TechSpot

Sirefef.AI and Sirefef.AE warnings keep popping and ESET cannot delete Patched.B.Gen Trojan

By quixx
Jun 26, 2012
  1. I have exactly the same problem as mentioned on http://www.techspot.com/community/topics/sirefef-ai-and-ae-and-patched-b-gen-trojans.182121/, I don't know whether it was a coincidence but infection happened during installation or download of an adobe flash player update. When Eset began to popup virus alerts I cancelled the adobe update process , cause I thought the update might be a fraud.

    Now , Sirefef.AI and Sirefef.AE keep popping up with ESET Nod; Patched.B.Gen Trojan keeps being alerted to me by ESET and it fails to delete the trojan. ESET spots C:\Windows\System32\services.exe as threatening object for patched.b.gen.

    I am running a Windows 7 64bit , .. Since on the forum page mentioned above (http://www.techspot.com/community/topics/sirefef-ai-and-ae-and-patched-b-gen-trojans.182121/ ) there was a warning as "This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system" I hesitate to clear it myself and requesting help. The removal process on that case was pretty long and sophisticated, I was wondering whether a shortcut is available. Thanks in advance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. quixx

    quixx TS Rookie Topic Starter Posts: 24

    I downloaded FRST64.exe and saved to usb flash stick. started , got into system recovery. etc. but ı could not launch frst64.exe
    In the command prompt the directory was already set as X:\Windows\system32 .. I opened notepad and checked the drive letter .. it was H: . I typed h:\frst64.exe ... which led to an error as : h is not recognized as an internal or external command.


     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Try:
    h:\frst
     
  5. quixx

    quixx TS Rookie Topic Starter Posts: 24

    got the same response
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    At X:\Windows\system32 prompt type:
    h:
    Press Enter.
    Does the command prompt change to:
    h:\
     
  7. quixx

    quixx TS Rookie Topic Starter Posts: 24

    Same error returned . ..
    I also tried to change directory to other drives (C or D) but it does not work. it is stuck to virtual drive X (rescue boot drive ) .
     
  8. quixx

    quixx TS Rookie Topic Starter Posts: 24

    Command prompt was stuck to X: driver, may be it was some special settings by VAIO or I don't know. Than, I took risk and tried something different without asking you:
    -Using the notepad's file browser I copied FRST64.exe to X: driver root.
    -typed "cd.." ENTER and did this 2 times untill X:\Windows\system32> was set to X: root.
    - Typed FRST64 as X:\>FRST64 then BINGO here is the log below.

    Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 28-06-2012 23:37:25
    Running from X:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-11-02] (NVIDIA Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-07] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-11-02] (Synaptics Incorporated)
    HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [84744 2009-07-20] (UPEK Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-01-19] (Sun Microsystems, Inc.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2716216 2009-11-16] (ESET)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-05-01] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2010-05-01] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2010-05-01] (Intel Corporation)
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation)
    HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2010-01-19] (Sony Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
    HKLM-x32\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe [x]
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2010-01-13] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2327552 2009-04-20] (Vodafone)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-11-23] (COMODO)
    HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-11-23] (COMODO)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\SONY\...\Run: [ABBYY Screenshot Reader Bonus] [x]
    HKU\SONY\...\Run: [im4igtyxv3] C:\Users\SONY\im4igtyxv3.exe [x]
    HKU\yasemin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-19] (Google Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs: C:\Windows\system32\guard64.dll
    Tcpip\..\Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}: [NameServer]216.52.1.33,24.143.246.29
    Lsa: [Notification Packages] scecli
    C:\Program Files\Protector Suite\psqlpwd.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PDFCreator.lnk
    ShortcutTarget: PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge http://www.pdfforge.org/)

    ==================== Services (Whitelisted) ======

    2 ABBYY.Licensing.PDFTransformer.Classic.3.0; "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-11-16] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [735960 2009-11-16] (ESET)
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [44384 2010-12-10] (Microsoft Corporation)
    2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4948992 2009-07-17] (Native Instruments GmbH)
    2 QDLService2kSony; "C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe" [330488 2009-12-03] (QUALCOMM, Inc.)
    3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-08-31] (Sonic Solutions)
    2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-08-31] (Sonic Solutions)
    2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2314240 2009-10-01] (Intel Corporation)
    2 VAIO Event Service; "C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe" [205168 2010-05-28] (Sony Corporation)
    3 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [571248 2009-11-30] (Sony Corporation)
    3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [44736 2011-02-14] (Sony Corporation)
    2 VMCService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-04-20] (Vodafone)
    2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [845312 2010-08-11] (Sony Corporation)
    3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1256040 2012-01-13] (Sony Corporation)

    ========================== Drivers (Whitelisted) =============

    3 bbcap; C:\Windows\System32\Drivers\bbcap.sys [4608 2010-08-10] (Windows (R) Codename Longhorn DDK provider)
    1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)
    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
    2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-11-16] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-11-16] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [123200 2009-12-18] (ESET)
    3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2011-08-17] (Eugene V. Muzychenko)
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-04-09] (Huawei Technologies Co., Ltd.)
    3 MAFW; C:\Windows\System32\Drivers\MAFW.sys [231944 2009-07-29] (Avid Technology, Inc.)
    3 qcfilterSny2k; C:\Windows\System32\Drivers\qcfilterSny2k.sys [6400 2009-12-03] (QUALCOMM Incorporated)
    3 qcusbnetsny2k; C:\Windows\System32\Drivers\qcusbnetsny2k.sys [240640 2009-12-03] (QUALCOMM Incorporated)
    3 qcusbsersny2k; C:\Windows\System32\Drivers\qcusbsersny2k.sys [121216 2009-12-03] (QUALCOMM Incorporated)
    2 rimspci; C:\Windows\system32\drivers\rimssne64.sys [93696 2009-10-29] (REDC)
    2 risdsnpe; C:\Windows\system32\drivers\risdsne64.sys [76800 2009-10-29] (REDC)
    0 shpf; C:\Windows\System32\Drivers\shpf.sys [25120 2009-05-28] (Sony Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-22] (Duplex Secure Ltd.)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Nokia)
    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-28 23:37 - 2012-06-28 23:37 - 00000000 ____D C:\FRST
    2012-06-27 10:13 - 2012-06-27 10:13 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-27 10:13 - 2012-05-04 16:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-26 21:51 - 2012-06-26 21:51 - 00000000 ____D C:\Users\SONY\AppData\Local\COMODO
    2012-06-26 21:38 - 2012-06-26 21:39 - 00270024 ____A C:\Windows\Minidump\062712-23368-01.dmp
    2012-06-26 19:17 - 2012-06-27 10:18 - 00000000 ____D C:\Users\All Users\CPA_VA
    2012-06-26 19:16 - 2012-06-26 19:16 - 00000000 ___HD C:\VritualRoot
    2012-06-26 19:16 - 2012-06-26 19:16 - 00000000 ____D C:\Users\Public\Documents\COMODO
    2012-06-26 19:13 - 2012-06-28 20:32 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
    2012-06-26 19:13 - 2012-06-26 21:51 - 00000000 ____D C:\Users\All Users\Comodo
    2012-06-26 19:13 - 2012-06-26 19:13 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
    2012-06-26 19:13 - 2012-06-26 19:13 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    2012-06-26 19:13 - 2012-06-26 19:13 - 00000000 ____D C:\Program Files\COMODO
    2012-06-25 01:11 - 2012-06-25 01:50 - 00000000 ____D C:\sh4ldr
    2012-06-25 01:11 - 2012-06-25 01:11 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-25 01:10 - 2012-06-25 01:50 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-24 09:39 - 2012-06-24 09:40 - 05645445 ____A C:\Users\SONY\Downloads\Norah Jones - Crazy.mp3
    2012-06-23 14:01 - 2012-06-23 15:48 - 00106810 ____A C:\Users\SONY\Desktop\killer brass_5.rns
    2012-06-23 13:45 - 2012-06-23 13:54 - 00106804 ____A C:\Users\SONY\Desktop\killer brass_4.rns
    2012-06-23 13:32 - 2012-06-23 13:40 - 00106802 ____A C:\Users\SONY\Desktop\killer brass_3.rns
    2012-06-23 11:31 - 2012-06-23 11:31 - 00106796 ____A C:\Users\SONY\Desktop\killer brass_2.rns
    2012-06-23 11:18 - 2012-06-23 11:27 - 00106796 ____A C:\Users\SONY\Desktop\killer brass_1.rns
    2012-06-22 13:32 - 2012-06-02 22:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-22 13:32 - 2012-06-02 22:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-22 13:32 - 2012-06-02 22:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-22 13:32 - 2012-06-02 22:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-22 13:32 - 2012-06-02 22:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-22 13:32 - 2012-06-02 22:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-22 13:32 - 2012-06-02 22:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-22 13:32 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-22 13:32 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-15 22:00 - 2012-06-15 22:00 - 00000000 ____D C:\Users\SONY\AppData\Local\Macromedia
    2012-06-13 19:45 - 2012-05-18 01:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 19:45 - 2012-05-18 01:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 19:45 - 2012-05-18 01:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 19:45 - 2012-05-18 01:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 19:45 - 2012-05-18 01:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 19:45 - 2012-05-18 01:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 19:45 - 2012-05-18 01:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 19:45 - 2012-05-18 01:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 19:45 - 2012-05-17 22:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 19:45 - 2012-05-17 22:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 19:45 - 2012-05-17 22:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 19:45 - 2012-05-17 22:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 19:45 - 2012-05-17 22:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 19:45 - 2012-05-17 22:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 19:45 - 2012-05-17 22:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 19:45 - 2012-05-17 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 19:44 - 2012-05-18 02:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 19:44 - 2012-05-18 02:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 19:44 - 2012-05-18 02:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 19:44 - 2012-05-18 01:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 19:44 - 2012-05-18 01:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 19:44 - 2012-05-18 01:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 19:44 - 2012-05-17 23:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 19:44 - 2012-05-17 22:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 19:44 - 2012-05-17 22:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 19:44 - 2012-05-17 22:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 19:44 - 2012-05-17 22:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 19:44 - 2012-05-17 22:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 18:00 - 2012-05-04 11:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 18:00 - 2012-05-04 10:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 18:00 - 2012-05-04 10:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 18:00 - 2012-05-01 05:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 18:00 - 2012-04-26 05:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 18:00 - 2012-04-26 05:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 18:00 - 2012-04-26 05:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 17:59 - 2012-05-15 01:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 17:59 - 2012-04-28 03:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 17:59 - 2012-04-24 05:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 17:59 - 2012-04-24 05:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 17:59 - 2012-04-24 05:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 17:59 - 2012-04-24 04:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 17:59 - 2012-04-24 04:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 17:59 - 2012-04-24 04:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 17:59 - 2012-04-07 12:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 17:59 - 2012-04-07 11:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 20:00 - 2012-06-11 20:00 - 00011416 ____A C:\Users\SONY\Desktop\deep buzz.fxb
    2012-06-06 18:32 - 2012-06-06 18:36 - 28820388 ____A C:\Users\SONY\Downloads\Neil Young _ Crazy Horse_ Oh Susannah.flv
    2012-06-06 18:07 - 2012-06-06 18:07 - 00653424 ____A C:\Users\SONY\Desktop\bu ne lan.png
    2012-05-30 17:26 - 2012-05-30 17:46 - 128389120 ____A C:\Users\SONY\Downloads\111472.mpg
    2012-05-30 17:26 - 2012-05-30 17:42 - 98668544 ____A C:\Users\SONY\Downloads\fractal movie.mpg
    2012-05-30 17:22 - 2012-05-30 17:23 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-3.mp4
    2012-05-30 17:21 - 2012-05-30 17:21 - 02869959 ____A C:\Users\SONY\Downloads\Fractal_Animations.flv
    2012-05-30 17:20 - 2012-05-30 17:20 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-2.mp4
    2012-05-30 17:18 - 2012-05-30 17:18 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-1.mp4
    2012-05-30 17:07 - 2012-05-30 17:20 - 163556292 ____A C:\Users\SONY\Downloads\Fractal_Animations.mp4

