# A Microsoft tech says I need a fix fast



## dchville (Sep 25, 2011)

I purchased and installed Stopzilla version 5.0. 
I have run the scans and assumed it did what I was hoping. However a friend who has a little more experience than I found a trojan in my running processes.
When I called Stopzilla's support they took over my laptop and he found many errors and warnings and told me that essential windows processes or programs had been stopped. He offered to fix it for a 1 year subsciption costing over $300.00. I can't afford that so here I am.
I know I am running too many processes in my task manager (117)
Today for the first time my computer shut down and I got the blue screen I've been told about.
Here is the hijackthis log. The DDS log didn't work or I didn't download it correctly???
I have limited experience but I am very willing to learn and I usually catch on fast... PLEASE HELP!!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:24 PM, on 25/09/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dennis\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~2\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...KzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.iwon.com/modules/launchG...rame.jhtml?categoryId=1&gameId=531&browser=IE"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Monopoly/Images/armhelper.ocx
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9baeae8275840) (gupdate1c9baeae8275840) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 19549 bytes

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista Home Premium , Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz, Intel64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2938 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1341 Mb
Hard Drives: C: Total - 228125 MB, Free - 144790 MB; 
Motherboard: Sony Corporation, VAIO, N/A, N/A
Antivirus: AVG Internet Security 2012, Updated and Enabled


----------



## dchville (Sep 25, 2011)

back to top...


----------



## dchville (Sep 25, 2011)

bump


----------



## dchville (Sep 25, 2011)

bump it up...


----------



## dchville (Sep 25, 2011)

Can someone help me????? PLEASE...... I can't afford to pay a tech as I am on disability and I don't want to buy a new laptop.
I was also thinking of taking a computer course that will teach me how to find and remove malicious software and viruses so I can help others with limited income keep thier computers running problem free. 
Is there an online course that will teach just that?


----------



## dchville (Sep 25, 2011)

anyone????


----------



## dchville (Sep 25, 2011)

I was browsing other treads and noticed a csrss.exe issue. I have one of those as well. Sounds like I am in deep dodo. please help....


----------



## valis (Sep 24, 2004)

hang on, let me see if I can find a security expert to assist....thanks for your patience, they are always pretty buried.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Bit late in replying, so will have a read up on what's been posted and will reply very soon 

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, just had a read of what you have and we can work thru the removal process, and it paying $300 is not an option with us, its all free 

Okay, if you can run the following programs, that would be great. Also, do you know which trojan your friend found?

----------

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## valis (Sep 24, 2004)

Thanks, eddie.......


----------



## dchville (Sep 25, 2011)

I was told the csrss.exe was a trojan. In my task manager I'm running 117 processes and I found at least 2 csrss.exe files.
When I had a windows tech check things out he said some essential systems were being stopped.... and there were thousands of error and warning messages... He showed me this but closed everything before I had a chance to figure out exactly what he was talking about.
I ran the scans... 
I hope this is what you wanted...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7820
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
28/09/2011 2:15:03 PM
mbam-log-2011-09-28 (14-15-03).txt
Scan type: Quick scan
Objects scanned: 188701
Time elapsed: 3 minute(s), 48 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 149
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 355
Memory Processes Infected:
c:\program files (x86)\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 6080 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Dennis\AppData\Roaming\error fix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Logs\2009-10-19 20-57-380.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Logs\2009-10-19 21-03-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-165.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-166.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-167.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-168.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-169.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-170.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-171.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-172.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-173.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-174.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-175.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-176.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-177.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-178.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-179.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-180.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-181.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-182.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-183.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-184.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-185.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-186.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-187.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-188.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-189.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-190.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-191.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-192.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-193.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-194.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-195.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-196.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-197.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-198.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-199.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-200.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-201.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-202.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-203.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-204.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-205.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-206.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-207.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-208.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-209.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-210.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-211.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-212.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-213.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-214.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-215.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-216.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-217.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-218.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-219.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-220.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-221.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-222.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-223.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-224.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-225.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-226.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-227.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-228.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-229.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-230.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-231.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-232.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-233.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-234.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-235.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-236.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-237.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-238.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-239.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-240.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-241.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-242.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-243.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-244.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-245.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-246.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-247.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-248.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-249.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-250.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-251.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-252.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-253.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-254.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-255.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-256.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-257.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-258.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-259.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-260.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-261.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-262.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-263.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-264.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-265.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-266.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-267.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-268.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-269.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-270.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\quarantinew\2009-10-19 21-00-450\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Dennis\AppData\Roaming\error fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\general.html (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\optimizations.html (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\privacy.html (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\scheduler.html (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\startup.html (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\error fix\PW\wizard.css (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/01/2011 at 02:33 PM
Application Version : 5.0.1128
Core Rules Database Version : 7745
Trace Rules Database Version: 5557
Scan type : Quick Scan
Total Scan Time : 00:04:40
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User
Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 60306
Registry threats detected : 116
File items scanned : 11246
File threats detected : 4
Adware.MyWebSearch/FunWebProducts
(x86) HKU\S-1-5-21-3438210978-1716780341-3628978143-1000\SOFTWARE\FunWebProducts
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
Adware.Tracking Cookie
C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y4EZ4I11.txt [ Cookie:[email protected]/ ]
C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZUYIPC0.txt [ Cookie:[email protected]/ ]
C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWG29UGF.txt [ Cookie:[email protected]/ ]
C:\USERS\DENNIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EEPD6EL.txt [ Cookie:[email protected]/ ]


----------



## dchville (Sep 25, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:03:29 PM, on 01/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dennis\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...KzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.iwon.com/modules/launchG...rame.jhtml?categoryId=1&gameId=531&browser=IE"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Monopoly/Images/armhelper.ocx
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9baeae8275840) (gupdate1c9baeae8275840) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 18837 bytes


----------



## dchville (Sep 25, 2011)

not sure if the first hijack log was a new scan so I did it again...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:05:28 PM, on 01/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dennis\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...KzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.iwon.com/modules/launchG...rame.jhtml?categoryId=1&gameId=531&browser=IE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Monopoly/Images/armhelper.ocx
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9baeae8275840) (gupdate1c9baeae8275840) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 19187 bytes


----------



## dchville (Sep 25, 2011)

thanks for all the help... I hope we can fix this


----------



## dchville (Sep 25, 2011)

start up and shut down is faster!!!!


----------



## eddie5659 (Mar 19, 2001)

Good to hear 

However, I want to make sure all is gone before we call this Solved 

Can you run this for me:


 
*NOTE*: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. 

Download FixIEDef.exe by ShadowPuterDude to the Desktop. 
_Note: FixIEDef now supports Non-English Language Systems_

Double-click FixIEDef.exe: 









That will open the About FixIEDef screen. Click *OK* to continue: 









Next, press the *Scan!* button: 









FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click *OK* to continue: 









Wait for the scan to finish. It shouldn't take very long:



















*WARNING*: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed. 

After the !!! All Finished !!! message is displayed, click *Exit*: 









Post the *FixIEDef log* file, located on the Desktop.

_Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

See: http://www.beyondlogic.org/consulting/proc...processutil.htm_

Mirrors: Alternate official download locations for FixIEDef.exe

http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe 
http://hosts-file.net/download/fixiedef/fixiedef.exe 
http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef 
http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef 

eddie


----------



## dchville (Sep 25, 2011)

Wow that didn't go as easy as I thought. I am using IE9 and this didn't work quite the same as you illustrated in your last post. I think i figured it out. I had to shut down my spyware and even then it deleted and blocked "Gen Malware Detection.VV" 
Here is the log....


********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************
Created at 14:50:18 on Wednesday, October 05, 2011
Time Zone : (GMT-05:00) Eastern Time (US & Canada)
Logged On User : Dennis
Operating System : Microsoft® Windows Vista Home Premium Service Pack 2
OS Architecture : X64
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X64 Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
System Drive : C:\
Windows Directory : C:\Windows
System Directory : C:\Windows\SysWOW64
System Drive Type : Fixed
System Drive Status : READY
System Drive Label : 
System Drive Size : 228.13 GB
System Drive Free : 146.26 GB
Total Physical Memory: 2938 MB
Free Physical Memory : 1128 MB
Total Page File : 2938 MB
Free Page File : 3684 MB
Total Virtual Memory : 4096 MB
Free Virtual Memory : 3983 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done 
ShadowPuterDude
Safe Surfing!!!


----------



## dchville (Sep 25, 2011)

I just looked in my task manager and the csrss.exe file is still listed in my processes. I am also still running 108 processes which is down from 117 but I understand I should only be running around 40 or 50 processes????


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look a bit deeper:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## dchville (Sep 25, 2011)

I downloaded and ran the scan... a window opened telling me the scan had started and that it would take about 10 minutes... then a line came up which stated "\Microlab\Searchengin\ was unexpected at this time. Then it just stalled there with a cursor flashing????

Did I miss something?


----------



## dchville (Sep 25, 2011)

I disabled AVG and Stopzilla. Is there anything else that should be disabled? Like SUPERantispyware or is there other windows security that needs to be disabled?

I want to thank you for all your help. I really appreciate your time and patience.
I am thinking about taking a course in computer maintenance and repair and I hope one day to pay it forward. This site including yourself has inspired me....


----------



## dchville (Sep 25, 2011)

Happy Thanksgiving... that is if you are Canadian


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, was building my new computer, so had to wait until it was built before I could access my files.

