FLx86 - ok
    08:57:42.0637 1136 [ 7F1356060D1894B46554A0D8E6F13958 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
    08:57:42.0637 1136 R5U870FUx86 - ok
    08:57:42.0793 1136 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    08:57:42.0824 1136 RapiMgr - ok
    08:57:43.0042 1136 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    08:57:43.0089 1136 RasAcd - ok
    08:57:43.0151 1136 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    08:57:43.0307 1136 RasAuto - ok
    08:57:43.0417 1136 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:57:43.0432 1136 Rasl2tp - ok
    08:57:43.0651 1136 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    08:57:43.0697 1136 RasMan - ok
    08:57:43.0744 1136 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    08:57:43.0760 1136 RasPppoe - ok
    08:57:43.0807 1136 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    08:57:43.0838 1136 RasSstp - ok
    08:57:43.0885 1136 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    08:57:43.0916 1136 rdbss - ok
    08:57:43.0963 1136 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:57:43.0994 1136 RDPCDD - ok
    08:57:44.0056 1136 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    08:57:44.0087 1136 rdpdr - ok
    08:57:44.0103 1136 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    08:57:44.0119 1136 RDPENCDD - ok
    08:57:44.0181 1136 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    08:57:44.0181 1136 RDPWD - ok
    08:57:44.0259 1136 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
    08:57:44.0259 1136 regi - ok
    08:57:44.0399 1136 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    08:57:44.0446 1136 RemoteAccess - ok
    08:57:44.0633 1136 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    08:57:44.0680 1136 RemoteRegistry - ok
    08:57:44.0852 1136 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    08:57:44.0883 1136 RFCOMM - ok
    08:57:44.0992 1136 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    08:57:44.0992 1136 RpcLocator - ok
    08:57:45.0023 1136 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    08:57:45.0039 1136 RpcSs - ok
    08:57:45.0086 1136 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    08:57:45.0101 1136 rspndr - ok
    08:57:45.0164 1136 [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    08:57:45.0164 1136 RTL8169 - ok
    08:57:45.0257 1136 [ 3EDFB0089B9455B26154B572DB650EE3 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
    08:57:45.0273 1136 RTL8192su - ok
    08:57:45.0320 1136 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    08:57:45.0351 1136 SamSs - ok
    08:57:45.0476 1136 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    08:57:45.0491 1136 SASDIFSV - ok
    08:57:45.0523 1136 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    08:57:45.0538 1136 SASKUTIL - ok
    08:57:45.0585 1136 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    08:57:45.0585 1136 sbp2port - ok
    08:57:45.0741 1136 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    08:57:45.0757 1136 SBSDWSCService - ok
    08:57:45.0803 1136 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    08:57:45.0803 1136 SCardSvr - ok
    08:57:45.0881 1136 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    08:57:45.0913 1136 Schedule - ok
    08:57:45.0928 1136 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    08:57:45.0944 1136 SCPolicySvc - ok
    08:57:45.0975 1136 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    08:57:45.0991 1136 SDRSVC - ok
    08:57:46.0022 1136 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    08:57:46.0053 1136 secdrv - ok
    08:57:46.0100 1136 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    08:57:46.0193 1136 seclogon - ok
    08:57:46.0256 1136 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    08:57:46.0271 1136 SENS - ok
    08:57:46.0318 1136 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    08:57:46.0334 1136 Serenum - ok
    08:57:46.0381 1136 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    08:57:46.0381 1136 Serial - ok
    08:57:46.0412 1136 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    08:57:46.0412 1136 sermouse - ok
    08:57:46.0474 1136 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    08:57:46.0490 1136 SessionEnv - ok
    08:57:46.0537 1136 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
    08:57:46.0537 1136 SFEP - ok
    08:57:46.0583 1136 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    08:57:46.0583 1136 sffdisk - ok
    08:57:46.0599 1136 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    08:57:46.0599 1136 sffp_mmc - ok
    08:57:46.0646 1136 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    08:57:46.0661 1136 sffp_sd - ok
    08:57:46.0661 1136 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    08:57:46.0661 1136 sfloppy - ok
    08:57:46.0708 1136 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    08:57:46.0708 1136 SharedAccess - ok
    08:57:46.0771 1136 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    08:57:46.0771 1136 ShellHWDetection - ok
    08:57:46.0802 1136 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    08:57:46.0802 1136 sisagp - ok
    08:57:46.0833 1136 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    08:57:46.0833 1136 SiSRaid2 - ok
    08:57:46.0880 1136 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    08:57:46.0880 1136 SiSRaid4 - ok
    08:57:46.0989 1136 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    08:57:47.0005 1136 SkypeUpdate - ok
    08:57:47.0285 1136 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    08:57:47.0707 1136 slsvc - ok
    08:57:47.0847 1136 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    08:57:47.0909 1136 SLUINotify - ok
    08:57:47.0956 1136 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    08:57:47.0956 1136 Smb - ok
    08:57:47.0987 1136 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    08:57:48.0003 1136 SNMPTRAP - ok
    08:57:48.0081 1136 [ D07F3C6FE13D291A5C27E2D2E8EC7F52 ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
    08:57:48.0081 1136 SOHCImp - ok
    08:57:48.0112 1136 [ E507433FC0237B9FFCB6F97235E8C47D ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
    08:57:48.0128 1136 SOHDms - ok
    08:57:48.0143 1136 [ E674417F83C45679CD9C804D77E485A3 ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
    08:57:48.0143 1136 SOHDs - ok
    08:57:48.0175 1136 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    08:57:48.0175 1136 spldr - ok
    08:57:48.0253 1136 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    08:57:48.0268 1136 Spooler - ok
    08:57:48.0315 1136 [ CF7532B3D8061F3D0A9C6478850DABD4 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    08:57:48.0331 1136 SPTISRV - ok
    08:57:48.0455 1136 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    08:57:48.0487 1136 SQLBrowser - ok
    08:57:48.0549 1136 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    08:57:48.0565 1136 SQLWriter - ok
    08:57:48.0643 1136 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    08:57:48.0643 1136 srv - ok
    08:57:48.0736 1136 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    08:57:48.0736 1136 srv2 - ok
    08:57:48.0799 1136 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    08:57:48.0814 1136 srvnet - ok
    08:57:48.0845 1136 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    08:57:48.0861 1136 SSDPSRV - ok
    08:57:48.0923 1136 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    08:57:48.0923 1136 SstpSvc - ok
    08:57:49.0033 1136 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    08:57:49.0095 1136 stisvc - ok
    08:57:49.0126 1136 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    08:57:49.0142 1136 swenum - ok
    08:57:49.0189 1136 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    08:57:49.0235 1136 swprv - ok
    08:57:49.0251 1136 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    08:57:49.0267 1136 Symc8xx - ok
    08:57:49.0313 1136 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    08:57:49.0313 1136 Sym_hi - ok
    08:57:49.0345 1136 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    08:57:49.0345 1136 Sym_u3 - ok
    08:57:49.0407 1136 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    08:57:49.0423 1136 SynTP - ok
    08:57:49.0469 1136 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    08:57:49.0485 1136 SysMain - ok
    08:57:49.0516 1136 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    08:57:49.0516 1136 TabletInputService - ok
    08:57:49.0547 1136 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    08:57:49.0563 1136 TapiSrv - ok
    08:57:49.0594 1136 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    08:57:49.0594 1136 TBS - ok
    08:57:49.0781 1136 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    08:57:49.0797 1136 Tcpip - ok
    08:57:49.0828 1136 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    08:57:49.0844 1136 Tcpip6 - ok
    08:57:49.0891 1136 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    08:57:49.0891 1136 tcpipreg - ok
    08:57:49.0922 1136 [ 07D174A992AB0EA6001F390DE1AFA27B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
    08:57:49.0922 1136 TcUsb - ok
    08:57:49.0953 1136 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    08:57:49.0953 1136 TDPIPE - ok
    08:57:50.0062 1136 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    08:57:50.0062 1136 TDTCP - ok
    08:57:50.0125 1136 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    08:57:50.0156 1136 tdx - ok
    08:57:50.0203 1136 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    08:57:50.0218 1136 TermDD - ok
    08:57:50.0249 1136 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    08:57:50.0390 1136 TermService - ok
    08:57:50.0405 1136 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    08:57:50.0437 1136 Themes - ok
    08:57:50.0452 1136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    08:57:50.0452 1136 THREADORDER - ok
    08:57:50.0593 1136 [ 030F439AC1CCDA7AC6CE01CC02102045 ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
    08:57:50.0624 1136 ti21sony - ok
    08:57:50.0655 1136 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    08:57:50.0671 1136 TrkWks - ok
    08:57:50.0733 1136 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    08:57:50.0733 1136 TrustedInstaller - ok
    08:57:50.0764 1136 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:57:50.0764 1136 tssecsrv - ok