    ============ 3 Months Modified Files and Folders =============

    2012-06-28 23:37 - 2012-06-28 23:37 - 00000000 ____D C:\FRST
    2012-06-28 20:32 - 2012-06-26 19:13 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
    2012-06-28 20:32 - 2010-04-26 15:34 - 01997099 ____A C:\Windows\WindowsUpdate.log
    2012-06-28 20:29 - 2009-07-14 04:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-28 20:29 - 2009-07-14 04:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-28 20:28 - 2009-07-14 05:13 - 00799114 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-28 20:22 - 2010-01-19 11:13 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-28 20:21 - 2010-11-07 19:50 - 00213914 ____A C:\Windows\setupact.log
    2012-06-28 20:21 - 2010-08-10 09:14 - 00000031 ____A C:\Windows\System32\bbcap.err
    2012-06-28 20:21 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-28 19:08 - 2010-01-19 11:13 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-27 21:00 - 2010-01-19 11:47 - 00000000 ____D C:\Program Files (x86)\OneClickInternet
    2012-06-27 20:59 - 2011-12-17 07:55 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Nokia Suite
    2012-06-27 20:59 - 2011-12-17 07:55 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Nokia
    2012-06-27 20:59 - 2011-12-17 07:52 - 00000000 ____D C:\Users\SONY\AppData\Local\NokiaAccount
    2012-06-27 20:59 - 2011-12-17 07:48 - 00000000 ____D C:\Program Files (x86)\Nokia
    2012-06-27 20:57 - 2011-03-15 22:51 - 00000000 ____D C:\Program Files (x86)\FlashGet
    2012-06-27 20:43 - 2010-05-01 16:48 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc
    2012-06-27 10:18 - 2012-06-26 19:17 - 00000000 ____D C:\Users\All Users\CPA_VA
    2012-06-27 10:13 - 2012-06-27 10:13 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-27 10:12 - 2012-05-15 13:19 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-27 10:12 - 2012-05-15 13:19 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-27 10:12 - 2010-05-01 12:09 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-27 06:27 - 2011-01-23 13:37 - 00014090 ____A C:\Windows\PFRO.log
    2012-06-26 21:51 - 2012-06-26 21:51 - 00000000 ____D C:\Users\SONY\AppData\Local\COMODO
    2012-06-26 21:51 - 2012-06-26 19:13 - 00000000 ____D C:\Users\All Users\Comodo
    2012-06-26 21:39 - 2012-06-26 21:38 - 00270024 ____A C:\Windows\Minidump\062712-23368-01.dmp
    2012-06-26 21:38 - 2010-06-21 22:42 - 00000000 ____D C:\Windows\Minidump
    2012-06-26 19:16 - 2012-06-26 19:16 - 00000000 ___HD C:\VritualRoot
    2012-06-26 19:16 - 2012-06-26 19:16 - 00000000 ____D C:\Users\Public\Documents\COMODO
    2012-06-26 19:13 - 2012-06-26 19:13 - 00001846 ____A C:\Users\Public\Desktop\COMODO Antivirus.lnk
    2012-06-26 19:13 - 2012-06-26 19:13 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    2012-06-26 19:13 - 2012-06-26 19:13 - 00000000 ____D C:\Program Files\COMODO
    2012-06-25 01:50 - 2012-06-25 01:11 - 00000000 ____D C:\sh4ldr
    2012-06-25 01:50 - 2012-06-25 01:10 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-25 01:11 - 2012-06-25 01:11 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-24 23:30 - 2010-04-26 15:35 - 00000000 ____D C:\users\SONY
    2012-06-24 09:40 - 2012-06-24 09:39 - 05645445 ____A C:\Users\SONY\Downloads\Norah Jones - Crazy.mp3
    2012-06-23 20:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
    2012-06-23 15:48 - 2012-06-23 14:01 - 00106810 ____A C:\Users\SONY\Desktop\killer brass_5.rns
    2012-06-23 13:54 - 2012-06-23 13:45 - 00106804 ____A C:\Users\SONY\Desktop\killer brass_4.rns
    2012-06-23 13:40 - 2012-06-23 13:32 - 00106802 ____A C:\Users\SONY\Desktop\killer brass_3.rns
    2012-06-23 11:31 - 2012-06-23 11:31 - 00106796 ____A C:\Users\SONY\Desktop\killer brass_2.rns
    2012-06-23 11:27 - 2012-06-23 11:18 - 00106796 ____A C:\Users\SONY\Desktop\killer brass_1.rns
    2012-06-22 12:50 - 2009-07-14 05:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-15 22:00 - 2012-06-15 22:00 - 00000000 ____D C:\Users\SONY\AppData\Local\Macromedia
    2012-06-15 05:18 - 2012-04-02 18:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-15 05:18 - 2011-05-16 19:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-13 20:04 - 2009-07-14 04:45 - 00426488 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 20:01 - 2010-01-19 11:20 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-13 19:51 - 2010-04-28 20:57 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-11 20:00 - 2012-06-11 20:00 - 00011416 ____A C:\Users\SONY\Desktop\deep buzz.fxb
    2012-06-06 18:36 - 2012-06-06 18:32 - 28820388 ____A C:\Users\SONY\Downloads\Neil Young _ Crazy Horse_ Oh Susannah.flv
    2012-06-06 18:32 - 2012-05-23 18:37 - 00000000 ____D C:\Users\SONY\Downloads\ali bilge
    2012-06-06 18:07 - 2012-06-06 18:07 - 00653424 ____A C:\Users\SONY\Desktop\bu ne lan.png
    2012-06-04 11:50 - 2009-12-14 22:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-04 11:21 - 2010-09-04 16:05 - 00001185 ____A C:\Users\Public\Desktop\GOM Player.lnk
    2012-06-02 22:19 - 2012-06-22 13:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 22:19 - 2012-06-22 13:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 22:19 - 2012-06-22 13:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 22:19 - 2012-06-22 13:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 22:19 - 2012-06-22 13:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 22:15 - 2012-06-22 13:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 22:15 - 2012-06-22 13:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-22 13:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-22 13:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 22:12 - 2010-06-26 21:18 - 00000000 ____D C:\Users\yasemin\AppData\Roaming\Adobe
    2012-06-01 05:40 - 2010-06-02 19:49 - 00734201 ____A C:\test.xml
    2012-05-30 17:46 - 2012-05-30 17:26 - 128389120 ____A C:\Users\SONY\Downloads\111472.mpg
    2012-05-30 17:42 - 2012-05-30 17:26 - 98668544 ____A C:\Users\SONY\Downloads\fractal movie.mpg
    2012-05-30 17:23 - 2012-05-30 17:22 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-3.mp4
    2012-05-30 17:21 - 2012-05-30 17:21 - 02869959 ____A C:\Users\SONY\Downloads\Fractal_Animations.flv
    2012-05-30 17:20 - 2012-05-30 17:20 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-2.mp4
    2012-05-30 17:20 - 2012-05-30 17:07 - 163556292 ____A C:\Users\SONY\Downloads\Fractal_Animations.mp4
    2012-05-30 17:18 - 2012-05-30 17:18 - 06127616 ____A C:\Users\SONY\Downloads\Fractal_Animations-1.mp4
    2012-05-28 18:20 - 2012-05-28 18:20 - 04799180 ____A C:\Users\SONY\Downloads\olm bak git 2.flv
    2012-05-21 18:36 - 2010-09-08 22:41 - 00013312 ____A C:\Users\SONY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-21 18:20 - 2012-05-21 18:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-21 18:20 - 2012-05-21 18:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-20 22:12 - 2012-05-20 22:12 - 01907983 ____A C:\Users\SONY\Desktop\bassorg.mp3
    2012-05-20 22:10 - 2012-05-20 22:00 - 21025424 ____A C:\Users\SONY\Desktop\arzbasss Rendered.wav
    2012-05-20 19:46 - 2012-05-20 19:46 - 00007457 ____A C:\Users\SONY\Downloads\Bwv_564_Adagio.mid
    2012-05-19 21:46 - 2012-05-19 21:46 - 20275422 ____A C:\Users\SONY\Downloads\1205yalandunyaka.mp4
    2012-05-19 12:15 - 2012-05-19 12:15 - 00360956 ____A C:\Users\SONY\Downloads\best_blacklist_s3_s60_3_and_5_v_4_00_sw.sisx
    2012-05-19 11:27 - 2012-05-19 11:19 - 09841937 ____A C:\Users\SONY\Downloads\Laura-Branigan-A-Self-Control.mp3