Okay, as ComboFix is having problems, we'll run OTL. I want to see what's there that could be causing the problems.

And, I'm not Canadian, I'm from England 

But, happy thanksgiving to you 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## dchville (Sep 25, 2011)

OTL logfile created on: 10/10/2011 9:01:18 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Dennis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 41.22% Memory free
5.95 Gb Paging File | 3.49 Gb Available in Paging File | 58.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.78 Gb Total Space | 141.31 Gb Free Space | 63.43% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1765.85 Gb Free Space | 94.78% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 21:00:09 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011/10/04 09:48:51 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/03 11:46:28 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/02 17:58:18 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/08/02 17:58:12 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/09 21:59:37 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/12/23 17:05:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/28 08:49:09 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/28 20:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/13 12:04:03 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/05/24 22:01:16 | 000,086,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
PRC - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
PRC - [2008/05/20 16:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/03 23:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/04 09:48:51 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/09/18 03:28:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/09/18 03:28:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/09/18 03:17:33 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/18 03:17:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/17 16:30:20 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/01/27 18:57:50 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/27 18:57:48 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/27 18:57:46 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2008/07/28 20:45:44 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2008/06/13 11:11:51 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2008/06/13 11:11:44 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2008/06/13 11:11:43 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2008/06/13 11:10:18 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll
MOD - [2008/06/13 11:03:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2008/06/13 11:03:03 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2008/02/27 20:02:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
MOD - [2007/09/06 14:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2009/06/26 16:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:*64bit:* - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:*64bit:* - [2008/08/06 21:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:*64bit:* - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:*64bit:* - [2008/06/12 02:10:46 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:*64bit:* - [2008/04/30 23:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2008/04/30 22:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2008/04/27 20:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:*64bit:* - [2008/02/27 20:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:*64bit:* - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/03 11:46:28 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 17:58:12 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/15 08:17:50 | 000,139,808 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 17:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 04:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 04:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 04:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:*64bit:* - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2010/03/18 04:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:*64bit:* - [2010/03/18 04:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:*64bit:* - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:*64bit:* - [2009/06/10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:*64bit:* - [2009/04/24 10:32:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:*64bit:* - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2008/08/08 20:11:11 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:*64bit:* - [2008/08/08 20:10:43 | 007,907,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2008/08/08 20:09:04 | 000,021,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:*64bit:* - [2008/08/08 20:09:03 | 000,132,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:*64bit:* - [2008/08/08 20:09:03 | 000,095,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:*64bit:* - [2008/08/08 20:08:35 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:*64bit:* - [2008/08/07 20:20:32 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2008/08/01 20:02:36 | 000,176,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:*64bit:* - [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2008/07/17 20:02:44 | 000,064,512 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:*64bit:* - [2008/06/25 20:13:33 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:*64bit:* - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:*64bit:* - [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:*64bit:* - [2008/04/27 20:00:52 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:*64bit:* - [2008/04/27 20:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:*64bit:* - [2008/04/27 20:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:*64bit:* - [2008/04/27 20:00:35 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:*64bit:* - [2008/04/27 20:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:*64bit:* - [2008/04/27 20:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:*64bit:* - [2008/04/08 06:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2008/03/10 07:01:26 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:*64bit:* - [2008/01/30 20:33:30 | 000,019,456 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:*64bit:* - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:*64bit:* - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2008/07/11 19:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=FW69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 58 EF 7D 40 6A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.iwon.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 17:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/06 08:45:11 | 000,000,000 | ---D | M]

[2011/05/19 13:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2011/09/03 11:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions
[2011/09/03 11:46:36 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions\[email protected]
[2011/07/09 23:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/25 12:30:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2010/12/23 17:06:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/09/02 03:00:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Reg Error: Value error.) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll File not found
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [cdloader] C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:*64bit:* - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:*64bit:* - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13*64bit:* - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program Files (x86)/Monopoly/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab (GameTap Player)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program Files (x86)/Monopoly/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:*64bit:* - Protocol\Filter\text/xml - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/12 09:11:01 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/07/10 15:19:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e712a4c3-d887-11de-bc96-001dba22dc6b}\Shell\Auto\command - "" = G:\launcher.exe
O33 - MountPoints2\{e712a4c3-d887-11de-bc96-001dba22dc6b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\H\Shell\phone\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 21:00:08 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/10/08 17:29:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/05 16:10:28 | 000,000,000 | ---D | C] -- C:\username123
[2011/10/05 15:54:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/05 15:49:37 | 004,244,631 | R--- | C] (Swearware) -- C:\Users\Dennis\Desktop\username123.exe
[2011/10/05 13:59:07 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/10/05 13:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2011/10/05 13:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/05 13:58:28 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/10/04 09:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/04 09:32:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/01 15:02:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/10/01 14:25:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/01 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/01 14:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/01 14:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/28 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2011/09/28 14:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 14:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 14:06:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 14:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 14:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/09/25 12:51:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dennis\Desktop\dds.com
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/03/16 20:03:18 | 002,949,120 | ---- | C] (Axialis Software) -- C:\Users\Dennis\AppData\Roaming\screensaver_Beach.scr
[2009/05/11 18:08:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2009/05/11 18:08:19 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2009/05/11 18:08:18 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2009/05/11 18:08:16 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2009/05/11 18:08:16 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2009/05/11 18:08:15 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2009/05/11 18:08:15 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
[2009/05/11 18:08:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
[2009/05/11 18:08:14 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2009/05/11 18:08:13 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
[2009/05/11 18:08:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2009/05/11 18:08:12 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2009/05/11 18:08:11 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/10 21:00:09 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/10/10 20:19:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/10 19:51:52 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 19:51:52 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 18:24:06 | 106,301,110 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/09 19:34:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/09 19:30:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 19:00:00 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/10/09 15:54:11 | 000,000,784 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/09 15:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 15:51:53 | 3081,797,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 15:48:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/09 14:40:43 | 000,372,521 | ---- | M] () -- C:\test.xml
[2011/10/08 17:29:02 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/06 16:12:49 | 000,000,680 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2011/10/06 08:45:11 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/05 17:44:27 | 000,000,236 | ---- | M] () -- C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url
[2011/10/05 15:50:12 | 004,244,631 | R--- | M] (Swearware) -- C:\Users\Dennis\Desktop\username123.exe
[2011/10/05 14:46:21 | 000,000,976 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/10/04 10:10:15 | 000,020,168 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/04 09:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/04 09:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/01 15:03:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/10/01 14:24:46 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 14:06:31 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 12:50:33 | 003,062,855 | ---- | M] () -- C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf
[2011/09/25 14:14:37 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/25 14:14:37 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/25 14:14:37 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/25 13:21:47 | 000,000,170 | ---- | M] () -- C:\Users\Dennis\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url
[2011/09/25 12:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dennis\Desktop\dds.com
[2011/09/25 12:17:35 | 000,406,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/25 12:08:28 | 435,289,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/25 11:13:04 | 000,000,900 | ---- | M] () -- C:\Users\Dennis\Desktop\magicJack.lnk
[2011/09/18 14:56:57 | 000,001,699 | ---- | M] () -- C:\Users\Dennis\Desktop\Notepad.lnk
[2011/09/17 20:34:00 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\Cache.db
[2011/09/14 11:28:51 | 000,000,247 | ---- | M] () -- C:\Users\Dennis\Desktop\ING CHEQUING.url
[2011/09/14 10:50:59 | 000,000,223 | ---- | M] () -- C:\Users\Dennis\Desktop\EI report.url
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/12 14:02:07 | 000,000,214 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/10/09 15:54:00 | 000,000,784 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/05 17:44:27 | 000,000,236 | ---- | C] () -- C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url
[2011/10/05 15:55:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/05 15:55:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/05 15:55:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/05 15:55:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/04 09:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/04 09:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/01 14:24:46 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 14:06:31 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 12:49:49 | 003,062,855 | ---- | C] () -- C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf
[2011/09/25 13:21:47 | 000,000,170 | ---- | C] () -- C:\Users\Dennis\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url
[2011/09/25 12:17:15 | 3081,797,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/18 14:56:57 | 000,001,699 | ---- | C] () -- C:\Users\Dennis\Desktop\Notepad.lnk
[2011/09/14 12:30:13 | 435,289,724 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/14 10:50:59 | 000,000,223 | ---- | C] () -- C:\Users\Dennis\Desktop\EI report.url
[2011/08/02 20:34:45 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0814.old
[2011/04/02 15:46:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/16 20:20:24 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2010/03/16 20:20:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2009/09/28 09:39:56 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2009/09/28 08:47:41 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009/09/04 12:24:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/04 12:22:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/04 12:20:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/11 18:08:20 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2009/05/11 18:08:20 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2009/05/09 21:09:44 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2009/04/11 17:19:01 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2009/02/13 18:34:22 | 000,000,214 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat
[2009/01/31 07:19:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/20 20:21:20 | 000,028,160 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/01 05:18:06 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/08/12 16:22:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/12 14:34:41 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/08/12 14:31:23 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/08/12 14:31:16 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/08/12 14:31:12 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/08/12 13:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F0A6D4E5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52
< End of report >