    08:57:50.0795 1136 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    08:57:50.0795 1136 tunmp - ok
    08:57:50.0858 1136 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    08:57:50.0858 1136 tunnel - ok
    08:57:50.0889 1136 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    08:57:50.0889 1136 uagp35 - ok
    08:57:50.0936 1136 [ 3D7B66D3B25DFBDE7B96114E2D8EF2B3 ] uCamMonitor C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    08:57:50.0983 1136 uCamMonitor - ok
    08:57:51.0076 1136 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    08:57:51.0076 1136 udfs - ok
    08:57:51.0326 1136 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    08:57:51.0326 1136 UI0Detect - ok
    08:57:51.0341 1136 UIUSys - ok
    08:57:51.0357 1136 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    08:57:51.0373 1136 uliagpkx - ok
    08:57:51.0404 1136 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    08:57:51.0404 1136 uliahci - ok
    08:57:51.0451 1136 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    08:57:51.0451 1136 UlSata - ok
    08:57:51.0497 1136 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    08:57:51.0497 1136 ulsata2 - ok
    08:57:51.0544 1136 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    08:57:51.0544 1136 umbus - ok
    08:57:51.0591 1136 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    08:57:51.0607 1136 upnphost - ok
    08:57:51.0685 1136 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    08:57:51.0685 1136 USBAAPL - ok
    08:57:51.0747 1136 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    08:57:51.0747 1136 usbaudio - ok
    08:57:51.0809 1136 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    08:57:52.0028 1136 usbccgp - ok
    08:57:52.0075 1136 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    08:57:52.0090 1136 usbcir - ok
    08:57:52.0137 1136 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    08:57:52.0137 1136 usbehci - ok
    08:57:52.0215 1136 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    08:57:52.0215 1136 usbhub - ok
    08:57:52.0293 1136 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    08:57:52.0293 1136 usbohci - ok
    08:57:52.0324 1136 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    08:57:52.0340 1136 usbprint - ok
    08:57:52.0371 1136 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    08:57:52.0387 1136 usbscan - ok
    08:57:52.0418 1136 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    08:57:52.0433 1136 USBSTOR - ok
    08:57:52.0480 1136 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    08:57:52.0480 1136 usbuhci - ok
    08:57:52.0543 1136 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    08:57:52.0543 1136 usbvideo - ok
    08:57:52.0574 1136 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    08:57:52.0589 1136 usb_rndisx - ok
    08:57:52.0621 1136 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    08:57:52.0636 1136 UxSms - ok
    08:57:52.0886 1136 [ D6E6BD77F4BEDD695553D5EA1FFDFCDD ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    08:57:52.0901 1136 VAIO Entertainment TV Device Arbitration Service - ok
    08:57:53.0198 1136 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    08:57:53.0213 1136 VAIO Event Service - ok
    08:57:53.0588 1136 [ 9D1DD772DEC13B0DA3289A4B266B0767 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    08:57:53.0603 1136 VcmIAlzMgr - ok
    08:57:53.0775 1136 [ C44A507B71EB90E8299D2AF8FB05AE5B ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    08:57:53.0837 1136 VcmXmlIfHelper - ok
    08:57:53.0837 1136 Vcsw - ok
    08:57:53.0884 1136 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    08:57:53.0962 1136 vds - ok
    08:57:54.0040 1136 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    08:57:54.0056 1136 vga - ok
    08:57:54.0103 1136 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    08:57:54.0103 1136 VgaSave - ok
    08:57:54.0134 1136 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    08:57:54.0212 1136 viaagp - ok
    08:57:54.0227 1136 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    08:57:54.0227 1136 ViaC7 - ok
    08:57:54.0243 1136 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    08:57:54.0259 1136 viaide - ok
    08:57:54.0274 1136 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    08:57:54.0274 1136 volmgr - ok
    08:57:54.0337 1136 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    08:57:54.0337 1136 volmgrx - ok
    08:57:54.0368 1136 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    08:57:54.0571 1136 volsnap - ok
    08:57:54.0867 1136 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    08:57:55.0007 1136 vsmraid - ok
    08:57:55.0132 1136 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    08:57:55.0803 1136 VSS - ok
    08:57:56.0068 1136 [ 0E2357BF1E70E17EFB13D08FCE74FCBC ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    08:57:56.0131 1136 VzCdbSvc - ok
    08:57:56.0255 1136 [ 99BCBD7F13779AE06944776A8D4BB5C3 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    08:57:56.0287 1136 VzFw - ok
    08:57:56.0349 1136 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    08:57:56.0411 1136 W32Time - ok
    08:57:56.0474 1136 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    08:57:56.0474 1136 WacomPen - ok
    08:57:56.0489 1136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    08:57:56.0521 1136 Wanarp - ok
    08:57:56.0536 1136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    08:57:56.0536 1136 Wanarpv6 - ok
    08:57:56.0817 1136 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    08:57:56.0942 1136 WcesComm - ok
    08:57:57.0160 1136 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    08:57:57.0581 1136 wcncsvc - ok
    08:57:57.0675 1136 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    08:57:57.0706 1136 WcsPlugInService - ok
    08:57:57.0737 1136 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    08:57:57.0753 1136 Wd - ok
    08:57:57.0831 1136 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    08:57:57.0847 1136 Wdf01000 - ok
    08:57:57.0878 1136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    08:57:57.0909 1136 WdiServiceHost - ok
    08:57:57.0925 1136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    08:57:57.0940 1136 WdiSystemHost - ok
    08:57:57.0987 1136 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    08:57:58.0003 1136 WebClient - ok
    08:57:58.0065 1136 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
    08:57:58.0252 1136 Wecsvc - ok
    08:57:58.0315 1136 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    08:57:58.0408 1136 wercplsupport - ok
    08:57:58.0611 1136 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    08:57:58.0658 1136 WerSvc - ok
    08:57:58.0767 1136 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    08:57:58.0798 1136 WimFltr - ok
    08:57:59.0235 1136 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    08:57:59.0329 1136 winachsf - ok
    08:58:00.0358 1136 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    08:58:00.0405 1136 WinDefend - ok
    08:58:00.0405 1136 WinHttpAutoProxySvc - ok
    08:58:00.0655 1136 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    08:58:00.0701 1136 Winmgmt - ok
    08:58:01.0045 1136 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
    08:58:01.0575 1136 WinRM - ok
    08:58:01.0778 1136 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    08:58:01.0856 1136 Wlansvc - ok
    08:58:01.0949 1136 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    08:58:01.0949 1136 WmiAcpi - ok
    08:58:02.0090 1136 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    08:58:02.0105 1136 wmiApSrv - ok
    08:58:02.0776 1136 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    08:58:03.0088 1136 WMPNetworkSvc - ok
    08:58:03.0166 1136 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    08:58:03.0478 1136 WPCSvc - ok
    08:58:03.0587 1136 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    08:58:03.0665 1136 WPDBusEnum - ok
    08:58:03.0837 1136 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    08:58:03.0868 1136 WpdUsb - ok
    08:58:03.0946 1136 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    08:58:03.0946 1136 ws2ifsl - ok
    08:58:04.0024 1136 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    08:58:04.0055 1136 wscsvc - ok
    08:58:04.0071 1136 WSearch - ok
    08:58:04.0945 1136 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    08:58:06.0177 1136 wuauserv - ok
    08:58:06.0364 1136 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:58:06.0427 1136 WUDFRd - ok
    08:58:06.0739 1136 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    08:58:06.0754 1136 wudfsvc - ok
    08:58:07.0987 1136 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
    08:58:08.0018 1136 XAudio - ok
    08:58:08.0486 1136 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
    08:58:08.0517 1136 XAudioService - ok
    08:58:08.0579 1136 ================ Scan global ===============================
    08:58:08.0642 1136 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    08:58:08.0751 1136 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    08:58:08.0891 1136 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    08:58:09.0063 1136 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    08:58:09.0125 1136 [Global] - ok
    08:58:09.0125 1136 ================ Scan MBR ==================================
    08:58:09.0172 1136 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    08:58:12.0027 1136 \Device\Harddisk0\DR0 - ok
    08:58:12.0027 1136 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
    08:58:12.0043 1136 \Device\Harddisk2\DR2 - ok
    08:58:12.0043 1136 ================ Scan VBR ==================================
    08:58:12.0074 1136 [ 4C8BE833BDCEE989926808C1F52CA548 ] \Device\Harddisk0\DR0\Partition1
    08:58:12.0199 1136 \Device\Harddisk0\DR0\Partition1 - ok
    08:58:12.0199 1136 [ 6E695E0689AF922C7DFAC4BB03B3CE27 ] \Device\Harddisk2\DR2\Partition1
    08:58:12.0199 1136 \Device\Harddisk2\DR2\Partition1 - ok
    08:58:12.0199 1136 ============================================================
    08:58:12.0199 1136 Scan finished
    08:58:12.0199 1136 ============================================================
    08:58:12.0214 2752 Detected object count: 0
    08:58:12.0214 2752 Actual detected object count: 0
    09:04:04.0459 3524 Deinitialize success
  8. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Michelle [Admin rights]
    Mode : Remove -- Date : 10/09/2012 09:17:23