    2012-05-18 02:47 - 2012-06-13 19:44 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-18 02:16 - 2012-06-13 19:44 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-18 02:06 - 2012-06-13 19:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-18 01:59 - 2012-06-13 19:45 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-18 01:59 - 2012-06-13 19:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-18 01:58 - 2012-06-13 19:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-18 01:58 - 2012-06-13 19:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:56 - 2012-06-13 19:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-18 01:55 - 2012-06-13 19:45 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:55 - 2012-06-13 19:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-18 01:54 - 2012-06-13 19:45 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-18 01:51 - 2012-06-13 19:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-18 01:51 - 2012-06-13 19:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-18 01:47 - 2012-06-13 19:45 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 23:11 - 2012-06-13 19:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 22:48 - 2012-06-13 19:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 22:45 - 2012-06-13 19:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 22:36 - 2012-06-13 19:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 22:35 - 2012-06-13 19:45 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 22:35 - 2012-06-13 19:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 22:33 - 2012-06-13 19:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 22:31 - 2012-06-13 19:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 22:29 - 2012-06-13 19:45 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 22:29 - 2012-06-13 19:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 22:27 - 2012-06-13 19:45 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 22:25 - 2012-06-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 22:24 - 2012-06-13 19:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 22:20 - 2012-06-13 19:45 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 17:29 - 2010-06-26 21:18 - 00000000 ____D C:\Users\yasemin\AppData\Local\Google
    2012-05-15 16:02 - 2012-05-15 16:02 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-15 13:18 - 2012-05-15 13:19 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-15 13:02 - 2010-06-26 21:13 - 00113056 ____A C:\Users\yasemin\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-15 01:32 - 2012-06-13 17:59 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-13 22:07 - 2012-05-13 22:03 - 06132549 ____A C:\Users\SONY\Downloads\Richard-Cheese-A-Creep.mp3
    2012-05-13 16:56 - 2012-05-13 16:44 - 02512607 ____A C:\Users\SONY\Downloads\Bob-marley-A-out-of-space.mp3
    2012-05-13 16:56 - 2012-05-13 16:24 - 07180839 ____A C:\Users\SONY\Downloads\The-Prodigy-A-Out-Of-Space.mp3
    2012-05-13 10:57 - 2009-07-14 07:47 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-12 22:48 - 2012-05-12 22:47 - 02854660 ____A C:\Users\SONY\Downloads\bach_adagio_bwv_564_prp_112010.mp3
    2012-05-12 22:39 - 2012-05-12 22:39 - 00006693 ____A C:\Users\SONY\Downloads\Bwv_564_Adagio.gp3
    2012-05-12 22:11 - 2012-04-08 11:02 - 04445154 ____A C:\Users\SONY\Downloads\Tiny-Tim-Tip-toe-Thru-_-The-Tulips-With-Me.mp3
    2012-05-08 21:50 - 2012-05-08 21:50 - 00310636 ____A C:\Users\SONY\Desktop\jazz imp.wav.asd
    2012-05-08 21:46 - 2012-05-08 21:46 - 00311604 ____A C:\Users\SONY\Desktop\jazz imp.mp3.asd
    2012-05-07 22:58 - 2012-05-07 22:55 - 05476646 ____A C:\Users\SONY\Downloads\London-Classical-Players-Roger-Norrington-BrahmsSymphony-No-3-in-F-major-Op-90-III-Poco-allegretto.mp3
    2012-05-07 22:56 - 2012-05-07 22:53 - 06052801 ____A C:\Users\SONY\Downloads\Herbert-Von-Karajan-Berlin-Philharmonic-Orchestra-Brahms-Symphony-3-In-F-Op-90-3-Poco-Allegretto.mp3
    2012-05-07 22:54 - 2010-05-01 17:26 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Azureus
    2012-05-07 17:58 - 2010-01-19 11:12 - 00000000 ____D C:\Users\All Users\Adobe
    2012-05-07 17:52 - 2010-04-26 18:34 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Adobe
    2012-05-07 17:49 - 2012-05-07 17:49 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-05-07 17:48 - 2010-05-01 15:06 - 00000000 ____D C:\Users\SONY\AppData\Local\Adobe
    2012-05-07 17:48 - 2010-01-19 11:12 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-05-07 17:39 - 2010-04-26 15:35 - 00113056 ____A C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-05 18:09 - 2010-01-19 11:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2012-05-05 17:03 - 2012-05-05 16:54 - 07469082 ____A C:\Users\SONY\Downloads\Cake-A-I-Will-Survive.mp3
    2012-05-04 16:29 - 2012-06-27 10:13 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 16:29 - 2010-04-28 21:19 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 11:06 - 2012-06-13 18:00 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03 - 2012-06-13 18:00 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 10:03 - 2012-06-13 18:00 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 20:10 - 2012-05-03 20:10 - 00000000 ____D C:\Users\SONY\Downloads\USB_-_Virtual_Analog_Vol.3_-_Nord_Lead_1_CD
    2012-05-01 05:40 - 2012-06-13 18:00 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 15:01 - 2012-04-29 14:29 - 194820392 ____A C:\Users\SONY\Downloads\15Z8I46q_Jodorowsky & Gimenez - The Metabarons - complete - (v1-17).cbr
    2012-04-29 14:57 - 2012-04-29 14:27 - 123884945 ____A C:\Users\SONY\Downloads\TwJIB5jw_Jodorowsky & Janjetov - [Before] The Incal - Complete.cbr
    2012-04-29 14:25 - 2010-05-01 17:26 - 00000000 ____D C:\Program Files (x86)\Vuze
    2012-04-29 11:26 - 2012-04-29 11:26 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-04-29 11:26 - 2012-04-29 11:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-04-29 11:26 - 2010-05-01 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-04-28 03:55 - 2012-06-13 17:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 18:26 - 2011-01-18 21:44 - 00000000 ___RD C:\Users\SONY\Desktop\church organ Project
    2012-04-26 05:41 - 2012-06-13 18:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:41 - 2012-06-13 18:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:34 - 2012-06-13 18:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37 - 2012-06-13 17:59 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 05:37 - 2012-06-13 17:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37 - 2012-06-13 17:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-24 04:36 - 2012-06-13 17:59 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-24 04:36 - 2012-06-13 17:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-24 04:36 - 2012-06-13 17:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 10:39 - 2012-04-23 10:39 - 00011416 ____A C:\Users\SONY\Desktop\organ.fxb
    2012-04-22 21:48 - 2012-04-22 21:48 - 01538856 ____A C:\Users\SONY\Desktop\organ2 Rendered.mp3
    2012-04-21 17:20 - 2012-04-21 17:20 - 00512000 ____A C:\Users\SONY\Downloads\Charles.Darwin.and.the.Tree.of.Life.LAP.www.Warezme.org.part1.rar.part
    2012-04-21 11:37 - 2012-04-21 11:33 - 70877240 ____A C:\Users\SONY\Downloads\PART 1_ David Attenborough on Darwin - by Nature Video.mp4
    2012-04-19 15:24 - 2011-12-24 10:33 - 00000000 ___RD C:\Users\yasemin\Virtual Machines
    2012-04-18 15:53 - 2012-04-18 15:52 - 05546112 ____A C:\Users\SONY\Downloads\Joe-Cocker-A-Summer-In-The-City.mp3
    2012-04-15 11:11 - 2010-04-26 18:25 - 00000000 ____D C:\Users\SONY\AppData\Local\Google
    2012-04-15 07:39 - 2012-04-14 23:15 - 00033436 ____A C:\Users\SONY\Desktop\killer wobz_.mp3
    2012-04-15 07:37 - 2012-04-14 23:16 - 07696675 ____A C:\Users\SONY\Desktop\killer wobzz.mp3
    2012-04-14 23:12 - 2012-04-14 22:58 - 33550136 ____A C:\Users\SONY\Desktop\killer wobz.wav
    2012-04-14 21:47 - 2012-04-14 21:47 - 02162688 ____A C:\Users\SONY\Desktop\killer wob Rendered.wav
    2012-04-10 16:43 - 2012-04-10 16:38 - 05586442 ____A C:\Users\SONY\Desktop\wobbly.mp3
    2012-04-09 17:27 - 2012-04-09 17:27 - 00281560 ____A C:\Windows\Minidump\040912-24897-01.dmp
    2012-04-08 20:39 - 2011-02-19 10:18 - 00094200 ____A C:\Users\SONY\Desktop\DUBSTEP2.rns
    2012-04-07 12:31 - 2012-06-13 17:59 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 11:26 - 2012-06-13 17:59 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-04 18:35 - 2011-06-01 20:43 - 00000000 ____D C:\Users\SONY\AppData\Local\ABBYY
    2012-04-04 18:22 - 2012-04-04 18:15 - 00135971 ____A C:\Users\SONY\Desktop\background.pptx
    2012-04-03 20:50 - 2012-04-03 20:50 - 00000032 ____A C:\Windows\SysWOW64\w3data.vss
    2012-04-03 20:50 - 2012-04-03 20:50 - 00000032 ____A C:\Windows\SysWOW64\msvcsv60.dll
    2012-04-03 20:50 - 2012-04-03 20:50 - 00000032 ____A C:\Windows\msocreg32.dat
    2012-04-03 20:45 - 2012-04-03 20:42 - 00000000 ____D C:\Program Files (x86)\VstPlugins
    2012-04-01 09:23 - 2012-04-01 09:23 - 00000000 ____D C:\Users\SONY\AppData\Local\Apps\2.0
    2012-04-01 07:57 - 2010-04-28 21:23 - 00000000 ____D C:\Update
    2012-03-31 23:31 - 2012-03-21 20:22 - 02834745 ____A C:\Users\SONY\Downloads\Vaya-Con-Dios-Neh-Nah-a.mp3