----------



## dchville (Sep 25, 2011)

OTL Extras logfile created on: 10/10/2011 9:01:18 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Dennis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 41.22% Memory free
5.95 Gb Paging File | 3.49 Gb Available in Paging File | 58.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.78 Gb Total Space | 141.31 Gb Free Space | 63.43% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1765.85 Gb Free Space | 94.78% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E0 00 E8 2E 85 2D CA 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04842AE0-F18E-429C-9998-65BE1D2BE793}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08CAEE4C-ABC8-4839-9C3E-2429731AEB3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{137BF0C1-96E5-4132-98C5-058A4A5C5DE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected]allapi.dll,-28539 | 
"{140F3F9F-0E09-424F-A072-38666B083E46}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2DDA5444-83B0-4203-B027-4137D7563BB0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2E9D05B2-C00A-4638-8328-DC743EDD3E33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3806D2FB-4BF5-4C6C-8432-481C00B998AF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3EDF4937-EAC2-4C70-B23D-CF40B017B8A8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4238EAC1-91FA-4304-ACF2-FDAA308DC2BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{596DCE19-56BF-45A3-94FB-C6C3B57B2558}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5BB59EFE-232C-49DC-94CC-E06399B70352}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{63D71794-A216-473C-B0A3-4983D9D6A8F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75393010-A6A0-42B8-BD41-A3FD88A0991E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AFF75C6-26FA-4CA7-A744-47C1155FE306}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7C30AB10-6698-4A80-8AA1-279759B47780}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{964074C3-5A09-414D-9ED8-DA2D5FB71145}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A7C9EB47-687C-4CAF-9050-FA97103521D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B24DF1F2-2BFE-47D6-A2CB-543C84DF62CD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B4CB1C77-DCC1-4077-88A5-8724F7D4298A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BD099B26-9010-49E3-9C85-8740DB7D84AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D591F636-3307-46BC-A8F5-D81039A28B72}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D7DADAF7-9097-41E1-BAF1-DD8F72141BD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F59F03D3-E4F8-470A-9B85-F345E3F7F7A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E9E532-3FEA-4954-820D-D1B8E69DE522}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe | 
"{05B69E9E-702A-4A33-A591-35E0C83DA358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{081EEA1F-E560-417E-A333-4635F965BFDB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B7B5D4D-CD29-4D69-8D65-E3253E0C0BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{0B94144C-E203-4D08-B34E-DD9AC827A9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{0CE7EF41-71A3-4A4F-B0EC-3A350F8EC2FC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe | 
"{13707FBD-5AE1-445F-ADAE-245008280F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{18DED957-2444-4043-8859-A8EB187F70BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{230EB66E-34C4-476B-83CB-E7A80C003D9E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{24FA1F86-B1F9-4DB7-8249-A0C083B777CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2893A4BE-8300-4CFC-8852-31CF3073625A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{29361307-8FF5-4E0C-9D4F-F5D469F2FC0F}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe | 
"{2FE13412-A9FA-41E8-A38A-9108F3E60F4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{344B9744-1B42-4C5B-A33C-45AF8D7E0205}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe | 
"{35034483-7F81-4A91-9663-DDCC672783BB}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe | 
"{359F75C7-D313-4A11-9970-590A0AFED25B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{3B89465D-778F-403C-96FC-4AE6CAAC5EAC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe | 
"{42B02637-3076-41CC-94A7-8BE2A3C16FB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45B25F6F-3260-4EF9-8030-AEB90D615C22}" = protocol=58 | dir=out | [email protected],-28546 | 
"{4633FC4A-84C1-4917-B6AB-6F4CC66E35FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4664E469-7692-451F-8092-49983E162E77}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe | 
"{46BC7873-329C-4661-BEFA-FC62BC3FAF6C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe | 
"{46E59C58-CCE6-4A82-B262-512053B333D3}" = protocol=1 | dir=out | [email protected],-28544 | 
"{4B6E5BFC-4707-49DC-A4C3-ED2A5DBB1D48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{4BC81EFC-5541-4268-9A05-D082113BDB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe | 
"{52ABE3CA-70B7-4784-9F71-81F97835D285}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{56B66B46-8B06-41B2-A601-E893ED25FB58}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{5AA300EB-664F-4E95-9551-45116C826351}" = protocol=58 | dir=in | [email protected],-28545 | 
"{5F57BEF7-859D-47F3-878D-1D519E2F3027}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{61FCF4F1-B8B9-4228-AEF2-5468AC8E200C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{65441565-C2AE-4D81-8284-447A90E6E3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{67FD8867-036C-4FF9-B5C2-D69FA9F76D3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6A6B62C3-C3DE-48F3-9171-9074C782BF35}" = protocol=6 | dir=out | app=system | 
"{6C1B0C9A-FFBF-4A89-BC1B-BE6E8FB4A930}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe | 
"{6C4DCE5C-A7D4-45CB-AE0C-947D82350612}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe | 
"{758D9BE2-261D-43FD-95C9-D59FB821D3AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{797DC8F5-ED63-45AF-B952-DA8B5BCEEF4D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{7BA84A06-2995-4E8A-9870-972AAD6DA2B7}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{7CAB650B-6A29-430B-96DD-0B102D991A04}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe | 
"{7DA830FA-4D37-4AEE-B7CB-C7EA8A36997B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{8054F137-B7C1-4C79-BD39-CA91F92A3F65}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe | 
"{818C369F-70BC-4FBD-94C6-5F99FB3CBCE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{865F54D8-E1B9-4682-B9BB-B4695B140D85}" = protocol=1 | dir=in | [email protected],-28543 | 
"{899BFB47-C5C8-453B-8363-BB6CDCE4CC0D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe | 
"{8B78F35B-301A-41B3-8BBA-19AFF0370F74}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe | 
"{8C02D78F-C6BA-4EE7-AB07-766C8840B3B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F8C4729-F76E-44C3-A6C8-C0B00B5F4DDC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
"{A4B35243-9948-4FB2-BD01-2460DDBFD2C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A689C3F0-40FB-4735-A962-45780BBE57B1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A9A23C7E-3D74-4083-8B99-849A7B143AEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{B1F8E2B9-0FC3-40D0-8F44-0896B2370E71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B99E6678-1123-4258-AA5C-FF1DA5A3AEBD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
"{B9D1CD24-DEED-49ED-BE9D-98B449E9DDCB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe | 
"{BBA07541-D69F-4076-BD6A-AC67CE79DB84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{BD2DBE3D-9913-4290-A6F1-91F6EA69719A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE0FB030-AFE1-44A6-B22A-12760944423D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{C00CC7CF-4152-4CEA-8CF6-7CA8D824C2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{C0A22871-7FB5-40FF-A987-A6F2C81E7E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{C63BC407-3FAC-488C-9AE3-60AF45125BBE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CE105AFF-27CB-4068-9063-291D0E96FD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe | 
"{CF9F0634-C055-4A5C-874C-53A448D007C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3287DC7-78D9-410E-A056-CCE01D28CD0D}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe | 
"{D85562F7-EF50-4190-881B-59EFE52223FE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DB176A04-F1ED-47E5-A426-F9BC90C99E74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{E2DE8B83-91E6-4E6E-80B7-3F53BF4A1CE6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{EE03BFDE-54A6-42FB-AF69-F79D8C85CAD2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe | 
"{F6304030-DBC0-49E6-960C-CE9DE49E1410}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe | 
"{F9992801-97E4-481B-BFD9-34C95591C8F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"TCP Query User{09CEF813-8740-4ADD-BF9D-F4DB85C08DC9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{2D2DF65B-E821-4EF5-8235-5C71D4DF3FE0}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
"TCP Query User{309AAA1E-D7A0-44F1-83F6-7E49486BBD85}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
"TCP Query User{49D29E90-8EEA-4832-A050-A01B5C80A014}C:\program files\sony\vaio care\vaiocare.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe | 
"TCP Query User{4E70EE84-FA8F-4CE5-B042-66C2466B1EE8}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
"TCP Query User{522B2ACD-83F1-421E-877B-A5DBDAC0D48D}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
"TCP Query User{88994CFA-0920-4DC8-B5DF-F8772FBFC182}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{962E6688-F553-41FC-B1DF-029B0DFF7060}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
"TCP Query User{B8961D23-1D69-476D-81C1-DEB4BFF4A938}C:\program files\sony\vaio care\vaiocare.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe | 
"TCP Query User{E5CB11AF-8D95-45CE-B7B2-C0AFD540618D}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
"TCP Query User{F9468BFB-038E-44AF-A45C-C59C45AE36F8}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
"UDP Query User{0383E52B-94D6-4B29-8AFB-F149741418A1}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
"UDP Query User{2B13D306-E0A3-464A-A6D8-D568F7905807}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{378A92AA-FCA8-4551-B6E0-03A5AA217F70}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
"UDP Query User{6B2DB2F7-3164-491E-BAF9-B999D068AFFC}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
"UDP Query User{70EB9ACE-25AC-4088-947D-21EBF7FF8B82}C:\program files\sony\vaio care\vaiocare.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe | 
"UDP Query User{735A2BD2-5DAF-4C8B-8411-D303221C75E2}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
"UDP Query User{86CF9D17-0A71-446F-8696-8210B8339AB6}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
"UDP Query User{8799BC95-EF5D-40B4-877A-33E2C50F8430}C:\program files\sony\vaio care\vaiocare.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe | 
"UDP Query User{8AC012BF-335A-4DF4-9634-1426E34A66D5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{DAD2D28C-7B25-4A17-85A8-8E54490919CD}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
"UDP Query User{DFD58812-5A28-4B14-95F1-FE831EA3206E}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5349A735-7482-406F-9FE4-3BB24608479D}" = AVG 2012
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4500
"{ED5E169E-490F-4F4C-B2BB-C89D510FA595}" = AVG 2012
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SP6" = Logitech SetPoint 6.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B27EB8B-3AA6-438F-BCB0-719CE2C52E32}" = VAIO Content Metadata XML Interface Library
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4314FCA1-7D0D-45E7-B115-C142466BC60A}" = VAIO Content Metadata Manager Setting
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09A5851-B293-465E-A9FE-DFC11E0F4586}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WMA Workshop_is1" = Advanced WMA Workshop version 2.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"TomTom HOME" = TomTom HOME 2.7.5.2014
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2010 2:52:03 PM | Computer Name = Dennis-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 25/10/2010 3:31:33 PM | Computer Name = Dennis-PC | Source = Perflib | ID = 1023
Description =