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Michelle\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1246GSX ATA Device +++++
    --- User ---
    [MBR] 7a3599de38c6a88dcd4d31fca41aed4b
    [BSP] b21b56746381b798b3a02139c0b64481 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7957 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16297984 | Size: 106514 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: SD1 Device +++++
    --- User ---
    [MBR] 8a4a3f84a9eda68451f8bdccda84c484
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
    Error reading LL1 MBR!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  9. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    While doing this Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    The pc has frozen up. I've pulled the plug & booting up.
    I've re started it. Hope thats ok.
  10. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    Ok, I restarted aswMBR but after a couple minutes a blue screen with white words "flashed" on the screen & it rebooted. Will wait for your instructions.
  11. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    See if it'll run from Safe Mode.
     
  12. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    I just tried it & it didn't. It went for a couple minutes & flashed a blue screen with white words & is rebooting now.
  13. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  14. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    Ok, I ran Combofix fine,it rebooted but when I click on the Firefox icon to post the results, I get
    C:progran Files\Mozilla Firefox\firefox.exe

    Illegal operation attempted on a registry key that has been marked for deletion

    Same thing for IE & Safari
  15. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    Ok, here is what I've done. I saved the Combofix log to a flashdrive & am posting it using my pc. I hope this works.
    ComboFix 12-10-09.01 - Michelle 10/09/2012 13:03:26.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.685 [GMT -7:00]
    Running from: c:\users\Michelle\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\DFR1D5C.tmp
    c:\program files\explorer
    c:\program files\explorer\AddressParser\AddressParserConfiguration.xml
    c:\program files\explorer\AddressParser\parser_andorra.xml
    c:\program files\explorer\AddressParser\parser_austria.xml
    c:\program files\explorer\AddressParser\parser_belgium.xml
    c:\program files\explorer\AddressParser\parser_canada.xml
    c:\program files\explorer\AddressParser\parser_denmark.xml
    c:\program files\explorer\AddressParser\parser_france.xml
    c:\program files\explorer\AddressParser\parser_germany.xml
    c:\program files\explorer\AddressParser\parser_ireland.xml
    c:\program files\explorer\AddressParser\parser_italy.xml
    c:\program files\explorer\AddressParser\parser_liechtenstein.xml
    c:\program files\explorer\AddressParser\parser_luxembourg.xml
    c:\program files\explorer\AddressParser\parser_monaco.xml
    c:\program files\explorer\AddressParser\parser_netherlands.xml
    c:\program files\explorer\AddressParser\parser_norway.xml
    c:\program files\explorer\AddressParser\parser_portugal.xml
    c:\program files\explorer\AddressParser\parser_spain.xml
    c:\program files\explorer\AddressParser\parser_sweden.xml
    c:\program files\explorer\AddressParser\parser_switzerland.xml
    c:\program files\explorer\AddressParser\parser_uk.xml
    c:\program files\explorer\AddressParser\parser_usa.xml
    c:\program files\explorer\basemaps\basemaps.de.xml
    c:\program files\explorer\basemaps\basemaps.es.xml
    c:\program files\explorer\basemaps\basemaps.fr.xml
    c:\program files\explorer\basemaps\basemaps.ja-jp.xml
    c:\program files\explorer\basemaps\basemaps.xml
    c:\program files\explorer\basemaps\basemaps.zh-CN.xml
    c:\program files\explorer\basemaps\Server\basemap0.nmf
    c:\program files\explorer\basemaps\Server\basemap0.png
    c:\program files\explorer\basemaps\Server\basemap1.nmf
    c:\program files\explorer\basemaps\Server\basemap1.png
    c:\program files\explorer\basemaps\Server\basemap10.nmf
    c:\program files\explorer\basemaps\Server\basemap10.png
    c:\program files\explorer\basemaps\Server\basemap11.nmf
    c:\program files\explorer\basemaps\Server\basemap11.png
    c:\program files\explorer\basemaps\Server\basemap2.nmf
    c:\program files\explorer\basemaps\Server\basemap2.png
    c:\program files\explorer\basemaps\Server\basemap3.nmf
    c:\program files\explorer\basemaps\Server\basemap3.png
    c:\program files\explorer\basemaps\Server\basemap4.nmf
    c:\program files\explorer\basemaps\Server\basemap4.png
    c:\program files\explorer\basemaps\Server\basemap5.nmf
    c:\program files\explorer\basemaps\Server\basemap5.png
    c:\program files\explorer\basemaps\Server\basemap6.nmf
    c:\program files\explorer\basemaps\Server\basemap6.png
    c:\program files\explorer\basemaps\Server\basemap7.nmf
    c:\program files\explorer\basemaps\Server\basemap7.png
    c:\program files\explorer\basemaps\Server\basemap8.nmf
    c:\program files\explorer\basemaps\Server\basemap8.png
    c:\program files\explorer\basemaps\Server\basemap9.nmf
    c:\program files\explorer\basemaps\Server\basemap9.png
    c:\program files\explorer\basemaps\Server\basemaps.de.xml
    c:\program files\explorer\basemaps\Server\basemaps.es.xml
    c:\program files\explorer\basemaps\Server\basemaps.fr.xml
    c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml
    c:\program files\explorer\basemaps\Server\basemaps.xml
    c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml
    c:\program files\explorer\bin\3dAnalystUtil.dll
    c:\program files\explorer\bin\3DSymbols.dll
    c:\program files\explorer\bin\3DSymbolsLib.dll
    c:\program files\explorer\bin\AfCore.dll
    c:\program files\explorer\bin\AfUtil.dll
    c:\program files\explorer\bin\AGSClient.dll
    c:\program files\explorer\bin\aibase.dll
    c:\program files\explorer\bin\aifeat.dll
    c:\program files\explorer\bin\AISClient.dll
    c:\program files\explorer\bin\AISGlobalLib.dll
    c:\program files\explorer\bin\aishape.dll
    c:\program files\explorer\bin\Animation.dll
    c:\program files\explorer\bin\AnnoLayer.dll
    c:\program files\explorer\bin\Annotation.dll
    c:\program files\explorer\bin\AnnotationLib.dll
    c:\program files\explorer\bin\AoInitializer.dll
    c:\program files\explorer\bin\AppInitializerLib.dll
    c:\program files\explorer\bin\ApplicationConfigurationManager.exe
    c:\program files\explorer\bin\ArcGISExplorer.ISCConfig
    c:\program files\explorer\bin\atl71.dll
    c:\program files\explorer\bin\BasemapLayer.dll
    c:\program files\explorer\bin\BasicRasterPicture.dll
    c:\program files\explorer\bin\BGLAPI.dll
    c:\program files\explorer\bin\BGLAPILib.dll
    c:\program files\explorer\bin\BGLFontEngine.dll
    c:\program files\explorer\bin\BGLGeomChestLib.dll
    c:\program files\explorer\bin\BGLGeometricEffects.dll
    c:\program files\explorer\bin\BGLImageCoders.dll
    c:\program files\explorer\bin\BGLRasterizerLib.dll
    c:\program files\explorer\bin\BGLRasterizerSW.dll
    c:\program files\explorer\bin\BGLSymbols.dll
    c:\program files\explorer\bin\BGLSymbolsLib.dll
    c:\program files\explorer\bin\BGLToGDIHelper.dll
    c:\program files\explorer\bin\bin.zreg
    c:\program files\explorer\bin\CacheRasterDB.dll
    c:\program files\explorer\bin\CadastralFabric.dll
    c:\program files\explorer\bin\CadastralFabricLayer.dll
    c:\program files\explorer\bin\CadEngine.dll
    c:\program files\explorer\bin\CadFDB.dll
    c:\program files\explorer\bin\CadLayer.dll
    c:\program files\explorer\bin\CadWorkspaceFactory.dll
    c:\program files\explorer\bin\Camera.dll
    c:\program files\explorer\bin\CartoControlsLib.dll
    c:\program files\explorer\bin\CartoConverter.dll
    c:\program files\explorer\bin\CartoXLib.dll
    c:\program files\explorer\bin\CIM.dll
    c:\program files\explorer\bin\CIMLib.dll
    c:\program files\explorer\bin\Color.dll
    c:\program files\explorer\bin\ComplexSymbols.dll
    c:\program files\explorer\bin\CompressedDataFile.dll
    c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg
    c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
    c:\program files\explorer\bin\DADFLib.dll
    c:\program files\explorer\bin\DaeFile.dll
    c:\program files\explorer\bin\DataConverterLib.dll
    c:\program files\explorer\bin\dbghelp.dll
    c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\de\DADFRes.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\de\ResToolkitPro.dll
    c:\program files\explorer\bin\DECoreLib.dll
    c:\program files\explorer\bin\DFORRT.DLL
    c:\program files\explorer\bin\Display.dll
    c:\program files\explorer\bin\DisplayFeedback.dll
    c:\program files\explorer\bin\DisplayGraph.dll
    c:\program files\explorer\bin\DisplayLib.dll
    c:\program files\explorer\bin\DistributedGeodbLib.dll
    c:\program files\explorer\bin\DynamicDisplay.dll
    c:\program files\explorer\bin\e3.config.xml
    c:\program files\explorer\bin\E3.exe
    c:\program files\explorer\bin\E3.exe.config
    c:\program files\explorer\bin\E3Control.dll
    c:\program files\explorer\bin\E3EmailHelper.exe
    c:\program files\explorer\bin\EngineGraphics.dll
    c:\program files\explorer\bin\EnginePackager.dll
    c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\es\DADFRes.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\es\ResToolkitPro.dll
    c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
    c:\program files\explorer\bin\ESRI.DADF.Core.dll
    c:\program files\explorer\bin\ESRI.DADF.dll
    c:\program files\explorer\bin\esrizip.exe
    c:\program files\explorer\bin\Export.dll
    c:\program files\explorer\bin\ExtTopoEngine.dll
    c:\program files\explorer\bin\FdaCore.dll
    c:\program files\explorer\bin\FdaCoreLib.dll
    c:\program files\explorer\bin\FdaRel.dll
    c:\program files\explorer\bin\FeatureDataConverter.dll
    c:\program files\explorer\bin\FeatureDataElements.dll
    c:\program files\explorer\bin\FeatureLayer.dll
    c:\program files\explorer\bin\FeatureLayerLib.dll
    c:\program files\explorer\bin\FgdbRasterDB.dll
    c:\program files\explorer\bin\FgdbUtilLib.dll
    c:\program files\explorer\bin\FileDataElements.dll
    c:\program files\explorer\bin\FileDBCoreLib.dll
    c:\program files\explorer\bin\FileGDB.dll
    c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll
    c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\fr\DADFRes.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\fr\ResToolkitPro.dll
    c:\program files\explorer\bin\FunctionRasterDB.dll