    ZeroAccess:
    C:\Windows\Installer\{90606adb-b9e2-f30b-33c5-be807af1b038}
    C:\Windows\Installer\{90606adb-b9e2-f30b-33c5-be807af1b038}\@
    C:\Windows\Installer\{90606adb-b9e2-f30b-33c5-be807af1b038}\L
    C:\Windows\Installer\{90606adb-b9e2-f30b-33c5-be807af1b038}\U

    ZeroAccess:
    C:\Users\SONY\AppData\Local\{90606adb-b9e2-f30b-33c5-be807af1b038}
    C:\Users\SONY\AppData\Local\{90606adb-b9e2-f30b-33c5-be807af1b038}\@
    C:\Users\SONY\AppData\Local\{90606adb-b9e2-f30b-33c5-be807af1b038}\L
    C:\Users\SONY\AppData\Local\{90606adb-b9e2-f30b-33c5-be807af1b038}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3766.88 MB
    Available physical RAM: 3136.23 MB
    Total Pagefile: 3765.03 MB
    Available Pagefile: 3127.47 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:164.32 GB) (Free:19.1 GB) NTFS
    2 Drive d: (data) (Fixed) (Total:122.07 GB) (Free:11.63 GB) NTFS
    3 Drive f: (Recovery) (Fixed) (Total:11.6 GB) (Free:0.81 GB) NTFS
    5 Drive h: (KINGSTON) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 7389 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 11 GB 1024 KB
    Partition 2 Primary 100 MB 11 GB
    Partition 3 Primary 164 GB 11 GB
    Partition 0 Extended 122 GB 176 GB
    Partition 4 Logical 122 GB 176 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Recovery NTFS Partition 11 GB Healthy Hidden

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 164 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D data NTFS Partition 122 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7388 MB 31 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H KINGSTON FAT32 Removable 7388 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-28 13:17

    ======================= End Of Log ==========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good job :)

    Now...important!
    Since you have FRST located on X drive make sure to copy "fixlist.txt" file listed below to the VERY SAME LOCATION on drive X.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  10. quixx

    quixx TS Rookie Topic Starter Posts: 24

    >Run FRST/FRST64 and press the Fix button just once and wait.
    - DONE - Fixlog.txt is below:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-29 09:55:31 Run:1
    Running from X:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\SONY\Software\Microsoft\Windows\CurrentVersion\Run\\im4igtyxv3 Value deleted successfully.
    C:\Windows\Installer\{90606adb-b9e2-f30b-33c5-be807af1b038} moved successfully.
    C:\Users\SONY\AppData\Local\{90606adb-b9e2-f30b-33c5-be807af1b038} moved successfully.
    ==== End of Fixlog ====
     
  11. quixx

    quixx TS Rookie Topic Starter Posts: 24

    COMBOFIX result:
    -I had to switch to safe mode to run combofix. Although ESET did not seem to function in Task Manager. Combofix gave some warnings to disable ESET. I had problem in disabling ESET in safe mode. I got into "Component Services" in services found Eset Services and disabled it but Combofix still gave the warning. And continued to fix, .

    Here are some good and/or bad changes I notices:
    1- ESET turned to green - Protection status seems allright
    2- ESET fails to update :confused: . It starts to donwload a file sized around 39 mb . When the progress bar reach to %50, progress bar resets.. then donwloaded file size somehow exceeds the expected files size continues to donwload an reach 40 mb and reportes that update is failed. giving the respone as "Error creating file".
    3- Password protected "private folder" that encrypts files, disappeared from "My Computer" .
    4-Before combofix, Every time I restart Win7 , size of icons on my dektop was being set to a larger size than my personal setting . now I can control their size :)

    Longing for your comments on these changes.