Error - 25/10/2010 3:31:33 PM | Computer Name = Dennis-PC | Source = Perflib | ID = 1008
Description =

Error - 25/10/2010 3:31:33 PM | Computer Name = Dennis-PC | Source = Perflib | ID = 1023
Description =

Error - 25/10/2010 3:33:46 PM | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1760 Start Time: 01cb7472ebecf5a0 Termination Time: 19

Error - 25/10/2010 7:39:55 PM | Computer Name = Dennis-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 25/10/2010 7:39:55 PM | Computer Name = Dennis-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 26/10/2010 11:12:14 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application EvtEng.exe, version 12.0.0.0, time stamp 0x48193707,
faulting module EvtEng.exe, version 12.0.0.0, time stamp 0x48193707, exception 
code 0x40000015, fault offset 0x000000000008dfbe, process id 0x9f4, application start
time 0x01cb75202b7a8d01.

Error - 26/10/2010 11:12:20 AM | Computer Name = Dennis-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 26/10/2010 11:12:23 AM | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 03/03/2009 4:37:48 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 24/03/2009 1:29:06 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 06/06/2009 5:39:25 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:52:08 PM | Computer Name = Dennis-PC | Source = HTTP | ID = 15021
Description =

Error - 09/10/2011 3:53:17 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/10/2011 3:53:29 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >


----------



## dchville (Sep 25, 2011)

WOW thats a lot of info... hope it tells you something... I wouldn't know where to start...LOL


----------



## dchville (Sep 25, 2011)

I was just thinking about the help you are so graciously giving me and it dawned on me that it may help if I am online at the same time you are. I know you are a busy guy and I don't want you to think I am rushing you. 
You seem to be on in the late evening your time. There is a 5 hour difference according to my world clock. I will try to log in around that time. If it makes no difference to you that's ok it is just an idea... I believe it's 6:30am your time right now so you have a good morning...lol..


----------



## eddie5659 (Mar 19, 2001)

Its okay about the time difference, as I also work overtime a few days a week, so can't guarantee the time I'll be here 

Okay, first of all, your Java is out of date, so lets sort that to begin with:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Now, go *here* and download the latest Java Version.

---

Uninstall this program because its not needed or are outdated or are dangerous to use.

If it can't be installed, let me know. We can look it later 

Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

*Registry Mechanic*

----

Do you use this website:

www.iwon.com

If so, that okay, but if not, we'll remove that after you've done the rest of this post 

-----

We have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are not all legit, but we try and compile a list of good/bad, to help everyone 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysNative\DRIVERS\risdsn64.sys
C:\Windows\SysNative\DRIVERS\rimssn64.sys
C:\Windows\RAVCpl64.exe
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{038E2507-7A48-41E2-94AD-7F23D199AF4E} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49E67060-2C0D-415E-94C7-52A49F73B2F1} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D40F5876-A494-4124-8161-82625BB28C06} /sub
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---------------

After doing all the above, can you then do this:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011/06/25 12:30:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
O2 - BHO: (Reg Error: Value error.) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files (x86)\stopzilla!\sziebho.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay Search - res://C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/M.../armhelper.ocx (Reg Error: Key error.)
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/10/09 15:54:11 | 000,000,784 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/05 14:46:21 | 000,000,976 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F0A6D4E5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

============

eddie


----------



## dchville (Sep 25, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 11:09 on 13/10/2011 by Dennis
Administrator - Elevation successful
========== file ==========
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe - File found and opened.
MD5: B0C84CEA4FE07231BA87A054AF95984D
Created at 21:18 on 12/08/2008
Modified at 00:45 on 29/07/2008
Size: 100472 bytes
Attributes: --a----
FileDescription: VAIO Event Service(Service Sub Module)
FileVersion: 2.3.00.03190
ProductVersion: 2.3.00
OriginalFilename: VESMgrS.exe
InternalName: VESMgrS.exe
ProductName: VAIO Event Service
CompanyName: Sony Corporation
LegalCopyright: Copyright 2004,2005,2006 Sony Corp.
C:\Windows\SysNative\DRIVERS\risdsn64.sys - Unable to find/read file.
C:\Windows\SysNative\DRIVERS\rimssn64.sys - Unable to find/read file.
C:\Windows\RAVCpl64.exe - File found and opened.
MD5: D7E27622F761DC5101C73AE76D1EFDF3
Created at 20:09 on 12/08/2008
Modified at 12:17 on 15/07/2008
Size: 6453760 bytes
Attributes: --a----
FileDescription: HD Audio Control Panel
FileVersion: 1, 0, 0, 206
ProductVersion: 1, 0, 0, 206
OriginalFilename: RtHDVCpl.exe
InternalName: RtHDVCpl.exe
ProductName: HD Audio Control Panel
CompanyName: Realtek Semiconductor
LegalCopyright: 2008 (c) Realtek Semiconductor. All rights reserved.
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{038E2507-7A48-41E2-94AD-7F23D199AF4E}]
(Unable to open key - key not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49E67060-2C0D-415E-94C7-52A49F73B2F1}]
(Unable to open key - key not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}]
(Unable to open key - key not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D40F5876-A494-4124-8161-82625BB28C06}]
(Unable to open key - key not found)
-= EOF =-


----------



## dchville (Sep 25, 2011)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay Search\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program Files  not found.
Starting removal of ActiveX control {CC450D71-CC90-424C-8638-1F2DBAC87A54}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Windows\SysNative\drivers\kgpcpy.cfg moved successfully.
C:\Windows\SysWOW64\drivers\kgpfr2.cfg moved successfully.
ADS C:\ProgramData\TEMP:52B72A7C deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP1B5B4F1 .
ADS C:\ProgramData\TEMP:F0A6D4E5 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
ADS C:\ProgramData\TEMP:AFFC859A deleted successfully.
ADS C:\ProgramData\TEMP:57DC3B52 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dennis\Desktop\cmd.bat deleted successfully.
C:\Users\Dennis\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 1635445 bytes
->Temporary Internet Files folder emptied: 66228162 bytes
->Java cache emptied: 24020 bytes
->FireFox cache emptied: 44859482 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 59542 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 472808 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16222609 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dennis
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.29.1 log created on 10132011_111256
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1YEMTW5\1019312-microsoft-tech-says-i-need-2[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...


----------



## dchville (Sep 25, 2011)

I'm not sure what you mean by..."uninstall this program because its not needed or are outdated or are dangerous to use"
What program do you mean?
Yes I do visit iwon.com it is my home page and I like the crosswords. I also chat and play games against my Mom on there.
should I remove all the programs you had me put on my desktop?
Also I take it you don't like "Registry Mechanic".
What do you think of "Stopzilla". It is supposed to scan and remove malicious software.


----------



## eddie5659 (Mar 19, 2001)

With regards to the program to uninstall, it was Registry Mechanic. They're not advised to be used, as they can cause problems in the registry, as some people delete all that is found, without creating backups etc. But, its up to you if you want to keep it, its not malware 

iwon is fine, we can leave that alone 

Don't remove the tools we're using yet, until its all clear. Then, we'll remove them very easily, as the cleanup for the tools involves removing the folders etc they create.

Stopzilla is fine 

---

Open HijackThis, click Config, click Misc ToolsClick "*Open Uninstall Manager*"Click "Save List" (generates *uninstall_list.txt*)Click Save, copy and paste the results in your next post.

eddie


----------



## dchville (Sep 25, 2011)

I removed malwarebytes cause the free trial expired. I also removed the logs from my desktop.

ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Advanced WMA Workshop version 2.3
ArcSoft Magic-i Visual Effects
ArcSoft WebCam Companion 2
Click to Disc
Click to Disc Editor
Coby Media Manager
D3DX10
eReg
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java(TM) 6 Update 27
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Music Transfer
OpenMG Secure Module 5.1.00
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 10.0
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Segoe UI
Setting Utility Series
SmartWi Connection Utility
Sony Picture Utility
Sony Video Shared Library
STOPzilla
SupportSoft Assisted Service
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VAIO Care
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VAIO Wireless Wizard
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinDVD for VAIO


----------



## eddie5659 (Mar 19, 2001)

Oki doki 

Can you go to AddRemove Programs via the Control Panel, and uninstall these:

*Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6*

As they're the older versions.

Can you also delete the copy of ComboFix that you, and see if a fresh download will work this time:

http://forums.techguy.org/8101089-post20.html

If it still has problems, we'll look at something else, but its looking a lot better


----------



## dchville (Sep 25, 2011)

WOW that took well over an hour....