    c:\program files\explorer\bin\gdal16.dll
    c:\program files\explorer\bin\GdalRasterDB.dll
    c:\program files\explorer\bin\GdbCatalog.dll
    c:\program files\explorer\bin\GdbCore.dll
    c:\program files\explorer\bin\GdbCoreLib.dll
    c:\program files\explorer\bin\GdbNet.dll
    c:\program files\explorer\bin\GdbTopo.dll
    c:\program files\explorer\bin\GeoDataExtraction.dll
    c:\program files\explorer\bin\GeoDataServer.dll
    c:\program files\explorer\bin\GeoDataTransfer.dll
    c:\program files\explorer\bin\Geometry.dll
    c:\program files\explorer\bin\GeoprocessingLib.dll
    c:\program files\explorer\bin\GeoProcessor.dll
    c:\program files\explorer\bin\GeoRSSPlugin.dll
    c:\program files\explorer\bin\glew32.dll
    c:\program files\explorer\bin\Globe.dll
    c:\program files\explorer\bin\GlobeCamera.dll
    c:\program files\explorer\bin\GlobeClient.dll
    c:\program files\explorer\bin\GlobeCoreLib.dll
    c:\program files\explorer\bin\GlobeDisplay.dll
    c:\program files\explorer\bin\GlobeLayers.dll
    c:\program files\explorer\bin\GlobeServer.dll
    c:\program files\explorer\bin\GlobeServerLayer.dll
    c:\program files\explorer\bin\GlobeViewerCoreLib.dll
    c:\program files\explorer\bin\GPClient.dll
    c:\program files\explorer\bin\GpObjects.dll
    c:\program files\explorer\bin\GpPythonCore.dll
    c:\program files\explorer\bin\GPRasterFunctions.dll
    c:\program files\explorer\bin\GraphicElements.dll
    c:\program files\explorer\bin\hd420m.dll
    c:\program files\explorer\bin\hdf5dll.dll
    c:\program files\explorer\bin\hm420m.dll
    c:\program files\explorer\bin\icudt40.dll
    c:\program files\explorer\bin\icuin40.dll
    c:\program files\explorer\bin\icuio40.dll
    c:\program files\explorer\bin\icule40.dll
    c:\program files\explorer\bin\icuuc40.dll
    c:\program files\explorer\bin\ImageAccessLib.dll
    c:\program files\explorer\bin\ImageClient.dll
    c:\program files\explorer\bin\ImageServer.dll
    c:\program files\explorer\bin\ImageServerLayer.dll
    c:\program files\explorer\bin\IMSConnector.dll
    c:\program files\explorer\bin\ImsFDB.dll
    c:\program files\explorer\bin\IMSLayer.dll
    c:\program files\explorer\bin\IMSLayerLib.dll
    c:\program files\explorer\bin\IMSServiceLib.dll
    c:\program files\explorer\bin\ImsWorkspaceFactory.dll
    c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll
    c:\program files\explorer\bin\InputDevice3Dx.dll
    c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\ja-JP\DADFRes.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll
    c:\program files\explorer\bin\kdu61.dll
    c:\program files\explorer\bin\KmlLayer.dll
    c:\program files\explorer\bin\LabelPlacement.dll
    c:\program files\explorer\bin\Layer.dll
    c:\program files\explorer\bin\LayerLib.dll
    c:\program files\explorer\bin\lcms117lib.dll
    c:\program files\explorer\bin\libcollada14dom21.dll
    c:\program files\explorer\bin\libcurl.dll
    c:\program files\explorer\bin\lti_dsdk_dll.dll
    c:\program files\explorer\bin\Map.dll
    c:\program files\explorer\bin\MapClient.dll
    c:\program files\explorer\bin\MapDB.dll
    c:\program files\explorer\bin\MapElements.dll
    c:\program files\explorer\bin\MaplexEngineLib.dll
    c:\program files\explorer\bin\MapLib.dll
    c:\program files\explorer\bin\MappingCore.dll
    c:\program files\explorer\bin\MappingCoreLib.dll
    c:\program files\explorer\bin\MappingServicesLib.dll
    c:\program files\explorer\bin\MapServer.dll
    c:\program files\explorer\bin\MapServerLayer.dll
    c:\program files\explorer\bin\Marker3DFile.dll
    c:\program files\explorer\bin\MessageSupport.dll
    c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll
    c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
    c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
    c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
    c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
    c:\program files\explorer\bin\MosaicDB.dll
    c:\program files\explorer\bin\msvcp71.dll
    c:\program files\explorer\bin\msvcr71.dll
    c:\program files\explorer\bin\Navigation.dll
    c:\program files\explorer\bin\NetEngine80.dll
    c:\program files\explorer\bin\Network.dll
    c:\program files\explorer\bin\NetworkAnalystSolvers.dll
    c:\program files\explorer\bin\NetworkDataset.dll
    c:\program files\explorer\bin\OGCClient.dll
    c:\program files\explorer\bin\OutputLib.dll
    c:\program files\explorer\bin\PageLayout.dll
    c:\program files\explorer\bin\pe.dll
    c:\program files\explorer\bin\PlugInDataSource.dll
    c:\program files\explorer\bin\PlugInWorkspaceFactory.dll
    c:\program files\explorer\bin\PrintOut.dll
    c:\program files\explorer\bin\RasterAnalysisUtilLib.dll
    c:\program files\explorer\bin\RasterCatalog.dll
    c:\program files\explorer\bin\RasterCoreLib.dll
    c:\program files\explorer\bin\RasterDB.dll
    c:\program files\explorer\bin\RasterEngine.dll
    c:\program files\explorer\bin\RasterFormats.dat
    c:\program files\explorer\bin\RasterGraphicElements.dll
    c:\program files\explorer\bin\RasterIO.dll
    c:\program files\explorer\bin\RasterLayer.dll
    c:\program files\explorer\bin\RasterRenderer.dll
    c:\program files\explorer\bin\RasterWorkspaceFactory.dll
    c:\program files\explorer\bin\Renderers.dll
    c:\program files\explorer\bin\RepresentationDB.dll
    c:\program files\explorer\bin\RepresentationEffects.dll
    c:\program files\explorer\bin\RepresentationLayer.dll
    c:\program files\explorer\bin\RepresentationLib.dll
    c:\program files\explorer\bin\RepresentationSymbols.dll
    c:\program files\explorer\bin\SceneFilters.dll
    c:\program files\explorer\bin\SceneGraph.dll
    c:\program files\explorer\bin\sdcdbx.dll
    c:\program files\explorer\bin\SDCPlugIn.dll
    c:\program files\explorer\bin\sde.dll
    c:\program files\explorer\bin\SdeFDB.dll
    c:\program files\explorer\bin\SdeRasterDB.dll
    c:\program files\explorer\bin\sdesetup.dll
    c:\program files\explorer\bin\SdeWorkspaceFactory.dll
    c:\program files\explorer\bin\ServerStyleGallery.dll
    c:\program files\explorer\bin\sg.dll
    c:\program files\explorer\bin\ShapefileFDB.dll
    c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll
    c:\program files\explorer\bin\SimpleDataConverter.dll
    c:\program files\explorer\bin\StyleGalleryClasses.dll
    c:\program files\explorer\bin\SystemUIUtil.dll
    c:\program files\explorer\bin\Terrain.dll
    c:\program files\explorer\bin\TerrainLayer.dll
    c:\program files\explorer\bin\TextureCookerService.exe
    c:\program files\explorer\bin\TinDb.dll
    c:\program files\explorer\bin\TinEngine.dll
    c:\program files\explorer\bin\TinLayer.dll
    c:\program files\explorer\bin\TinRenderer.dll
    c:\program files\explorer\bin\TinWorkspaceFactory.dll
    c:\program files\explorer\bin\ViewerCoreLib.dll
    c:\program files\explorer\bin\VpfFDB.dll
    c:\program files\explorer\bin\VpfWorkspaceFactory.dll
    c:\program files\explorer\bin\WebServices.dll
    c:\program files\explorer\bin\WMSLayer.dll
    c:\program files\explorer\bin\xerces-c_2_7.dll
    c:\program files\explorer\bin\XmlSupport.dat
    c:\program files\explorer\bin\XMLSupport.dll
    c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
    c:\program files\explorer\bin\zh-CN\DADFRes.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll
    c:\program files\explorer\bin\zlib1.dll
    c:\program files\explorer\bin\zlibwapi.dll
    c:\program files\explorer\ColorProfiles\esriGray22.icc
    c:\program files\explorer\ColorProfiles\Lab2Lab.icm
    c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
    c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc
    c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm
    c:\program files\explorer\com\com.zreg
    c:\program files\explorer\com\esriE3.olb
    c:\program files\explorer\license\ExplorerEnglishLicense.pdf
    c:\program files\explorer\license\ExplorerFrenchLicense.pdf
    c:\program files\explorer\license\ExplorerGermanLicense.pdf
    c:\program files\explorer\license\ExplorerJapaneseLicense.pdf
    c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf
    c:\program files\explorer\license\ExplorerSpanishLicense.pdf
    c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet
    c:\program files\explorer\PackageTemplates\Package931.template
    c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv
    c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt
    c:\program files\explorer\pedata\gdaldata\ecw_cs.dat
    c:\program files\explorer\pedata\gdaldata\ellipsoid.csv
    c:\program files\explorer\pedata\gdaldata\epsg.wkt
    c:\program files\explorer\pedata\gdaldata\esri_extra.wkt
    c:\program files\explorer\pedata\gdaldata\gcs.csv
    c:\program files\explorer\pedata\gdaldata\gdal_datum.csv
    c:\program files\explorer\pedata\gdaldata\gdalicon.png
    c:\program files\explorer\pedata\gdaldata\pcs.csv
    c:\program files\explorer\pedata\gdaldata\prime_meridian.csv
    c:\program files\explorer\pedata\gdaldata\projop_wparm.csv
    c:\program files\explorer\pedata\gdaldata\s57attributes.csv
    c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv
    c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv
    c:\program files\explorer\pedata\gdaldata\seed_2d.dgn
    c:\program files\explorer\pedata\gdaldata\seed_3d.dgn
    c:\program files\explorer\pedata\gdaldata\stateplane.csv
    c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv
    c:\program files\explorer\plugins\explorerCore.ecfg
    c:\program files\explorer\schemas\ExplorerAddIn.xsd
    c:\program files\explorer\schemas\ExplorerGeometry.xsd
    c:\program files\explorer\schemas\NmfDocument.xsd
    c:\program files\explorer\Styles\default.css
    c:\program files\explorer\Styles\Directions\CheckeredFlag16.png
    c:\program files\explorer\Styles\Directions\GreenFlag16.png
    c:\program files\explorer\Styles\Directions\Print16.png
    c:\program files\explorer\Styles\ExplorerColors.de.xml
    c:\program files\explorer\Styles\ExplorerColors.es.xml
    c:\program files\explorer\Styles\ExplorerColors.fr.xml
    c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml
    c:\program files\explorer\Styles\ExplorerColors.xml
    c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml
    c:\program files\explorer\Styles\ExplorerSymbols.de.xml
    c:\program files\explorer\Styles\ExplorerSymbols.es.xml
    c:\program files\explorer\Styles\ExplorerSymbols.fr.xml
    c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml
    c:\program files\explorer\Styles\ExplorerSymbols.xml
    c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml
    c:\program files\explorer\Styles\kml.css
    c:\program files\explorer\Styles\KMLIcons\american-flag.png
    c:\program files\explorer\Styles\KMLIcons\arrow.png
    c:\program files\explorer\Styles\KMLIcons\asian-flag.png
    c:\program files\explorer\Styles\KMLIcons\auto-service.png
    c:\program files\explorer\Styles\KMLIcons\auto.png
    c:\program files\explorer\Styles\KMLIcons\bang.png
    c:\program files\explorer\Styles\KMLIcons\bars.png
    c:\program files\explorer\Styles\KMLIcons\building.png
    c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png
    c:\program files\explorer\Styles\KMLIcons\crosshair.png
    c:\program files\explorer\Styles\KMLIcons\dining.png
    c:\program files\explorer\Styles\KMLIcons\dining_16.png
    c:\program files\explorer\Styles\KMLIcons\dot.png
    c:\program files\explorer\Styles\KMLIcons\fast-food.png
    c:\program files\explorer\Styles\KMLIcons\four-dollars.png
    c:\program files\explorer\Styles\KMLIcons\french-flag.png
    c:\program files\explorer\Styles\KMLIcons\hand.png
    c:\program files\explorer\Styles\KMLIcons\high_res_places.png
    c:\program files\explorer\Styles\KMLIcons\highway_16.png
    c:\program files\explorer\Styles\KMLIcons\italian-flag.png
    c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png
    c:\program files\explorer\Styles\KMLIcons\mexican-flag.png
    c:\program files\explorer\Styles\KMLIcons\misc_dining.png
    c:\program files\explorer\Styles\KMLIcons\note.png
    c:\program files\explorer\Styles\KMLIcons\one-dollar.png
    c:\program files\explorer\Styles\KMLIcons\palette-2.png
    c:\program files\explorer\Styles\KMLIcons\palette-3.png
    c:\program files\explorer\Styles\KMLIcons\palette-4.png
    c:\program files\explorer\Styles\KMLIcons\palette-5.png
    c:\program files\explorer\Styles\KMLIcons\parks.png
    c:\program files\explorer\Styles\KMLIcons\recreation.png
    c:\program files\explorer\Styles\KMLIcons\school_16.png
    c:\program files\explorer\Styles\KMLIcons\search.png
    c:\program files\explorer\Styles\KMLIcons\streamed_layer.png
    c:\program files\explorer\Styles\KMLIcons\streamed_layers.png
    c:\program files\explorer\Styles\KMLIcons\terrain_16.png
    c:\program files\explorer\Styles\KMLIcons\three-dollars.png
    c:\program files\explorer\Styles\KMLIcons\transportation.png
    c:\program files\explorer\Styles\KMLIcons\two-dollars.png
    c:\program files\explorer\Styles\KMLIcons\webcam_16.png
    c:\program files\explorer\Styles\SlideTitleStyles.de.xml
    c:\program files\explorer\Styles\SlideTitleStyles.es.xml
    c:\program files\explorer\Styles\SlideTitleStyles.fr.xml
    c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml
    c:\program files\explorer\Styles\SlideTitleStyles.xml
    c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml
    c:\program files\explorer\Styles\StyleSheet.xsl
    c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png
    c:\program files\explorer\Styles\SymbolImages\Civic\City.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png
    c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png
    c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Office.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png
    c:\program files\explorer\Styles\SymbolImages\Civic\School.png
    c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png
    c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png
    c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png
    c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png
    c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png
    c:\program files\explorer\Styles\SymbolImages\Health\Health.png
    c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png
    c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png
    c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
    c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png
    c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png
    c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
    c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
    c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
    c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png
    c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png
    c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png
    c:\program files\explorer\Styles\Template.ncfg
    c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
    c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml
    c:\program files\explorer\TilingSchemes\Yahoo.xml
    c:\users\Michelle\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    .
    .
  16. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    ((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-09 20:16 . 2012-10-09 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-09 20:16 . 2012-10-09 20:16 -------- d-----w- c:\users\Michelle Patdu\AppData\Local\temp
    2012-10-09 20:16 . 2012-10-09 20:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-10-09 18:07 . 2012-10-09 18:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-09 15:59 . 2012-10-09 18:06 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-10-09 15:59 . 2012-10-09 18:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-09 05:23 . 2012-10-09 05:24 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-09 02:18 . 2012-10-09 02:18 -------- d-----w- c:\program files\FileHippo.com
    2012-10-09 02:12 . 2012-10-09 02:12 -------- d-----w- c:\users\Michelle\AppData\Local\Macromedia
    2012-10-09 02:11 . 2012-10-09 02:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-08 23:46 . 2012-10-08 23:46 -------- d-----w- c:\program files\Belarc
    2012-10-08 23:41 . 2012-10-08 23:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-10-08 23:41 . 2012-10-08 23:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-10-08 23:27 . 2012-10-08 23:27 -------- d-----w- c:\users\Michelle\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-08 23:25 . 2012-10-08 23:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-08 23:22 . 2012-10-08 23:23 -------- d-----w- c:\program files\SpywareBlaster
    2012-10-08 23:18 . 2012-10-08 23:18 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
    2012-10-08 23:18 . 2012-10-08 23:18 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-08 23:18 . 2012-10-08 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-08 23:18 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-08 22:48 . 2012-10-09 18:56 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-10-08 22:12 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-08 22:12 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-08 22:12 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-08 22:12 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-08 22:11 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-08 22:11 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-08 22:05 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-08 22:05 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-08 22:03 . 2012-10-08 22:03 -------- d-----w- c:\programdata\AVAST Software
    2012-10-08 22:03 . 2012-10-08 22:03 -------- d-----w- c:\program files\AVAST Software
    2012-10-08 21:19 . 2010-01-06 09:20 528896 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2012-10-06 08:35 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90EF20C5-3D45-4373-8BBF-A291C4F29302}\mpengine.dll
    2012-10-01 03:01 . 2012-10-01 03:01 -------- d-----w- c:\program files\Apple Software Update
    2012-10-01 02:52 . 2012-10-01 02:52 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 02:42 . 2011-07-25 07:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 17:51 . 2012-10-09 17:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-08-25 361472]
    .
    [HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
    2011-08-25 06:23 1572864 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-08-25 1572864]
    .
    [HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
    [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
    [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-08-25 1572864]
    .
    [HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
    [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
    [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-02-28 4915200]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
    "VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
    "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-02-19 24576]
    "SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-04-17 73728]
    "VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
    "VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
    "VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "Skytel"="Skytel.exe" [2008-02-28 1826816]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-02-21 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 02:42]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 21:22]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 21:22]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356219450-332791921-1512930104-1001Core.job
    - c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 08:52]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356219450-332791921-1512930104-1001UA.job
    - c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 08:52]
    .
    2012-10-09 c:\windows\Tasks\User_Feed_Synchronization-{FD1D9880-0DB3-4D5B-A0F3-AE3B430BB88E}.job
    - c:\windows\system32\msfeedssync.exe [2012-03-01 17:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.kirotv.com/
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
    FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\vwbksqgs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKCU-Run-Facebook Update - c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe
    HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
    AddRemove-MP3 Rocket - c:\users\Michelle\Documents\Music\MP3 Rocket\Uninstall.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5340)
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Sony\VAIO Power Management\SPMgr.exe
    c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-09 13:30:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-09 20:30
    .
    Pre-Run: 740,614,144 bytes free
    Post-Run: 4,614,266,880 bytes free
    .
    - - End Of File - - BCEB9E9D153C3D70B8BE0384D74B5C32
  17. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    It's always good idea to read my instructions CAREFULLY.
    I'll review your log now.
  18. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Combofix log looks good.