    - COMBOFIX LOG file is posted below

    ComboFix 12-06-28.03 - SONY 29.06.2012 10:38:15.1.4 - x64 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1033.18.3767.3019 [GMT 3:00]
    Running from: c:\users\SONY\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\Propellerhead Software\ReCycle
    c:\programdata\Propellerhead Software\ReCycle\ReCycle210.dat
    c:\users\SONY\AppData\Roaming\.#
    c:\users\SONY\AppData\Roaming\Propellerhead Software\ReCycle
    c:\users\SONY\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\SysWow64\msvcsv60.dll
    c:\windows\SysWow64\tmp6855.tmp
    c:\windows\SysWow64\tmp6901.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 07:45 . 2012-06-29 07:45 -------- d-----w- c:\users\yasemin\AppData\Local\temp
    2012-06-29 07:45 . 2012-06-29 07:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-29 07:31 . 2012-06-29 07:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A34B111-1FF6-4F28-906B-3206272DFE1F}\offreg.dll
    2012-06-28 23:37 . 2012-06-28 23:38 -------- d-----w- C:\FRST
    2012-06-27 10:13 . 2012-06-27 10:13 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-27 10:13 . 2012-06-27 10:13 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-26 21:51 . 2012-06-26 21:51 -------- d-----w- c:\users\SONY\AppData\Local\COMODO
    2012-06-26 19:17 . 2012-06-27 10:18 -------- d-----w- c:\programdata\CPA_VA
    2012-06-26 19:16 . 2012-06-26 19:16 -------- d-----w- C:\VritualRoot
    2012-06-26 19:13 . 2012-06-26 21:51 -------- d-----w- c:\programdata\Comodo
    2012-06-26 19:13 . 2012-06-26 19:13 -------- d-----w- c:\program files\COMODO
    2012-06-25 01:11 . 2012-06-25 01:50 -------- d-----w- C:\sh4ldr
    2012-06-25 01:11 . 2012-06-25 01:11 -------- d-----w- c:\program files\Enigma Software Group
    2012-06-25 01:10 . 2012-06-25 01:50 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-25 01:09 . 2012-06-25 01:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-06-22 13:35 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A34B111-1FF6-4F28-906B-3206272DFE1F}\mpengine.dll
    2012-06-22 13:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 13:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 13:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 13:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 13:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 13:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 13:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 13:32 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 13:32 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-15 22:00 . 2012-06-15 22:00 -------- d-----w- c:\users\SONY\AppData\Local\Macromedia
    2012-06-13 19:44 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-13 18:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 18:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 18:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 18:00 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 18:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 18:00 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 18:00 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 17:59 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 17:59 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 17:59 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 17:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 17:59 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 17:59 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 17:59 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 17:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 17:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 17:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-15 05:18 . 2012-04-02 18:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-15 05:18 . 2011-05-16 19:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 16:02 . 2012-05-15 16:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-15 13:18 . 2012-05-15 13:19 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 16:29 . 2010-04-28 21:19 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 13:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 13:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
    "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-19 26624]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
    "M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
    "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 1081632]
    PDFCreator.lnk - c:\program files (x86)\PDFCreator\PDFCreator.exe [2010-5-1 2641920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-11-30 19:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-22 834544]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
    R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
    R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-03 330488]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
    R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
    R3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [2010-08-10 4608]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-08-17 66728]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-11 151936]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-05-01 244736]
    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-11-15 111216]
    R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 231944]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
    R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
    R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-09 84512]
    R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [2009-12-03 6400]
    R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [2009-12-03 240640]
    R3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [2009-12-03 121216]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
    R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1255736]
    R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
    S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 22696]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-10-29 93696]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-10-29 76800]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:13]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:13]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\SONY\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
    "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-19 171520]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-01 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-01 390680]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-01 410136]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
    TCP: Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}: NameServer = 216.52.1.33,24.143.246.29
    TCP: Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}\163636563737: NameServer = 216.52.1.33,24.143.246.29
    TCP: Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}\4514D4: NameServer = 216.52.1.33,24.143.246.29
    TCP: Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}\4545E454450275966496: NameServer = 216.52.1.33,24.143.246.29
    TCP: Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}\5535B423: NameServer = 216.52.1.33,24.143.246.29
    DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
    FF - ProfilePath - c:\users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://tip.acibadem.edu.tr/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-ABBYY Screenshot Reader Bonus - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-29 10:48:19
    ComboFix-quarantined-files.txt 2012-06-29 07:48
    .
    Pre-Run: 20.348.633.088 bytes free
    Post-Run: 25.719.046.144 bytes free
    .
    - - End Of File - - F5D876939170B0CD71FC6FCE208402A3
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Combo log looks good.

    If updating Eset is the only issue I suggest you reinstall it.

    Next...

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===========================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Reopened.
     
  14. quixx

    quixx TS Rookie Topic Starter Posts: 24

    I cannot fix the ESET updating problem mentioned above .. I tried both the repair option and reinstallation.. Since I could not fully disable ESET during the Combofix session, that I know from Combofix warnings , it seems that it deeply bashed something about ESET ..
    So , would you agree with installing some other antivirus before going through the next steps (I.e. Malwarebytes' Anti-Malware and OTL )
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  16. quixx

    quixx TS Rookie Topic Starter Posts: 24

    - I uninstalled ESET and installed AVAST
    - Installed Malwarebytes and performed quick scan log is below

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.08.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    SONY :: VAIOME [administrator]

    09.07.2012 02:47:06
    mbam-log-2012-07-09 (02-47-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 273068
    Time elapsed: 6 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  17. quixx

    quixx TS Rookie Topic Starter Posts: 24

    OTL search results:


    OTL.txt

    OTL logfile created on: 09.07.2012 21:32:55 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = G:\anitvir
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy

    3,68 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 50,46% Memory free
    7,36 Gb Paging File | 5,32 Gb Available in Paging File | 72,28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 164,32 Gb Total Space | 22,87 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
    Drive G: | 122,07 Gb Total Space | 11,01 Gb Free Space | 9,02% Space Free | Partition Type: NTFS

    Computer Name: VAIOME | User Name: SONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.07.09 21:29:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\anitvir\OTL.exe
    PRC - [2012.07.03 19:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012.07.03 19:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012.07.03 19:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012.06.28 13:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012.04.04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
    PRC - [2010.01.19 14:37:25 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
    PRC - [2010.01.14 01:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2009.12.03 12:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
    PRC - [2009.11.30 22:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
    PRC - [2009.10.03 00:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009.10.01 06:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009.10.01 06:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009.08.26 22:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
    PRC - [2009.07.29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWTray.exe
    PRC - [2009.05.14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
    PRC - [2009.04.20 17:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    PRC - [2009.02.20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007.12.24 01:26:32 | 002,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- C:\Program Files (x86)\PDFCreator\PDFCreator.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012.06.28 13:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
    MOD - [2012.06.28 13:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    MOD - [2012.06.28 13:27:40 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
    MOD - [2012.06.28 13:27:38 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\libegl.dll
    MOD - [2012.06.28 13:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
    MOD - [2012.06.28 13:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
    MOD - [2012.06.28 13:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
    MOD - [2012.06.28 11:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    MOD - [2012.06.13 23:10:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
    MOD - [2012.06.13 23:09:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012.06.13 23:09:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012.05.13 16:23:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012.05.13 14:29:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.13 14:29:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
    MOD - [2012.05.13 14:29:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012.05.13 14:28:27 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
    MOD - [2012.05.13 14:28:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012.05.13 14:28:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012.05.13 14:28:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012.05.13 14:28:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2010.11.05 04:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009.07.14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009.06.11 00:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2007.11.28 18:59:42 | 003,702,784 | ---- | M] () -- C:\Program Files (x86)\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012.07.03 19:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012.07.03 19:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2009.11.30 22:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2009.09.21 19:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2009.09.21 19:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2009.09.05 00:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009.07.17 16:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
    SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.04.29 14:26:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.04.04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.12.03 12:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony) Qualcomm Gobi 2000 Download Service (Sony)
    SRV - [2009.10.03 00:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009.10.01 06:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009.10.01 06:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009.08.31 04:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2009.08.31 04:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.05.14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
    SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
    SRV - [2009.02.20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2009.02.06 20:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012.07.03 19:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012.07.03 19:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012.06.27 23:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.11.15 05:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011.08.18 00:14:48 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
    DRV:64bit: - [2011.08.17 14:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2011.08.17 14:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
    DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.11.20 16:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010.11.20 16:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010.11.20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 14:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010.11.20 14:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010.11.20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.20 13:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010.11.20 12:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010.08.10 12:06:44 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
    DRV:64bit: - [2010.05.22 14:25:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010.05.01 15:40:25 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010.05.01 15:40:24 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009.12.03 11:47:44 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k) Gobi 2000 USB-NDIS miniport(05C6-9225)
    DRV:64bit: - [2009.12.03 11:47:44 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225)
    DRV:64bit: - [2009.12.03 11:47:44 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys -- (qcfilterSny2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9225)
    DRV:64bit: - [2009.11.18 23:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009.11.18 23:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009.11.18 23:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009.11.18 23:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009.11.18 23:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009.11.11 05:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009.11.09 23:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009.11.09 23:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2009.11.02 04:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009.10.29 23:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
    DRV:64bit: - [2009.10.29 23:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
    DRV:64bit: - [2009.10.02 23:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009.09.17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009.09.15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009.08.19 23:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2009.07.29 14:28:24 | 000,231,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mafw.sys -- (MAFW)
    DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.05.28 23:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
    DRV:64bit: - [2009.05.20 13:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009.04.09 13:38:26 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009.01.09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes,DefaultScope = {2D5C7F2A-0073-474C-A261-887D46BAA76A}
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{2507BE80-BC22-41F0-9844-A46D1B211FBD}: "URL" = http://uk.shopping.com/?linkin_id=8056359
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{2D5C7F2A-0073-474C-A261-887D46BAA76A}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7SVEC_enTR377TR377
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{48BE737F-245D-44F5-9976-6557C5D04FC3}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{5CF88ABD-87E0-43AA-A750-02522B1897C1}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=5A6167EC-2DD6-42F1-ACF5-EF52B9B7C1CA
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\SearchScopes\{807CBE34-F5E4-4FEA-88CC-FC96C888711B}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
    IE - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://tip.acibadem.edu.tr/"
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.56.205
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..network.proxy.autoconfig_url: "http://go.navige.com/"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.29 14:26:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.15 16:19:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010.05.01 18:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SONY\AppData\Roaming\Mozilla\Extensions
    [2012.07.09 02:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\extensions
    [2012.04.01 12:32:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012.06.03 23:18:38 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011.03.26 21:14:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\extensions\engine@conduit.com
    [2012.01.04 20:17:04 | 000,002,333 | ---- | M] () -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\searchplugins\askcom.xml
    [2010.05.01 21:14:52 | 000,000,903 | ---- | M] () -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\searchplugins\conduit.xml
    [2012.07.09 20:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010.12.08 16:13:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012.05.15 16:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    [2012.07.09 20:21:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012.04.29 14:26:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010.01.14 01:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012.02.16 15:15:37 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
    [2012.04.29 14:26:22 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SONY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Angry Birds = C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: avast! WebRep = C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