ComboFix 11-10-17.02 - Dennis 18/10/2011 0:51.1.2 - x64
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2938.1164 [GMT -4:00]
Running from: c:\users\Dennis\Desktop\username123.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Dennis\AppData\Roaming\screensaver_Beach.scr
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 05:13 . 2011-10-18 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-13 15:12 . 2011-10-13 15:12 -------- d-----w- C:\_OTL
2011-10-12 12:22 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 12:21 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 12:21 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 12:21 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 12:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-12 12:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 12:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 12:21 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 12:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-12 12:18 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 12:18 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 12:17 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 12:17 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 12:17 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 12:17 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 12:17 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 12:17 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 12:17 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 12:17 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-08 21:29 . 2011-10-08 21:29 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-05 20:10 . 2011-10-06 15:06 -------- d-----w- C:\username123
2011-10-05 17:59 . 2011-10-05 17:59 -------- d-----w- C:\ERDNT
2011-10-05 17:59 . 2011-10-05 17:59 -------- d-----w- c:\windows\ERUNT
2011-10-05 17:58 . 2011-10-05 17:58 -------- d-----w- C:\!FixIEDef
2011-10-04 13:48 . 2011-10-04 13:48 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-10-04 13:32 . 2011-10-06 12:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-10-01 18:25 . 2011-10-01 18:25 -------- d-----w- c:\users\Dennis\AppData\Roaming\SUPERAntiSpyware.com
2011-10-01 18:24 . 2011-10-14 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-01 18:24 . 2011-10-01 18:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-28 18:06 . 2011-09-28 18:06 -------- d-----w- c:\users\Dennis\AppData\Roaming\Malwarebytes
2011-09-28 18:06 . 2011-09-28 18:06 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 18:06 . 2011-10-14 18:46 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-09-28 18:06 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-03 21:21 . 2011-07-10 00:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 10:08 . 2011-08-08 10:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-20 13:44 . 2011-08-03 01:46 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{697B769D-3B5D-48F7-B0E3-8D2B69956B66}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-04 13:48 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-04 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"cdloader"="c:\users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"VMpTtray.exe"="c:\program files (x86)\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-25 86016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-14 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-23 274608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-07-10 112600]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-10-04 218440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...U1UzKzEtVFVHKzMtRERUKzA&prod=90&ver=10.0.1390" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9baeae8275840;Google Update Service (gupdate1c9baeae8275840);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 03:13]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:17]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
"Skytel"="Skytel.exe" [2008-07-15 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.iwon.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-18 01:39:42
ComboFix-quarantined-files.txt 2011-10-18 05:39
.
Pre-Run: 152,117,952,512 bytes free
Post-Run: 151,480,139,776 bytes free
.
- - End Of File - - DDD5208377D00C70D98931B7C3A2924D


----------



## eddie5659 (Mar 19, 2001)

It can take a long time to scan, sometimes it can even take longer, depending on what the person has 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Also, post a fresh HijackThis log.

eddie


----------



## dchville (Sep 25, 2011)

ComboFix 11-10-19.06 - Dennis 19/10/2011 18:00:50.2.2 - x64
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2938.1349 [GMT -4:00]
Running from: c:\users\Dennis\Desktop\username123.exe
Command switches used :: c:\users\Dennis\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 22:13 . 2011-10-19 22:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-19 22:13 . 2011-10-19 22:13 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-10-19 22:13 . 2011-10-19 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-13 15:12 . 2011-10-13 15:12 -------- d-----w- C:\_OTL
2011-10-12 12:22 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 12:21 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 12:21 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 12:21 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 12:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-12 12:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 12:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 12:21 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 12:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-12 12:18 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 12:18 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 12:17 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 12:17 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 12:17 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 12:17 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 12:17 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 12:17 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 12:17 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 12:17 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-08 21:29 . 2011-10-08 21:29 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-05 20:10 . 2011-10-06 15:06 -------- d-----w- C:\username123
2011-10-05 17:59 . 2011-10-05 17:59 -------- d-----w- C:\ERDNT
2011-10-05 17:59 . 2011-10-05 17:59 -------- d-----w- c:\windows\ERUNT
2011-10-05 17:58 . 2011-10-05 17:58 -------- d-----w- C:\!FixIEDef
2011-10-04 13:48 . 2011-10-04 13:48 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-10-04 13:32 . 2011-10-06 12:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-10-01 18:25 . 2011-10-01 18:25 -------- d-----w- c:\users\Dennis\AppData\Roaming\SUPERAntiSpyware.com
2011-10-01 18:24 . 2011-10-18 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-01 18:24 . 2011-10-01 18:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-28 18:06 . 2011-09-28 18:06 -------- d-----w- c:\users\Dennis\AppData\Roaming\Malwarebytes
2011-09-28 18:06 . 2011-09-28 18:06 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 18:06 . 2011-10-14 18:46 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-09-28 18:06 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-03 21:21 . 2011-07-10 00:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 10:08 . 2011-08-08 10:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((( [email protected]_05.15.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-10-14 22:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-10-18 18:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-10-18 18:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-14 22:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-01 08:39 . 2011-10-18 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-01 08:39 . 2011-10-19 20:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-13 15:42 . 2011-10-18 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-13 15:42 . 2011-10-19 20:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-01 08:39 . 2011-10-19 20:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-01 08:39 . 2011-10-18 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-18 18:12 . 2011-10-18 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-14 22:57 . 2011-10-14 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 18:12 . 2011-10-18 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-14 22:57 . 2011-10-14 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2011-10-18 18:13 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-14 22:58 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-11 15:35 . 2011-10-18 18:09 395448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-11 15:35 . 2011-10-14 22:55 395448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-11 05:40 . 2011-10-18 18:09 6182424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-11 05:40 . 2011-10-14 22:55 6182424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-11 15:35 . 2011-10-14 22:55 3139348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3438210978-1716780341-3628978143-1000-8192.dat
+ 2010-10-11 15:35 . 2011-10-18 05:46 3139348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3438210978-1716780341-3628978143-1000-8192.dat
+ 2011-10-18 13:08 . 2011-10-18 13:08 2827264 c:\windows\Installer\193b901.msi
- 2011-04-01 18:08 . 2011-10-14 22:55 25607400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3438210978-1716780341-3628978143-1000-4096.dat
+ 2011-04-01 18:08 . 2011-10-18 18:09 25607400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3438210978-1716780341-3628978143-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-04 13:48 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-04 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"cdloader"="c:\users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"VMpTtray.exe"="c:\program files (x86)\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-25 86016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-23 274608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-07-10 112600]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-10-04 218440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...U1UzKzEtVFVHKzMtRERUKzA&prod=90&ver=10.0.1390" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9baeae8275840;Google Update Service (gupdate1c9baeae8275840);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-06-12 107808]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-15 139808]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-07 407392]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 119296]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 03:13]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:17]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
"Skytel"="Skytel.exe" [2008-07-15 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.iwon.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-10-19 18:37:58
ComboFix-quarantined-files.txt 2011-10-19 22:37
ComboFix2.txt 2011-10-18 05:39
.
Pre-Run: 151,494,475,776 bytes free
Post-Run: 151,888,293,888 bytes free
.
- - End Of File - - 8E2EA1A9469069E6643DC74EA8405EF3


----------



## dchville (Sep 25, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:41:19 PM, on 19/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Users\Dennis\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...KzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9baeae8275840) (gupdate1c9baeae8275840) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 17321 bytes


----------



## eddie5659 (Mar 19, 2001)

Okay, its looking a lot better, but there is just a file I want to check out.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\BDTSupport.dll0814.old
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

--------------


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\BDTSupport.dll0814.old*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

eddie


----------



## dchville (Sep 25, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 11:38 on 22/10/2011 by Dennis
Administrator - Elevation successful
========== file ==========
C:\Windows\BDTSupport.dll0814.old - File found and opened.
MD5: 99CF88C362173ADAF5EFFF164A686EF0
Created at 00:34 on 03/08/2011
Modified at 19:36 on 01/07/2011
Size: 767952 bytes
Attributes: --a----
No version information available.
-= EOF =-


----------



## dchville (Sep 25, 2011)

VirSCAN.org will not let me paste in the box???? When I click "browse' and do a search for the file I can't find it anywhere???? And I can't type in the box either.


----------



## dchville (Sep 25, 2011)

I got the file in there and clicked upload... I got an error message "returned status code 403 forbidden"


----------



## eddie5659 (Mar 19, 2001)

It looks like its part of PC Tools, from the SystemLookup scan, so its okay 

Okay, looks like we're nearly done, but if you can just do these to triple-check, that would be great 

---------

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC Now* button. 
A new window will open...click the *Scan Now* button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) 
If it wants to run an AddOn component allow it.
It should now start scanning.
When the scan completes, if anything malicious is detected, click the *See Report* button, then Save Report by clicking on *Export To icon* and save it to a convenient location. Post the contents of the ActiveScan report.