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    As soon as it reboots, I'll run the OTL,other than that, it seems to be doing better.:)
  20. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    OTL logfile created on: 10/9/2012 2:17:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michelle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.23% Memory free
    4.21 Gb Paging File | 2.83 Gb Available in Paging File | 67.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 104.02 Gb Total Space | 2.99 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
    Drive E: | 7.39 Gb Total Space | 2.48 Gb Free Space | 33.59% Space Free | Partition Type: FAT32

    Computer Name: PATDU-PC | User Name: Michelle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/09 14:16:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/04/17 19:18:12 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    PRC - [2008/04/17 19:18:10 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    PRC - [2008/04/17 19:18:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    PRC - [2008/04/17 19:18:04 | 000,065,536 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    PRC - [2008/04/02 11:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2008/04/02 11:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2008/04/02 11:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2008/03/07 11:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2008/02/21 10:26:20 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2008/02/21 10:26:20 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/01/22 18:16:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    PRC - [2008/01/20 19:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/11/21 12:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2007/11/12 20:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    PRC - [2007/10/30 11:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2007/10/30 11:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/18 03:42:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/18 03:40:17 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/18 03:40:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/14 13:17:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/14 13:17:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
    MOD - [2012/05/14 13:16:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/14 13:14:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/14 13:14:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2012/04/23 04:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/22 04:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/01/03 03:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/07/28 17:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
    MOD - [2010/07/28 17:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
    MOD - [2010/06/23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
    MOD - [2010/06/23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
    MOD - [2010/06/23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
    MOD - [2010/06/23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
    MOD - [2010/06/23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    MOD - [2009/03/29 21:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2009/03/29 21:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2008/04/18 14:48:28 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
    MOD - [2008/04/17 20:51:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
    MOD - [2008/04/17 19:18:12 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    MOD - [2008/04/17 19:18:10 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    MOD - [2008/04/17 19:18:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    MOD - [2008/04/17 19:18:08 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
    MOD - [2008/04/17 19:18:06 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
    MOD - [2008/04/17 19:10:12 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
    MOD - [2008/04/17 19:10:10 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
    MOD - [2008/04/17 19:10:08 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
    MOD - [2008/04/17 19:10:06 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
    MOD - [2008/04/17 19:10:06 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
    MOD - [2008/04/17 17:10:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
    MOD - [2008/04/17 17:10:42 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
    MOD - [2008/04/17 01:00:02 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
    MOD - [2008/04/17 00:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
    MOD - [2008/04/17 00:59:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
    MOD - [2008/04/17 00:59:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
    MOD - [2008/02/21 10:26:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
    MOD - [2008/02/04 17:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2007/10/30 10:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/10/30 10:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/10/09 10:51:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/08 19:42:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2008/04/02 11:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2008/04/02 11:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2008/04/02 11:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2008/04/02 11:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2008/03/04 20:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
    SRV - [2008/03/04 20:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
    SRV - [2008/03/04 20:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
    SRV - [2008/03/03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2008/03/03 13:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2008/02/21 10:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/20 19:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 19:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/11/28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2007/11/28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2007/11/28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2007/11/12 20:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/08/21 02:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/08/21 02:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/08/21 02:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/08/21 02:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/08/21 02:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/08/21 02:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/01/06 02:20:00 | 000,528,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2008/02/12 17:01:28 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2008/02/12 17:01:28 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2008/02/06 17:03:27 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/02/06 17:03:06 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/01/30 17:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2007/12/16 18:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/12/13 17:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2007/11/15 17:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/09/18 20:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007/05/26 01:03:06 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://rover.ebay.com/rover/1/711- [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kirotv.com/
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{759BFA00-CF1A-4447-AFFC-810C4E977698}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...504e0c71b3737&lang=us&ds=AVG&pr=&d=2012-02-21 08:30:51&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\SearchScopes\{EBD976F7-EF71-4753-A835-0CB6237756D4}: "URL" = http://slirsredirect.search.aol.com...nvocationType=tb50sonyie7&query={searchTerms}
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.kirotv.com/"
    FF - prefs.js..extensions.enabledAddons: omnibar@ajitk.com:0.7.14.20120803
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
    FF - prefs.js..extensions.enabledAddons: john@velvetcache.org:1.3.7
    FF - prefs.js..extensions.enabledAddons: donottrackplus@abine.com:2.2.1.829
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: textlinks@arcadeweb.com:1.0.0
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Michelle\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michelle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/06 07:14:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/08 15:05:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/09 10:51:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/09 10:51:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Michelle\AppData\Roaming\Move Networks [2009/11/12 17:25:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/09 10:51:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/09 10:51:15 | 000,000,000 | ---D | M]