    O1 HOSTS File: ([2012.06.29 10:45:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
     
  18. quixx

    quixx TS Rookie Topic Starter Posts: 24

    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
    O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} https://sube.garanti.com.tr/lib/JaguarEditControl.CAB (SubClassEditCtrlContainer Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FDE7CA3-1672-45BD-9EFE-F8DA40098E18}: NameServer = 216.52.1.33,24.143.246.29
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.07.09 21:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012.07.09 02:45:56 | 000,000,000 | ---D | C] -- C:\Users\SONY\AppData\Roaming\Malwarebytes
    [2012.07.09 02:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.07.09 02:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.07.09 02:45:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.07.09 02:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012.07.09 02:33:29 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2012.07.09 02:33:21 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2012.07.09 02:33:21 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2012.07.09 02:33:21 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
    [2012.07.09 02:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
    [2012.07.09 02:25:53 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012.07.09 02:25:53 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012.07.09 02:25:50 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012.07.09 02:25:48 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012.07.09 02:25:48 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012.07.09 02:25:48 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012.07.09 02:25:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012.07.09 02:25:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012.07.09 02:25:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012.07.09 02:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012.07.09 02:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012.07.09 02:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2012.07.09 00:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012.07.09 00:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2012.06.29 10:52:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012.06.29 10:35:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.06.29 10:35:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.06.29 10:35:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.06.29 10:09:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.06.29 10:06:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012.06.29 10:02:16 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\SONY\Desktop\ComboFix.exe
    [2012.06.29 02:37:17 | 000,000,000 | ---D | C] -- C:\FRST
    [2012.06.27 13:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012.06.27 13:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012.06.26 22:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012.06.26 22:16:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012.06.25 04:11:06 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012.06.25 04:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012.06.25 04:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012.06.16 01:00:58 | 000,000,000 | ---D | C] -- C:\Users\SONY\AppData\Local\Macromedia
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.07.09 21:17:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.07.09 21:17:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.07.09 21:09:47 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.07.09 21:09:23 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
    [2012.07.09 21:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.07.09 21:09:16 | 2962,395,136 | -HS- | M] () -- C:\hiberfil.sys
    [2012.07.09 21:08:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.07.09 02:45:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.07.09 02:33:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012.07.09 02:30:14 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2012.07.09 02:00:51 | 000,748,971 | ---- | M] () -- C:\test.xml
    [2012.07.09 00:53:45 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012.07.03 19:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012.07.03 19:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012.07.03 19:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2012.07.03 19:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2012.07.03 19:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012.07.03 19:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012.07.03 19:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012.07.03 19:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2012.07.03 19:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012.07.03 19:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012.07.03 19:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012.07.03 19:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012.06.29 10:45:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.06.29 10:03:04 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\SONY\Desktop\ComboFix.exe
    [2012.06.28 23:28:59 | 000,799,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.06.28 23:28:59 | 000,668,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.06.28 23:28:59 | 000,127,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.06.27 23:33:54 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
    [2012.06.23 18:48:39 | 000,106,810 | ---- | M] () -- C:\Users\SONY\Desktop\killer brass_5.rns
    [2012.06.23 16:54:40 | 000,106,804 | ---- | M] () -- C:\Users\SONY\Desktop\killer brass_4.rns
    [2012.06.23 16:40:41 | 000,106,802 | ---- | M] () -- C:\Users\SONY\Desktop\killer brass_3.rns
    [2012.06.23 14:31:03 | 000,106,796 | ---- | M] () -- C:\Users\SONY\Desktop\killer brass_2.rns
    [2012.06.23 14:27:10 | 000,106,796 | ---- | M] () -- C:\Users\SONY\Desktop\killer brass_1.rns
    [2012.06.19 23:07:24 | 000,227,673 | ---- | M] () -- C:\Users\SONY\Desktop\MD1206188-bogazicibiomedikal.pdf
    [2012.06.13 23:04:43 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.06.11 23:00:02 | 000,011,416 | ---- | M] () -- C:\Users\SONY\Desktop\deep buzz.fxb
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.07.09 02:45:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.07.09 02:30:14 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2012.07.09 02:25:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012.06.29 10:35:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.06.29 10:35:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.06.29 10:35:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.06.29 10:35:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.06.29 10:35:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.06.26 22:13:55 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012.06.23 17:01:13 | 000,106,810 | ---- | C] () -- C:\Users\SONY\Desktop\killer brass_5.rns
    [2012.06.23 16:45:59 | 000,106,804 | ---- | C] () -- C:\Users\SONY\Desktop\killer brass_4.rns
    [2012.06.23 16:32:57 | 000,106,802 | ---- | C] () -- C:\Users\SONY\Desktop\killer brass_3.rns
    [2012.06.23 14:31:02 | 000,106,796 | ---- | C] () -- C:\Users\SONY\Desktop\killer brass_2.rns
    [2012.06.23 14:18:04 | 000,106,796 | ---- | C] () -- C:\Users\SONY\Desktop\killer brass_1.rns
    [2012.06.19 23:07:28 | 000,227,673 | ---- | C] () -- C:\Users\SONY\Desktop\MD1206188-bogazicibiomedikal.pdf
    [2012.06.11 23:00:02 | 000,011,416 | ---- | C] () -- C:\Users\SONY\Desktop\deep buzz.fxb
    [2012.04.03 23:50:43 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
    [2011.12.17 21:02:11 | 000,038,428 | ---- | C] () -- C:\Users\SONY\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2011.08.17 23:43:09 | 000,000,008 | RHS- | C] () -- C:\Users\SONY\ntuser.pol
    [2011.07.18 23:33:00 | 000,000,000 | ---- | C] () -- C:\Users\SONY\AppData\Local\{4E1B14EE-E1E9-43D7-88ED-F8B51D886C34}
    [2011.06.19 21:05:38 | 000,000,346 | ---- | C] () -- C:\Users\SONY\.JavaPowUpload.properties
    [2011.04.18 00:04:21 | 000,140,997 | ---- | C] () -- C:\Windows\hphins33.dat.temp
    [2011.04.18 00:04:21 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
    [2011.02.27 18:34:34 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
    [2011.02.23 13:07:17 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
    [2011.02.23 13:07:17 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
    [2011.02.23 13:07:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
    [2011.02.23 13:07:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
    [2011.02.23 13:07:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
    [2011.02.23 13:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2011.02.23 13:06:49 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2010.09.13 02:04:01 | 000,170,864 | ---- | C] () -- C:\Windows\hphins33.dat
    [2010.09.13 02:04:01 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
    [2010.09.09 01:41:57 | 000,013,312 | ---- | C] () -- C:\Users\SONY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010.05.22 15:00:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010.05.05 00:09:00 | 000,008,751 | ---- | C] () -- C:\Users\SONY\AppData\Local\backup.vtp
    [2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