-----------

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## dchville (Sep 25, 2011)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-10-24 17:19:45
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2012 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\microsoft\windows\cookies\low\53e3mhho.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\microsoft\windows\cookies\low\cujgzkav.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\microsoft\windows\cookies\low\rghzjvh8.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.mediaplex.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\microsoft\windows\cookies\low\hkzp3za8.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.bs.serving-sys.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.advertising.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\microsoft\windows\cookies\low\pdh4ltyt.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.questionmarket.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\dennis\appdata\roaming\mozillacontrol\profiles\mozillacontrol\aziz2vfs.slt\cookies.txt[.bluestreak.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


----------



## dchville (Sep 25, 2011)

I tried to attach the log????


```
OTS logfile created on: 24/10/2011 5:24:49 PM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\Dennis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.78 Gb Total Space | 142.21 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DENNIS-PC
Current User Name: Dennis
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2011/10/24 17:21:53 | 000,646,144 | ---- | M] (OldTimer Tools)
vprot.exe -> C:\Program Files (x86)\AVG Secure Search\vprot.exe -> [2011/10/04 09:48:51 | 000,218,440 | ---- | M] ()
avgtray.exe -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe -> [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgidsagent.exe -> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -> [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.)
flashutil10w_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -> [2011/09/03 17:21:23 | 000,243,360 | ---- | M] (Adobe Systems, Inc.)
toolbarupdater.exe -> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -> [2011/09/03 11:46:28 | 000,246,600 | ---- | M] ()
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
ssdmonitor.exe -> C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe -> [2011/07/09 21:59:37 | 000,112,600 | ---- | M] (PC Tools)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
startmansvc.exe -> C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -> [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools)
htcupctloader.exe -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -> [2011/01/27 18:57:48 | 000,585,728 | ---- | M] ()
realsched.exe -> C:\Program Files (x86)\real\realplayer\Update\realsched.exe -> [2010/12/23 17:05:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
passthrusvr.exe -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2010/09/16 14:06:22 | 000,080,896 | ---- | M] ()
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom)
googlequicksearchbox.exe -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/08/28 08:49:09 | 000,122,368 | ---- | M] (Google Inc.)
vesmgr.exe -> C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -> [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation)
vesmgrsub.exe -> C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe -> [2008/07/28 20:45:42 | 000,100,472 | ---- | M] (Sony Corporation)
vcfw.exe -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -> [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation)
vcsw.exe -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation)
ezprint.exe -> C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe -> [2008/06/13 12:04:03 | 000,107,176 | ---- | M] (Lexmark International Inc.)
lxdxmon.exe -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe -> [2008/06/13 12:04:01 | 000,668,328 | ---- | M] ()
vcmialzmgr.exe -> C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -> [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation)
vmpttray.exe -> C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe -> [2008/05/24 22:01:16 | 000,086,016 | ---- | M] (Sony Corporation)
vzcdbsvc.exe -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation)
sohdms.exe -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -> [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation)
sohcimp.exe -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -> [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation)
sohds.exe -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -> [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation)
autolaunchwlasu.exe -> C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe -> [2008/05/20 16:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.)
isbmgr.exe -> C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe -> [2008/04/03 23:03:38 | 000,317,280 | ---- | M] (Sony Corporation)
ucammonitor.exe -> C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -> [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.)
iviregmgr.exe -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo)
 
[Modules - No Company Name]
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll -> [2011/10/13 03:49:18 | 012,430,848 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll -> [2011/10/13 03:49:08 | 001,587,200 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll -> [2011/10/13 03:47:57 | 007,950,848 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll -> [2011/10/13 03:47:51 | 011,490,816 | ---- | M] ()
vprot.exe -> C:\Program Files (x86)\AVG Secure Search\vprot.exe -> [2011/10/04 09:48:51 | 000,218,440 | ---- | M] ()
rlz.dll -> C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll -> [2011/08/17 16:30:20 | 000,103,424 | ---- | M] ()
sqlite3.dll -> C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll -> [2011/01/27 18:57:50 | 000,516,599 | ---- | M] ()
htcupctloader.exe -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -> [2011/01/27 18:57:48 | 000,585,728 | ---- | M] ()
htcdetect.dll -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll -> [2011/01/27 18:57:48 | 000,352,256 | ---- | M] ()
htcdisk.dll -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll -> [2011/01/27 18:57:48 | 000,139,264 | ---- | M] ()
htcdetectlegend.dll -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll -> [2011/01/27 18:57:48 | 000,139,264 | ---- | M] ()
fdhttpd.dll -> C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll -> [2011/01/27 18:57:46 | 000,094,208 | ---- | M] ()
vesbaseps.dll -> C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll -> [2008/07/28 20:45:44 | 000,010,752 | ---- | M] ()
lxdxmon.exe -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe -> [2008/06/13 12:04:01 | 000,668,328 | ---- | M] ()
lxdxcaps.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll -> [2008/06/13 11:11:51 | 000,081,920 | ---- | M] ()
lxdxscw.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll -> [2008/06/13 11:11:44 | 000,380,928 | ---- | M] ()
lxdxdrs.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll -> [2008/06/13 11:11:43 | 000,782,336 | ---- | M] ()
iptk.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll -> [2008/06/13 11:10:18 | 000,364,544 | ---- | M] ()
lxdxdatr.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll -> [2008/06/13 11:03:08 | 000,589,824 | ---- | M] ()
lxdxcnv4.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll -> [2008/06/13 11:03:03 | 000,069,632 | ---- | M] ()
lxdxcats.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll -> [2008/02/27 20:02:10 | 000,073,728 | ---- | M] ()
lxdxptp.dll -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll -> [2007/09/06 14:11:34 | 000,151,552 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
64bit-(LBTServ)  [On_Demand | Stopped] -> C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -> [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.)
64bit-(WDBtnMgrSvc.exe)  [Auto | Running] -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2009/06/26 16:56:50 | 000,119,296 | ---- | M] (WDC)
64bit-(SampleCollector)  [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Care\collsvc.exe -> [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation)
64bit-(VAIO Power Management)  [Auto | Running] -> C:\Program Files\Sony\VAIO Power Management\SPMService.exe -> [2008/08/06 21:06:48 | 000,407,392 | ---- | M] (Sony Corporation)
64bit-(VcmIAlzMgr)  [On_Demand | Running] -> C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -> [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation)
64bit-(VcmXmlIfHelper)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -> [2008/06/12 02:10:46 | 000,107,808 | ---- | M] (Sony Corporation)
64bit-(EvtEng)  [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/04/30 23:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation)
64bit-(RegSrvc)  [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/04/30 22:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation)
64bit-(XAudioService)  [Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.exe -> [2008/04/27 20:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.)
64bit-(lxdx_device)  [Auto | Running] -> C:\Windows\SysNative\lxdxcoms.exe -> [2008/02/27 20:53:31 | 001,044,648 | ---- | M] ( )
64bit-(WinDefend)  [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)
(AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -> [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.)
(vToolbarUpdater) vToolbarUpdater [Auto | Running] -> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -> [2011/09/03 11:46:28 | 000,246,600 | ---- | M] ()
(avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
(PCToolsSSDMonitorSvc) PC Tools Startup and Shutdown Monitor service [Auto | Running] -> C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -> [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools)
(PassThru Service) Internet Pass-Through Service [Auto | Running] -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2010/09/16 14:06:22 | 000,080,896 | ---- | M] ()
(TomTomHOMEService) TomTomHOMEService [Auto | Running] -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation)
(VAIO Event Service) VAIO Event Service [Auto | Running] -> C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -> [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation)
(RtkAudioService) Realtek Audio Service [Auto | Running] -> C:\Windows\RTKAUDIOSERVICE.EXE -> [2008/07/15 08:17:50 | 000,139,808 | ---- | M] (Realtek Semiconductor)
(VCFw) VAIO Content Folder Watcher [Auto | Running] -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -> [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation)
(Vcsw) VAIO Entertainment UPnP Client Adapter [On_Demand | Running] -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation)
(VzCdbSvc) VAIO Entertainment Database Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation)
(VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -> [2008/05/22 17:21:44 | 000,073,728 | ---- | M] (Sony Corporation)
(SOHDms) VAIO Media plus Digital Media Server [Auto | Running] -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -> [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation)
(SOHCImp) VAIO Media plus Content Importer [Auto | Running] -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -> [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation)
(SOHDs) VAIO Media plus Device Searcher [Auto | Running] -> C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -> [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation)
(SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2008/05/20 04:51:34 | 000,077,824 | ---- | M] (Sony Corporation)
(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2008/05/20 04:49:04 | 000,053,248 | ---- | M] (Sony Corporation)
(PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2008/05/20 04:29:06 | 000,053,248 | ---- | M] (Sony Corporation)
(uCamMonitor) CamMonitor [Auto | Running] -> C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -> [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.)
(lxdx_device) lxdx_device [Auto | Running] -> C:\Windows\SysWow64\lxdxcoms.exe -> [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( )
(IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo)
 
[Driver Services - Safe List]