    [2010/07/09 15:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\Extensions
    [2012/10/09 11:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\Firefox\Profiles\vwbksqgs.default\extensions
    [2012/10/09 11:14:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Michelle\AppData\Roaming\mozilla\Firefox\Profiles\vwbksqgs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/10/09 11:16:22 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Michelle\AppData\Roaming\mozilla\Firefox\Profiles\vwbksqgs.default\extensions\donottrackplus@abine.com
    [2012/10/09 11:17:09 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\firefox\profiles\vwbksqgs.default\extensions\john@velvetcache.org.xpi
    [2012/10/08 16:13:47 | 000,066,269 | ---- | M] () (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\firefox\profiles\vwbksqgs.default\extensions\omnibar@ajitk.com.xpi
    [2012/10/08 15:53:33 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\firefox\profiles\vwbksqgs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/10/08 16:08:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\firefox\profiles\vwbksqgs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/08/29 13:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Michelle\AppData\Roaming\mozilla\firefox\profiles\vwbksqgs.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
    [2012/10/09 10:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/09 10:51:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/10/09 10:51:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/08 15:05:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/10/09 10:51:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/25 15:58:30 | 000,003,765 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/10/08 22:19:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/09 10:51:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========
  21. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - Extension: ArcadeWeb = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
    CHR - Extension: avast! WebRep = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Skype Click to Call = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

    O1 HOSTS File: ([2012/10/09 13:21:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
    O3 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
    O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
    O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
    O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
    O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.40.74.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70654C8C-B4A7-4F27-A51E-A8534FA42658}: DhcpNameServer = 192.168.1.1 74.40.74.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B6666C3-B9D8-4BB9-8F82-6AB42C740BEC}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D05CB988-618B-4977-B383-7742239BFB58}: DhcpNameServer = 192.168.1.1 74.40.74.40
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/09 14:16:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    [2012/10/09 13:21:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/09 13:16:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/09 13:00:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/09 13:00:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/09 13:00:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/09 12:59:53 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/09 12:59:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/09 12:59:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/09 12:56:45 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2012/10/09 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\(Patdu-PC)_files
    [2012/10/09 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/10/09 09:21:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michelle\Desktop\aswMBR.exe
    [2012/10/09 09:15:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\RK_Quarantine
    [2012/10/09 09:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/10/09 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\tdsskiller
    [2012/10/09 07:57:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\dds.com
    [2012/10/08 22:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/10/08 22:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/10/08 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/10/08 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
    [2012/10/08 19:12:02 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\Macromedia
    [2012/10/08 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\Desktop
    [2012/10/08 16:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
    [2012/10/08 16:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/10/08 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/08 16:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/10/08 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\SUPERAntiSpyware.com
    [2012/10/08 16:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/10/08 16:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2012/10/08 16:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2012/10/08 16:18:56 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\Malwarebytes
    [2012/10/08 16:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/08 16:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/08 16:18:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/10/08 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/08 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/10/08 15:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/10/08 15:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/08 15:12:15 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/10/08 15:12:13 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/10/08 15:12:02 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/10/08 15:12:01 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/10/08 15:11:59 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/10/08 15:11:43 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/10/08 15:05:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/08 15:05:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/10/08 15:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/10/08 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/10/06 18:18:54 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Documents\My Scans
    [2012/10/05 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Documents\A Joyful Heart AFH
    [2012/09/30 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/09/30 19:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2 C:\Users\Michelle\Desktop\*.tmp files -> C:\Users\Michelle\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/09 14:20:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD1D9880-0DB3-4D5B-A0F3-AE3B430BB88E}.job
    [2012/10/09 14:16:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
    [2012/10/09 14:13:00 | 000,643,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/09 14:13:00 | 000,119,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/09 14:12:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/09 14:04:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/09 14:04:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/09 14:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/09 14:04:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/09 14:03:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/10/09 13:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/09 13:31:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356219450-332791921-1512930104-1001UA.job
    [2012/10/09 13:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/09 13:21:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/09 12:56:57 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2012/10/09 11:50:57 | 000,292,961 | ---- | M] () -- C:\Users\Michelle\Desktop\(Patdu-PC).html
    [2012/10/09 09:21:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michelle\Desktop\aswMBR.exe
    [2012/10/09 09:15:06 | 001,422,336 | ---- | M] () -- C:\Users\Michelle\Desktop\RogueKiller.exe
    [2012/10/09 08:54:50 | 002,193,278 | ---- | M] () -- C:\Users\Michelle\Desktop\tdsskiller.zip
    [2012/10/09 07:57:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michelle\Desktop\dds.com
    [2012/10/09 07:47:40 | 000,302,592 | ---- | M] () -- C:\Users\Michelle\Desktop\ml5dl70v.exe
    [2012/10/09 00:32:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356219450-332791921-1512930104-1001Core.job
    [2012/10/08 22:23:53 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/10/08 19:18:03 | 000,001,759 | ---- | M] () -- C:\Users\Michelle\Desktop\Update Checker.lnk
    [2012/10/08 16:46:22 | 000,001,874 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2012/10/08 16:46:22 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
    [2012/10/08 16:41:43 | 000,001,084 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/08 16:41:43 | 000,001,060 | ---- | M] () -- C:\Users\Michelle\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/08 16:22:20 | 000,000,881 | ---- | M] () -- C:\Users\Michelle\Desktop\SpywareBlaster.lnk
    [2012/10/08 16:19:54 | 000,000,935 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/10/08 16:19:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/08 15:41:53 | 000,001,753 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/10/08 15:41:53 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/08 15:12:17 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/08 15:11:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2 C:\Users\Michelle\Desktop\*.tmp files -> C:\Users\Michelle\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/09 13:18:49 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/10/09 13:00:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/09 13:00:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/09 13:00:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/09 13:00:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/09 13:00:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/09 11:50:56 | 000,292,961 | ---- | C] () -- C:\Users\Michelle\Desktop\(Patdu-PC).html
    [2012/10/09 09:15:05 | 001,422,336 | ---- | C] () -- C:\Users\Michelle\Desktop\RogueKiller.exe
    [2012/10/09 08:54:47 | 002,193,278 | ---- | C] () -- C:\Users\Michelle\Desktop\tdsskiller.zip
    [2012/10/09 07:47:38 | 000,302,592 | ---- | C] () -- C:\Users\Michelle\Desktop\ml5dl70v.exe
    [2012/10/08 22:23:53 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/10/08 19:58:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/10/08 19:18:03 | 000,001,789 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    [2012/10/08 19:18:03 | 000,001,759 | ---- | C] () -- C:\Users\Michelle\Desktop\Update Checker.lnk
    [2012/10/08 19:11:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/08 16:46:22 | 000,001,874 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2012/10/08 16:46:22 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
    [2012/10/08 16:46:21 | 000,001,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    [2012/10/08 16:41:43 | 000,001,084 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/08 16:41:43 | 000,001,060 | ---- | C] () -- C:\Users\Michelle\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/08 16:22:20 | 000,000,881 | ---- | C] () -- C:\Users\Michelle\Desktop\SpywareBlaster.lnk
    [2012/10/08 16:19:54 | 000,000,935 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/10/08 16:18:42 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/08 15:48:19 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/10/08 15:41:53 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/08 15:12:17 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/30 20:01:45 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2010/07/24 23:28:31 | 000,009,798 | -HS- | C] () -- C:\Users\Michelle\Folder.jpg
    [2010/07/24 23:28:31 | 000,002,137 | -HS- | C] () -- C:\Users\Michelle\AlbumArtSmall.jpg
    [2010/04/18 14:26:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/11/07 21:48:14 | 000,000,632 | RHS- | C] () -- C:\Users\Michelle\ntuser.pol
    [2009/07/23 12:06:46 | 000,000,680 | ---- | C] () -- C:\Users\Michelle\AppData\Local\d3d9caps.dat
    [2008/11/12 20:59:56 | 000,537,828 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\UserTile.png
    [2008/08/11 23:26:14 | 000,196,096 | ---- | C] () -- C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/01/16 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\esri
    [2008/11/18 01:32:46 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\GetRightToGo
    [2008/11/28 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\InterVideo
    [2011/08/29 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Leadertech
    [2010/06/19 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\mjusbsp
    [2010/09/13 09:55:22 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\mp3rocket
    [2011/11/30 23:09:36 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Registry Mechanic
    [2009/12/10 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\TaxCut

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Extras?
  23. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    Yep, almost forgot;
    OTL Extras logfile created on: 10/9/2012 2:17:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michelle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.23% Memory free
    4.21 Gb Paging File | 2.83 Gb Available in Paging File | 67.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 104.02 Gb Total Space | 2.99 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
    Drive E: | 7.39 Gb Total Space | 2.48 Gb Free Space | 33.59% Space Free | Partition Type: FAT32