    ========== LOP Check ==========

    [2010.05.02 00:08:25 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Ableton
    [2010.05.01 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\AnvSoft
    [2010.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Auslogics
    [2012.05.08 01:54:43 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Azureus
    [2010.12.03 00:20:50 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Blueberry
    [2010.05.22 14:33:36 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\DAEMON Tools Lite
    [2011.11.11 01:14:09 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Dropbox
    [2011.03.16 01:51:38 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\FlashGet
    [2010.08.10 09:49:46 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\FreeFLVConverter
    [2010.08.10 11:56:28 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\FreeScreenToVideo
    [2010.08.16 00:50:34 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Get from YouTube
    [2010.05.13 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\GHISLER
    [2010.08.16 00:50:28 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Import Audio from Video
    [2010.08.10 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\LogSys
    [2012.06.27 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Nokia
    [2012.06.27 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Nokia Suite
    [2011.12.17 21:52:19 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\PC Suite
    [2012.06.29 10:44:56 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Propellerhead Software
    [2010.05.05 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Protector Suite
    [2011.05.21 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Publish Providers
    [2011.01.23 16:34:09 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Raptr
    [2011.08.14 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Rovio
    [2010.05.13 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Scooter Software
    [2011.05.21 00:14:11 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Sony
    [2011.05.21 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Sony Creative Software
    [2010.08.16 00:55:04 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Total Recorder Editor Pro
    [2010.09.09 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\SONY\AppData\Roaming\Vodafone
    [2011.12.24 13:33:33 | 000,000,000 | ---D | M] -- C:\Users\yasemin\AppData\Roaming\PC Suite
    [2010.06.27 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\yasemin\AppData\Roaming\Protector Suite
    [2011.12.24 13:34:24 | 000,000,000 | ---D | M] -- C:\Users\yasemin\AppData\Roaming\Vodafone
    [2012.06.22 15:50:50 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012.06.29 10:48:20 | 000,027,305 | ---- | M] () -- C:\ComboFix.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007.11.07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007.11.07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012.07.09 21:09:16 | 2962,395,136 | -HS- | M] () -- C:\hiberfil.sys
    [2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2010.05.22 16:07:10 | 000,000,664 | ---- | M] () -- C:\INSTALL.LOG
    [2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2012.07.09 21:09:21 | 3949,862,912 | -HS- | M] () -- C:\pagefile.sys
    [2010.01.19 14:08:24 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log
    [2012.07.09 02:00:51 | 000,748,971 | ---- | M] () -- C:\test.xml
    [2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009.07.14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012.07.03 19:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010.11.10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011.06.10 21:14:00 | 000,000,221 | -HS- | M] () -- C:\Users\SONY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012.06.29 10:03:04 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\SONY\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012.07.09 21:09:47 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.07.09 21:08:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.07.09 21:09:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012.06.22 15:50:50 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009.06.11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012.01.07 18:41:37 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012.01.07 18:41:37 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011.03.26 20:16:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011.03.26 20:16:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012.01.07 18:41:37 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012.02.16 23:51:43 | 000,000,402 | -HS- | M] () -- C:\Users\SONY\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009.04.09 13:44:42 | 000,108,066 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2011.04.18 00:05:51 | 000,000,723 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011.09.30 21:53:00 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report
     
  19. quixx

    quixx TS Rookie Topic Starter Posts: 24

    Extras.txt

    OTL by OldTimer - Version 3.2.53.1 Folder = G:\anitvir
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy

    3,68 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 50,46% Memory free
    7,36 Gb Paging File | 5,32 Gb Available in Paging File | 72,28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 164,32 Gb Total Space | 22,87 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
    Drive G: | 122,07 Gb Total Space | 11,01 Gb Free Space | 9,02% Space Free | Partition Type: NTFS

    Computer Name: VAIOME | User Name: SONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
    "{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
    "{3C33BA1B-D447-41CF-A228-84DD499F6F61}" = M-Audio FireWire Driver 6.0.1 (x64)
    "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
    "{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
    "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0402-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Bulgarian) 2007
    "{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
    "{90120000-002A-0406-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Danish) 2007
    "{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-002A-040B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Finnish) 2007
    "{90120000-002A-040E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hungarian) 2007
    "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
    "{90120000-002A-0418-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Romanian) 2007
    "{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
    "{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
    "{90120000-002A-041F-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Turkish) 2007
    "{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
    "{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.4.0
    "MatlabR2009b" = MATLAB R2009b
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
    "{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5844C935-106A-435D-969A-98C7508F982D}" = BB FlashBack 2 Express
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
    "{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote Keyboard with PlayStation 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
    "{6CA280F4-B354-4167-A262-ABE8347109D2}" = Vocal Rack Trial
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7ED89AE0-5832-4ED3-B29A-099F65295E82}" = Qualcomm Gobi 2000 Package for Sony
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0402-0000-0000000FF1CE}" = Microsoft Office Access MUI (Bulgarian) 2007
    "{90120000-0015-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
    "{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
    "{90120000-0015-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
    "{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-040B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Finnish) 2007
    "{90120000-0015-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-040E-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hungarian) 2007
    "{90120000-0015-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
    "{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0418-0000-0000000FF1CE}" = Microsoft Office Access MUI (Romanian) 2007
    "{90120000-0015-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
    "{90120000-0015-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
    "{90120000-0015-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-041F-0000-0000000FF1CE}" = Microsoft Office Access MUI (Turkish) 2007
    "{90120000-0015-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
    "{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0402-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Bulgarian) 2007
    "{90120000-0016-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
    "{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
    "{90120000-0016-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
    "{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-040B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Finnish) 2007
    "{90120000-0016-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-040E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2007
    "{90120000-0016-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
    "{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0418-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Romanian) 2007
    "{90120000-0016-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
    "{90120000-0016-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
    "{90120000-0016-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
    "{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0402-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Bulgarian) 2007
    "{90120000-0018-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
    "{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
    "{90120000-0018-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
    "{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Finnish) 2007
    "{90120000-0018-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2007
    "{90120000-0018-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
    "{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0418-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Romanian) 2007
    "{90120000-0018-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
    "{90120000-0018-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
    "{90120000-0018-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
    "{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0402-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Bulgarian) 2007
    "{90120000-0019-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
    "{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
    "{90120000-0019-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
    "{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-040B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Finnish) 2007
    "{90120000-0019-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-040E-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hungarian) 2007
    "{90120000-0019-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
    "{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0418-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Romanian) 2007
    "{90120000-0019-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
    "{90120000-0019-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
    "{90120000-0019-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-041F-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Turkish) 2007
    "{90120000-0019-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
    "{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0402-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Bulgarian) 2007
    "{90120000-001A-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
    "{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
    "{90120000-001A-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
    "{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-040B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Finnish) 2007
    "{90120000-001A-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-040E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hungarian) 2007
    "{90120000-001A-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
    "{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0418-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Romanian) 2007
    "{90120000-001A-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
    "{90120000-001A-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
    "{90120000-001A-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Turkish) 2007
    "{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
    "{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0402-0000-0000000FF1CE}" = Microsoft Office Word MUI (Bulgarian) 2007
    "{90120000-001B-0402-0000-0000000FF1CE}_PROHYBRIDR_{F396405D-7270-406B-B59C-CC36095EEFB3}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
    "{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
    "{90120000-001B-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
    "{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Finnish) 2007
    "{90120000-001B-040B-0000-0000000FF1CE}_PROHYBRIDR_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2007
    "{90120000-001B-040E-0000-0000000FF1CE}_PROHYBRIDR_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
    "{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0418-0000-0000000FF1CE}" = Microsoft Office Word MUI (Romanian) 2007
    "{90120000-001B-0418-0000-0000000FF1CE}_PROHYBRIDR_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
    "{90120000-001B-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}_PROHYBRIDR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
    "{90120000-001B-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
    "{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007
    "{90120000-001F-0402-0000-0000000FF1CE}_PROHYBRIDR_{CB0A77FC-E59E-4418-9C1E-82E486C90EA5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
    "{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
    "{90120000-001F-0406-0000-0000000FF1CE}_PROHYBRIDR_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
    "{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_PROHYBRIDR_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
    "{90120000-001F-040E-0000-0000000FF1CE}_PROHYBRIDR_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
    "{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2007
    "{90120000-001F-0418-0000-0000000FF1CE}_PROHYBRIDR_{0E2DB3D7-94EA-4B12-A9C1-D3C52BDE07D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
    "{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
    "{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_PROHYBRIDR_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
    "{90120000-001F-041F-0000-0000000FF1CE}_ENTERPRISE_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041F-0000-0000000FF1CE}_PROHYBRIDR_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
    "{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0402-1000-0000000FF1CE}_PROHYBRIDR_{F2B19821-E01E-4843-B0AE-99093DB3F308}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0405-1000-0000000FF1CE}_PROHYBRIDR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0406-1000-0000000FF1CE}_PROHYBRIDR_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-040B-1000-0000000FF1CE}_PROHYBRIDR_{B001E294-354F-45E2-B1CB-4C3AE5A8D01F}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-040E-1000-0000000FF1CE}_PROHYBRIDR_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0415-1000-0000000FF1CE}_PROHYBRIDR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0418-1000-0000000FF1CE}_PROHYBRIDR_{C618587E-CCC5-46B5-88C3-2E7C1195B3C7}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-041B-1000-0000000FF1CE}_PROHYBRIDR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-041D-1000-0000000FF1CE}_PROHYBRIDR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-041F-1000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-041F-1000-0000000FF1CE}_PROHYBRIDR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0402-0000-0000000FF1CE}" = Microsoft Office Proofing (Bulgarian) 2007
    "{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
    "{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
     