64bit-(Avgrkx64) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\SysNative\DRIVERS\avgrkx64.sys -> [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgmfx64) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\avgmfx64.sys -> [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(Avgtdia) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\avgtdia.sys -> [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -> [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -> [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -> [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(Avgldx64) AVG AVI Loader Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\avgldx64.sys -> [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\fssfltr.sys -> [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation)
64bit-(htcnprot) HTC NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\htcnprot.sys -> [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -> [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -> [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.)
64bit-(LHidEqd) Logitech SetPoint Unifying KMDF HID Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -> [2010/03/18 04:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.)
64bit-(LEqdUsb) Logitech SetPoint Unifying KMDF USB Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -> [2010/03/18 04:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation)
64bit-(HTCAND64) HTC Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -> [2009/06/10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation)
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wdcsam64.sys -> [2009/04/24 10:32:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usb8023x.sys -> [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation)
64bit-(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2008/08/08 20:11:11 | 000,126,976 | ---- | M] (Intel(R) Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\igdkmd64.sys -> [2008/08/08 20:10:43 | 007,907,872 | ---- | M] (Intel Corporation)
64bit-(btwrchid) btwrchid [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\btwrchid.sys -> [2008/08/08 20:09:04 | 000,021,032 | ---- | M] (Broadcom Corporation.)
64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2008/08/08 20:09:03 | 000,132,136 | ---- | M] (Broadcom Corporation.)
64bit-(btwaudio) Bluetooth Audio Device Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2008/08/08 20:09:03 | 000,095,272 | ---- | M] (Broadcom Corporation.)
64bit-(btwl2cap) Bluetooth L2CAP Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\btwl2cap.sys -> [2008/08/08 20:08:35 | 000,036,392 | ---- | M] (Broadcom Corporation.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2008/08/07 20:20:32 | 004,598,784 | ---- | M] (ATI Technologies Inc.)
64bit-(RTHDMIAzAudService) Service for HDMI [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtHDMIVX.sys -> [2008/08/01 20:02:36 | 000,176,928 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Apfiltr.sys -> [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.)
64bit-(risdptsk) risdptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\risdsn64.sys -> [2008/07/17 20:02:44 | 000,064,512 | ---- | M] (REDC)
64bit-(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rimssn64.sys -> [2008/06/25 20:13:33 | 000,085,504 | ---- | M] (REDC)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wimfltr.sys -> [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\iaStor.sys -> [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation)
64bit-(NETw5v64) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NETw5v64.sys -> [2008/04/28 09:38:12 | 004,730,368 | ---- | M] (Intel Corporation)
64bit-(yukonx64) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\yk60x64.sys -> [2008/04/27 20:00:52 | 000,391,680 | ---- | M] (Marvell)
64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.sys -> [2008/04/27 20:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.)
64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2008/04/27 20:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.)
64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2008/04/27 20:00:35 | 000,017,024 | ---- | M] (Conexant)
64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2008/04/27 20:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.)
64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2008/04/27 20:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2008/04/08 06:00:00 | 000,055,024 | ---- | M] (Sonic Solutions)
64bit-(SFEP) Sony Firmware Extension Parser [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SFEP.sys -> [2008/03/10 07:01:26 | 000,011,392 | ---- | M] (Sony Corporation)
64bit-(ArcSoftKsUFilter) ArcSoft Magic-I Visual Effect [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -> [2008/01/30 20:33:30 | 000,019,456 | ---- | M] (ArcSoft, Inc.)
64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.)
64bit-(sdbus) sdbus [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation)
(DMICall) Sony DMI Call service [Kernel | System | Stopped] -> C:\Windows\SysWow64\drivers\DMICall.sys -> [2008/07/11 19:42:58 | 000,010,216 | ---- | M] (Sony Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.iwon.com/[/URL] -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-ca -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 21 58 EF 7D 40 6A CA 01  [binary data] -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\1tj91kcf.default\prefs.js -> 
browser.startup.homepage -> "[URL]http://www.iwon.com/[/URL]" ->
network.proxy.type -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/12/23 17:06:36 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} -> C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\ [C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\] -> [2011/10/06 08:45:11 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions -> [2011/05/19 13:14:54 | 000,000,000 | ---D | M]
  -> C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions -> [2011/09/03 11:46:36 | 000,000,000 | ---D | M]
  -> C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions\[email protected] -> [2011/09/03 11:46:36 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/10/18 01:14:13 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [AVG Safe Search] -> [2011/09/27 21:36:14 | 003,044,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2011/08/17 16:23:50 | 000,410,288 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/12/23 17:06:35 | 000,382,720 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [AVG Safe Search] -> [2011/09/27 21:36:14 | 002,179,936 | ---- | M] (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2011/09/22 15:41:58 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.)
{95B7759C-8C7F-4BF1-B163-73684A933233} [HKLM] -> C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [AVG Security Toolbar] -> [2011/10/04 09:48:50 | 001,451,336 | ---- | M] ()
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2011/08/17 16:23:50 | 000,410,288 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKLM] -> C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [AVG Security Toolbar] -> [2011/10/04 09:48:50 | 001,451,336 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2011/08/17 16:23:50 | 000,410,288 | ---- | M] (Google Inc.)
WebBrowser\\"{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2008/07/17 20:05:52 | 000,152,576 | ---- | M] (Alps Electric Co., Ltd.)
"EvtMgr6" -> C:\Program Files\Logitech\SetPointP\SetPoint.exe [C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming] -> [2010/05/18 16:37:26 | 001,609,296 | ---- | M] (Logitech, Inc.)
"EzPrint" -> C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe ["C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"] -> [2008/06/13 12:04:03 | 000,107,176 | ---- | M] (Lexmark International Inc.)
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008/08/08 20:10:20 | 000,209,432 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008/08/08 20:11:06 | 000,151,064 | ---- | M] (Intel Corporation)
"lxdxmon.exe" -> C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ["C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"] -> [2008/06/13 12:04:01 | 000,668,328 | ---- | M] ()
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008/08/08 20:10:53 | 000,181,784 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/07/15 08:17:43 | 006,453,760 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AML" -> C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe ["C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp] -> [2008/06/13 18:07:18 | 001,097,728 | ---- | M] (Sony)
"AVG_TRAY" -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe ["C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"] -> [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"FaxCenterServer" -> C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ["C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s] -> [2008/06/13 12:00:33 | 000,320,168 | ---- | M] ()
"Google Quick Search Box" -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun] -> [2009/08/28 08:49:09 | 000,122,368 | ---- | M] (Google Inc.)
"HTC Sync Loader" -> C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ["C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup] -> [2011/01/27 18:57:48 | 000,585,728 | ---- | M] ()
"ISBMgr.exe" -> C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe ["C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"] -> [2008/04/03 23:03:38 | 000,317,280 | ---- | M] (Sony Corporation)
"SSDMonitor" -> C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe ["C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"] -> [2011/07/09 21:59:37 | 000,112,600 | ---- | M] (PC Tools)
"TkBellExe" -> c:\program files (x86)\real\realplayer\Update\realsched.exe ["c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot] -> [2010/12/23 17:05:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
"vProt" -> C:\Program Files (x86)\AVG Secure Search\vprot.exe ["C:\Program Files (x86)\AVG Secure Search\vprot.exe"] -> [2011/10/04 09:48:51 | 000,218,440 | ---- | M] ()
"VWLASU" -> C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe ["C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"] -> [2008/05/20 16:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.)
"WD Drive Manager" -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe] -> [2009/06/26 16:56:12 | 000,480,768 | ---- | M] (WDC)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"AvgUninstallURL" -> C:\Windows\SysWow64\cmd.exe [cmd.exe /c start [URL]http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE1ODcwNDg0LUtWMys3LVhMKzEtVDQtRlA5Mis2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LUYxME0xMEQrMi1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390[/URL]] -> [2008/01/20 22:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"cdloader" -> C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe ["C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK] -> [2011/08/23 16:03:00 | 000,050,592 | ---- | M] (magicJack L.P.)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/10/18 11:57:51 | 005,500,800 | ---- | M] (SUPERAntiSpyware.com)
"VMpTtray.exe" -> C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe [C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe] -> [2008/05/24 22:01:16 | 000,086,016 | ---- | M] (Sony Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> [2011/08/17 16:25:53 | 002,010,288 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> [2011/08/17 16:25:53 | 002,010,288 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2008/03/09 13:34:12 | 000,003,741 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2008/03/09 13:34:12 | 000,003,741 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll [Menu: Sun Java Console] -> [2011/07/19 05:05:33 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: Send To Bluetooth] -> [2008/03/09 13:34:12 | 000,003,741 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: Send to &Bluetooth Device...] -> [2008/03/09 13:34:12 | 000,003,741 | ---- | M] ()
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
64bit-{00000000-0000-0000-0000-000000000000}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
64bit-{00000000-0000-0000-0000-000000000000}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{00000000-0000-0000-0000-000000000000}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
64bit-{00000000-0000-0000-0000-000000000000}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
data_magicjack.com [https] -> Trusted sites -> 
my_magicjack.com 
[*] -> Trusted sites -> 
my_magicjack.com [https] -> Trusted sites -> 
reg_talk4free.com 
[*] -> Trusted sites -> 
reg_talk4free.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> [URL]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/URL] [QuickTime Object] -> 