    Computer Name: PATDU-PC | User Name: Michelle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{15E83FE7-334C-49FD-8D33-C0F6A45B1A86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{2223A4D2-CE3A-480D-80E9-530D9DC020EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{2CF5A8D2-F873-429B-91C6-D587F192C263}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{34033DAA-0E01-49C8-AE67-5431DC12E7C7}" = lport=137 | protocol=17 | dir=in | app=system |
    "{36643AEA-46C7-4E1B-980B-E29085154B0B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{37AD0B01-CDCC-4E00-A057-D6F0AB2FDA4B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{39B7DA3B-AFE2-42D2-8237-45F21A117482}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3C5E2F25-EB07-4CD4-AF15-66CACB9A59D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4CACE37C-8CAF-4F43-A18A-30FD3FDC7F8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{50E25F0C-BC9C-4E1C-8917-3F8FF99F3E03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5A3F616D-E6CC-4875-B416-B44152C38C4C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6181F0F5-EDBB-41CE-8D9A-28FD42694F50}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{671B75E9-054F-4D98-9B4B-A92B3C4EC820}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{6B44C525-35EB-4659-B661-3BF8EF51989B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{767FB1AC-6F75-4D77-A60C-FF6B18073A01}" = lport=139 | protocol=6 | dir=in | app=system |
    "{85CDABE5-E9A4-4197-A4D8-6D0584E51500}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{879BF584-6E89-4222-AFAA-1475A1EA473E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{90A15835-857B-45E4-BD18-780AC66197FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{92983D7D-8B73-4DD8-A1B6-ACC51233B051}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D0D65C83-43E4-48D5-AE3D-96D9E016CE8D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D6D24102-6FAE-4233-BD3B-997B56C806B9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D70AEC10-3F9B-47D2-AF8E-1CAF79D8CD5D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D93BD736-955E-42D2-BD7B-8074EDC1375F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D98E7DD7-45F1-4A83-93A9-483DEFED6A7B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E962DC25-932D-467E-A216-5F3B0A67A6CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F04FF471-6620-4D7F-9036-929083E79841}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F60B2F76-E8B8-4C8D-BF7E-0581A9B7BE17}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{009FE825-E348-4960-AEE4-7E879578D648}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{091D5CBE-3D1E-415A-BF65-E859EB2D1450}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{0920CDFC-FE86-4F2F-A399-086116C91A72}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{282627DA-E379-4FCE-90EF-4062B98053A6}" = dir=in | app=c:\users\michelle\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{28754E0B-55EF-43D9-A023-9E2049BF8A05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{2EFA33AA-7CF2-441A-AC33-3D7DB9EF3443}" = protocol=17 | dir=in | app=c:\program files\aol\rc\regclient.exe |
    "{2F719E76-D59B-43E9-97F4-6B7583F1D5A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{39AC934D-88ED-4A83-9F2B-13ED4E2AD334}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{49995A0D-47C5-4B00-89A1-E35C43E40F7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{541CA964-09D2-47EF-A455-511E87E195A8}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{578D73CB-1068-475F-B934-CA7C37E613DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5C95B508-2A25-46A1-9674-7C2F80A71643}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{63FD5CA1-558F-40E7-8D5D-6721793D5BC9}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{81164251-56E5-4161-964C-65A5EF1F207B}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{813C3379-EA71-462F-B320-B9592FBA599E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{86F9EB8B-F594-4B26-AC32-4B8AECC15EB5}" = protocol=6 | dir=in | app=c:\program files\aol\rc\regclient.exe |
    "{8E5A0ECB-E7FB-4939-88AB-E646B77317B2}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
    "{A5A5D75C-0023-4A59-82EA-FE818D2C2631}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A78A21E6-55A0-4F91-AC7B-1F1D823A9DA3}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{AB1A7219-35B8-4C6A-B813-D16DE980B75B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{BD69329D-ECFE-4647-807B-7809E0B46D34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D25D56CC-6D1B-49C2-98EB-83BB919D788C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D75FD37D-9E4D-44A7-81CC-11C32204BE8A}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
    "{EE0E75C7-9D1B-4C39-A663-CDD0FD6BAC83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FCE91588-BB9B-4F4F-92C6-90EB377A769E}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{FF579334-EECD-496B-BE4B-1ED7C4CA57EF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{324CCD5C-2D4A-4A35-9862-6FF9159B23FE}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
    "TCP Query User{32A8C679-F4F3-4E7D-88D3-BCF52D8B00B7}C:\users\michelle\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\michelle\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{39B07FB3-BD0E-4A3A-8FF2-967DD1C22B01}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{72987094-077A-45C3-89F5-59CC0FFAFE1B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{AE3FC9EA-26B0-4E02-B746-3290E515244C}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
    "UDP Query User{720ACC51-6238-4912-9C2E-3F7E5CC29D25}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
    "UDP Query User{B86B622E-8BB9-47EB-B99D-2B03E1904A66}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
    "UDP Query User{C1524A1D-1062-42FA-8FF5-519D436F581F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{CC6DD9F7-86AA-41BC-BE71-8781C4AACC36}C:\users\michelle\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\michelle\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{D1840333-6EC3-4775-A33B-F3D96251CFE2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
    "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
    "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
    "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-I Visual Effects
    "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
    "{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
    "{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
    "{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
    "{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
    "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
    "{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
    "{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E8D7B35C-93B1-317E-9403-2BBBA2154ABF}" = Google Talk Plugin
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
    "{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "ArcGIS Explorer" = ArcGIS Explorer
    "avast" = avast! Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.2
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "DivX Setup" = DivX Setup
    "Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
    "FileHippo.com" = FileHippo.com Update Checker
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
    "Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
    "Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "OM Explorer for KRM for Excel 2007" = OM Explorer for KRM for Excel 2007
    "Personal Printing Guide" = Canon Personal Printing Guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PROR" = Microsoft Office Professional 2007
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Shop for HP Supplies" = Shop for HP Supplies
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 1.0.5
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3356219450-332791921-1512930104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2012 2:56:42 PM | Computer Name = Patdu-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/9/2012 2:56:42 PM | Computer Name = Patdu-PC | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 10/9/2012 3:37:03 PM | Computer Name = Patdu-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 10/9/2012 3:37:47 PM | Computer Name = Patdu-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/9/2012 3:41:46 PM | Computer Name = Patdu-PC | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 10/9/2012 3:41:47 PM | Computer Name = Patdu-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/9/2012 3:49:56 PM | Computer Name = Patdu-PC | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerPlugin_11_4_402_287.exe, version 11.4.402.287,
    time stamp 0x5066dda3, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time
    stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x6afb4618, process id
    0x1574, application start time 0x01cda65740c99180.

    Error - 10/9/2012 4:19:40 PM | Computer Name = Patdu-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/9/2012 4:19:40 PM | Computer Name = Patdu-PC | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 10/9/2012 5:05:20 PM | Computer Name = Patdu-PC | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 10/9/2012 5:05:23 PM | Computer Name = Patdu-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/26/2009 1:26:00 PM | Computer Name = Patdu-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 5:21:07 PM | Computer Name = Patdu-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/14/2009 7:46:03 PM | Computer Name = Patdu-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 4/27/2010 3:20:52 AM | Computer Name = Patdu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43691
    seconds with 6660 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/9/2012 5:12:27 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:31 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:35 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:39 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:44 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:48 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:52 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:12:56 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:13:04 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/9/2012 5:13:08 PM | Computer Name = Patdu-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      [2011/11/30 23:09:36 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Registry Mechanic
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,189   +230

    All processes killed
    ========== OTL ==========
    Error: No service named SBSDWSCService was found to stop!
    Service\Driver key SBSDWSCService not found.
    File C:\Program Files\Spybot not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    File C:\Windows\assembly\Desktop.ini not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    Folder C:\Users\Michelle\AppData\Roaming\Registry Mechanic\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Michelle
    ->Temp folder emptied: 31832 bytes
    ->Temporary Internet Files folder emptied: 25821978 bytes
    ->Java cache emptied: 8655150 bytes
    ->FireFox cache emptied: 56414186 bytes
    ->Google Chrome cache emptied: 6283429 bytes
    ->Apple Safari cache emptied: 17138688 bytes
    ->Flash cache emptied: 5965062 bytes

    User: Michelle Patdu
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 328373 bytes
    ->Flash cache emptied: 405 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19598 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 115.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Michelle
    ->Java cache emptied: 0 bytes

    User: Michelle Patdu

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Michelle
    ->Flash cache emptied: 0 bytes

    User: Michelle Patdu
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10092012_151020

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.