  20. quixx

    quixx TS Rookie Topic Starter Posts: 24

    "{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-040B-0000-0000000FF1CE}" = Microsoft Office Proofing (Finnish) 2007
    "{90120000-002C-040E-0000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2007
    "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
    "{90120000-002C-0418-0000-0000000FF1CE}" = Microsoft Office Proofing (Romanian) 2007
    "{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
    "{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
    "{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
    "{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-041F-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Turkish) 2007
    "{90120000-0044-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0402-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Bulgarian) 2007
    "{90120000-006E-0402-0000-0000000FF1CE}_PROHYBRIDR_{F2B19821-E01E-4843-B0AE-99093DB3F308}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
    "{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
    "{90120000-006E-0406-0000-0000000FF1CE}_PROHYBRIDR_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
    "{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-040B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Finnish) 2007
    "{90120000-006E-040B-0000-0000000FF1CE}_PROHYBRIDR_{B001E294-354F-45E2-B1CB-4C3AE5A8D01F}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-040E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2007
    "{90120000-006E-040E-0000-0000000FF1CE}_PROHYBRIDR_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
    "{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0418-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Romanian) 2007
    "{90120000-006E-0418-0000-0000000FF1CE}_PROHYBRIDR_{C618587E-CCC5-46B5-88C3-2E7C1195B3C7}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
    "{90120000-006E-041B-0000-0000000FF1CE}_PROHYBRIDR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}_PROHYBRIDR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
    "{90120000-006E-041F-0000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-041F-0000-0000000FF1CE}_PROHYBRIDR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
    "{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-041F-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Turkish) 2007
    "{90120000-00A1-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-041F-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Turkish) 2007
    "{90120000-00BA-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
    "{B178BACA-880B-4D20-85F9-522F7F2DECBE}" = AmpliTube Fender
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
    "{E4DCFD0F-7B68-4C44-B208-99027AD1AC69}" = keFIR VST plugin
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E622ECC4-4310-4D7B-B401-159E0C22516A}" = Final Master Trial
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
    "ACDSee 32" = ACDSee 32
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Any Video Converter_is1" = Any Video Converter 3.0.5
    "avast" = avast! Internet Security
    "BB FlashBack 2 Express" = BB FlashBack 2 Express
    "BeyondCompare3_is1" = Beyond Compare Version 3.0.13
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "conduitEngine" = Conduit Engine
    "E.M. DVD Copy_is1" = E.M. DVD Copy 2.40
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free FLV Converter_is1" = Free FLV Converter V 6.91.0
    "GIFMovieGear1" = GIF Movie Gear 2.6
    "GoldWave v5.06" = GoldWave v5.06
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "GPL Ghostscript 8.63" = GPL Ghostscript 8.63
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "GuitarSpeedTrainer_is1" = GST 2.3.8.4
    "Human_Physiology_ESP" = Human Physiology ESP
    "iZotope Ozone 3.07" = iZotope Ozone 3.07
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
    "Live 6.0.1" = Live 6.0.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MarketingTools" = VAIO Marketing Tools
    "Mendeley Desktop" = Mendeley Desktop 1.3.2
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 12.0 (x86 tr)" = Mozilla Firefox 12.0 (x86 tr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "Native Instruments Controller Editor" = Native Instruments Controller Editor
    "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
    "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
    "Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
    "Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Session IO Driver" = Native Instruments Session IO Driver
    "Native Instruments Traktor 2" = Native Instruments Traktor 2
    "NxSXFadeControlForWinamp" = NxS XFade control v0.7
    "OpenAL" = OpenAL
    "PDFTools_is1" = PDFTools Version 1.3 (08/26/2007)
    "Power Tab Editor 1.7" = Power Tab Editor 1.7
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Reason4_is1" = Reason 4.0
    "ReCycle v2.1" = ReCycle v2.1
    "ReValver Mk IIIdotV_is1" = ReValver Mk IIIdotV
    "STDU Viewer_is1" = STDU Viewer version 1.5.528.0
    "Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
    "Totalcmd" = Total Commander (Remove or Repair)
    "VAIO Help and Support" =
    "VAIO Premium Partners" = VAIO Premium Partners
    "VAIO screensaver" = VAIO screensaver
    "VLC media player" = VLC media player 1.0.5
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0
    "Waves Transform Bundle v5.0" = Waves Transform Bundle v5.0
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3605547617-246566502-3984818246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 08.07.2012 18:21:40 | Computer Name = VAIOME | Source = VSS | ID = 12289
    Description =

    Error - 08.07.2012 18:56:41 | Computer Name = VAIOME | Source = VSS | ID = 12289
    Description =

    Error - 08.07.2012 19:14:38 | Computer Name = VAIOME | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 08.07.2012 19:35:52 | Computer Name = VAIOME | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 08.07.2012 20:30:07 | Computer Name = VAIOME | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 12.0.0.4493 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 69c Start
    Time: 01cd5d65fd829194 Termination Time: 17 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id:

    Error - 08.07.2012 20:32:51 | Computer Name = VAIOME | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerPlugin_11_3_300_262.exe, version:
    11.3.300.262, time stamp: 0x4fe20fae Faulting module name: unknown, version: 0.0.0.0,
    time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x04752ce0 Faulting
    process id: 0x1164 Faulting application start time: 0x01cd5d6a1e300770 Faulting application
    path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe Faulting
    module path: unknown Report Id: 9d7c9ad7-c95d-11e1-b27d-0024be66657b

    Error - 08.07.2012 20:57:48 | Computer Name = VAIOME | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerPlugin_11_3_300_262.exe, version:
    11.3.300.262, time stamp: 0x4fe20fae Faulting module name: NPSWF32_11_3_300_262.dll,
    version: 11.3.300.262, time stamp: 0x4fe21212 Exception code: 0xc0000005 Fault offset:
    0x0066d2ff Faulting process id: 0x53c Faulting application start time: 0x01cd5d6aade8e587
    Faulting
    application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    Faulting
    module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll Report
    Id: 1951ad59-c961-11e1-b27d-0024be66657b

    Error - 09.07.2012 00:50:04 | Computer Name = VAIOME | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 09.07.2012 13:09:10 | Computer Name = VAIOME | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 09.07.2012 14:10:33 | Computer Name = VAIOME | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    [ OSession Events ]
    Error - 13.03.2011 15:01:21 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 07.04.2011 17:51:33 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 01.05.2011 16:29:55 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11.05.2011 04:50:06 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 23.05.2011 18:24:02 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10.12.2011 23:56:20 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10.12.2011 23:57:39 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17.12.2011 13:57:49 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17.12.2011 16:27:16 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 19.12.2011 14:57:00 | Computer Name = VAIOME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 09.07.2012 14:07:53 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 09.07.2012 14:07:53 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 09.07.2012 14:09:35 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 09.07.2012 14:09:36 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Upnp Server 10 service to connect.

    Error - 09.07.2012 14:10:07 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
    Rapid Storage Technology service to connect.

    Error - 09.07.2012 14:10:07 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Rapid Storage Technology service failed to start due
    to the following error: %%1053

    Error - 09.07.2012 14:10:15 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the VSNService service.

    Error - 09.07.2012 14:10:43 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 09.07.2012 14:11:01 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 09.07.2012 14:11:01 | Computer Name = VAIOME | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      [2012.01.04 20:17:04 | 000,002,333 | ---- | M] () -- C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\searchplugins\askcom.xml
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. quixx

    quixx TS Rookie Topic Starter Posts: 24


    OTL killed some processes.. but reboot was abnormal
    It gave blue screen for a while. Only part I could read on the screen was "dumping physical memory" then reboot. In the next Windows- start there was no log file created. I searched for a log file in the folder where OTL is located. Another thing, a folder named _OTL was created including folder MovedFiles a plugin "askcom" was sitting there.

    I hesitate to repeat this step , blue screened reboot was really scaring.. would you agree with skipping this step and go through remaining steps?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please do NOT quote my replies.

    Re-run OTL fix from safe mode.
     
  24. quixx

    quixx TS Rookie Topic Starter Posts: 24

    OTL Fix result:

    All processes killed
    ========== OTL ==========
    Error: No service named esgiguard was found to stop!
    Service\Driver key esgiguard not found.
    File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    File C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\9lvqdlxw.default\searchplugins\askcom.xml not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: SONY
    ->Temp folder emptied: 17038140 bytes
    ->Temporary Internet Files folder emptied: 42539990 bytes
    ->Java cache emptied: 20603370 bytes
    ->FireFox cache emptied: 150734580 bytes
    ->Google Chrome cache emptied: 52308963 bytes
    ->Flash cache emptied: 69576 bytes

    User: yasemin
    ->Temp folder emptied: 1678325 bytes
    ->Temporary Internet Files folder emptied: 229067454 bytes
    ->Java cache emptied: 7795423 bytes
    ->Google Chrome cache emptied: 271636598 bytes
    ->Flash cache emptied: 45693 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1713828 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 979426 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 304946 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 760,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Public

    User: SONY
    ->Java cache emptied: 0 bytes

    User: yasemin
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: SONY
    ->Flash cache emptied: 0 bytes

    User: yasemin
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07122012_084639

    Files\Folders moved on Reboot...
    C:\Users\SONY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\SONY\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  25. quixx

    quixx TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Internet Security
    Human Physiology ESP
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    JavaFX 2.1.1
    Java(TM) 6 Update 33
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player11.3.300.262
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast afwServ.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...