{038E2507-7A48-41E2-94AD-7F23D199AF4E} [HKLM] -> [URL]http://www.worldwinner.com/games/v54/zengems/zengems.cab[/URL] [ZenGems Control] -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> [URL]http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab[/URL] [PCPitstop Utility] -> 
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [URL]file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx[/URL] [Reg Error: Key error.] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> [URL]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/URL] [Shockwave ActiveX Control] -> 
{49E67060-2C0D-415E-94C7-52A49F73B2F1} [HKLM] -> [URL]http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab[/URL] [CPlayFirstPiratePoppersControl Object] -> 
{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} [HKLM] -> [URL]http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab[/URL] [GameTap Player] -> 
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [URL]http://www.worldwinner.com/games/shared/wwlaunch.cab[/URL] [Wwlaunch Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] [Java Plug-in 1.6.0_27] -> 
{8F6E7FB2-E56B-4F66-A4E1-9765D2565280} [HKLM] -> [URL]http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab[/URL] [WorldWinner ActiveX Launcher Control] -> 
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} [HKLM] -> [URL]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/URL] [ActiveScan 2.0 Installer Class] -> 
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [URL]http://www.superadblocker.com/activex/sabspx.cab[/URL] [SABScanProcesses Class] -> 
{BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} [HKLM] -> [URL]http://www.worldwinner.com/games/v46/monopoly/monopoly.cab[/URL] [Monopoly Control] -> 
{C345E174-3E87-4F41-A01C-B066A90A49B4} [HKLM] -> [URL]http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx[/URL] [WRC Class] -> 
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] [Java Plug-in 1.6.0_27] -> 
{D40F5876-A494-4124-8161-82625BB28C06} [HKLM] -> [URL]http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab[/URL] [CPlayFirstChocolatieControl Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL] [Reg Error: Key error.] -> 
{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} [HKLM] -> [URL]https://plugins.valueactive.eu/flashax/iefax.cab[/URL] [Flash Casino Helper Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}\\DhcpNameServer -> 192.168.0.1   (Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller) -> 
{68B9D9C9-78FD-4226-BE19-2FB008CF6893}\\DhcpNameServer -> 192.168.0.1   (Intel(R) Wireless WiFi Link 5100) -> 
{68B9D9C9-78FD-4226-BE19-2FB008CF6893}\\NameServer -> 67.90.152.122,67.107.71.186   (Intel(R) Wireless WiFi Link 5100) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2008/08/08 20:10:52 | 000,218,112 | ---- | M] (Intel Corporation)
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
VESWinlogon -> C:\Windows\SysWow64\VESWinlogon.dll -> [2008/07/28 20:45:46 | 000,098,304 | ---- | M] (Sony Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{04842AE0-F18E-429C-9998-65BE1D2BE793} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{08CAEE4C-ABC8-4839-9C3E-2429731AEB3C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{137BF0C1-96E5-4132-98C5-058A4A5C5DE6} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{140F3F9F-0E09-424F-A072-38666B083E46} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
{2DDA5444-83B0-4203-B027-4137D7563BB0} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{2E9D05B2-C00A-4638-8328-DC743EDD3E33} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31265"][email protected],-31265[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{3806D2FB-4BF5-4C6C-8432-481C00B998AF} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{3EDF4937-EAC2-4C70-B23D-CF40B017B8A8} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
{4238EAC1-91FA-4304-ACF2-FDAA308DC2BB} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31261"][email protected],-31261[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{596DCE19-56BF-45A3-94FB-C6C3B57B2558} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{5BB59EFE-232C-49DC-94CC-E06399B70352} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31285"][email protected],-31285[/EMAIL] | app=system | 
{63D71794-A216-473C-B0A3-4983D9D6A8F4} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31269"][email protected],-31269[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{75393010-A6A0-42B8-BD41-A3FD88A0991E} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31253"][email protected],-31253[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{7AFF75C6-26FA-4CA7-A744-47C1155FE306} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{7C30AB10-6698-4A80-8AA1-279759B47780} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31289"][email protected],-31289[/EMAIL] | app=system | 
{964074C3-5A09-414D-9ED8-DA2D5FB71145} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{A7C9EB47-687C-4CAF-9050-FA97103521D9} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31257"][email protected],-31257[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{B24DF1F2-2BFE-47D6-A2CB-543C84DF62CD} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"][email protected],-28531[/EMAIL] | app=system | 
{B4CB1C77-DCC1-4077-88A5-8724F7D4298A} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{BD099B26-9010-49E3-9C85-8740DB7D84AD} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31277"][email protected],-31277[/EMAIL] | app=system | 
{D591F636-3307-46BC-A8F5-D81039A28B72} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{D7DADAF7-9097-41E1-BAF1-DD8F72141BD3} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31273"][email protected],-31273[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{F59F03D3-E4F8-470A-9B85-F345E3F7F7A2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{04E9E532-3FEA-4954-820D-D1B8E69DE522} -> profile=private | protocol=17 | dir=in | action=allow | name=vaio media plus | app=c:\program files (x86)\sony\vaio media plus\vmp.exe | 
{05B69E9E-702A-4A33-A591-35E0C83DA358} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31011"][email protected],-31011[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{081EEA1F-E560-417E-A333-4635F965BFDB} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31323"][email protected],-31323[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{0B7B5D4D-CD29-4D69-8D65-E3253E0C0BC9} -> profile=public | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
{0B94144C-E203-4D08-B34E-DD9AC827A9B7} -> profile=public | protocol=17 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{0CE7EF41-71A3-4A4F-B0EC-3A350F8EC2FC} -> profile=public | protocol=6 | dir=in | action=allow | name=fax software | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe | 
{13707FBD-5AE1-445F-ADAE-245008280F6C} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{18DED957-2444-4043-8859-A8EB187F70BC} -> profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31023"][email protected],-31023[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{230EB66E-34C4-476B-83CB-E7A80C003D9E} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{24FA1F86-B1F9-4DB7-8249-A0C083B777CC} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31293"][email protected],-31293[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{2893A4BE-8300-4CFC-8852-31CF3073625A} -> profile=domain | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31007"][email protected],-31007[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{29361307-8FF5-4E0C-9D4F-F5D469F2FC0F} -> profile=private | protocol=17 | dir=in | action=allow | name=vaio media plus content importer | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe | 
{2FE13412-A9FA-41E8-A38A-9108F3E60F4E} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31305"][email protected],-31305[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{344B9744-1B42-4C5B-A33C-45AF8D7E0205} -> profile=public | protocol=6 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdxcoms.exe | 
{35034483-7F81-4A91-9663-DDCC672783BB} -> profile=private | protocol=6 | dir=in | action=allow | name=vaio media plus | app=c:\program files (x86)\sony\vaio media plus\vmp.exe | 
{359F75C7-D313-4A11-9970-590A0AFED25B} -> profile=public | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{3B89465D-778F-403C-96FC-4AE6CAAC5EAC} -> profile=public | protocol=17 | dir=in | action=allow | name=job status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe | 
{42B02637-3076-41CC-94A7-8BE2A3C16FB3} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31309"][email protected],-31309[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{45B25F6F-3260-4EF9-8030-AEB90D615C22} -> profile=private | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{4633FC4A-84C1-4917-B6AB-6F4CC66E35FB} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31317"][email protected],-31317[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{4664E469-7692-451F-8092-49983E162E77} -> profile=public | protocol=6 | dir=in | action=allow | name=lexmark connect time executable | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe | 
{46BC7873-329C-4661-BEFA-FC62BC3FAF6C} -> profile=public | protocol=6 | dir=in | action=allow | name=3600-4600 series server | app=c:\windows\syswow64\lxdxcoms.exe | 
{46E59C58-CCE6-4A82-B262-512053B333D3} -> profile=private | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{4B6E5BFC-4707-49DC-A4C3-ED2A5DBB1D48} -> profile=public | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
{4BC81EFC-5541-4268-9A05-D082113BDB7D} -> profile=private | protocol=17 | dir=in | action=allow | name=vaio media plus digital media server | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe | 
{52ABE3CA-70B7-4784-9F71-81F97835D285} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31325"][email protected],-31325[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{56B66B46-8B06-41B2-A601-E893ED25FB58} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{5AA300EB-664F-4E95-9551-45116C826351} -> profile=private | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{5F57BEF7-859D-47F3-878D-1D519E2F3027} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31321"][email protected],-31321[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{61FCF4F1-B8B9-4228-AEF2-5468AC8E200C} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{65441565-C2AE-4D81-8284-447A90E6E3A1} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{67FD8867-036C-4FF9-B5C2-D69FA9F76D3F} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{6A6B62C3-C3DE-48F3-9171-9074C782BF35} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31281"][email protected],-31281[/EMAIL] | app=system | 
{6C1B0C9A-FFBF-4A89-BC1B-BE6E8FB4A930} -> profile=public | protocol=17 | dir=in | action=allow | name=3600-4600 series server | app=c:\windows\syswow64\lxdxcoms.exe | 
{6C4DCE5C-A7D4-45CB-AE0C-947D82350612} -> profile=private | protocol=6 | dir=in | action=allow | name=vaio media plus content importer | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe | 
{758D9BE2-261D-43FD-95C9-D59FB821D3AF} -> profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31003"][email protected],-31003[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{797DC8F5-ED63-45AF-B952-DA8B5BCEEF4D} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{7BA84A06-2995-4E8A-9870-972AAD6DA2B7} -> profile=public | protocol=6 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{7CAB650B-6A29-430B-96DD-0B102D991A04} -> profile=private | protocol=17 | dir=in | action=allow | name=vaio media plus device searcher | app=c:\program files (x86)\sony\vaio media plus\sohds.exe | 
{7DA830FA-4D37-4AEE-B7CB-C7EA8A36997B} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{8054F137-B7C1-4C79-BD39-CA91F92A3F65} -> profile=public | protocol=17 | dir=in | action=allow | name=lexmark connect time executable | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe | 
{818C369F-70BC-4FBD-94C6-5F99FB3CBCE0} -> profile=public | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
{865F54D8-E1B9-4682-B9BB-B4695B140D85} -> profile=private | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{899BFB47-C5C8-453B-8363-BB6CDCE4CC0D} -> profile=private | protocol=6 | dir=in | action=allow | name=vaio media plus device searcher | app=c:\program files (x86)\sony\vaio media plus\sohds.exe | 
{8B78F35B-301A-41B3-8BBA-19AFF0370F74} -> profile=public | protocol=17 | dir=in | action=allow | name=fax software | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe | 
{8C02D78F-C6BA-4EE7-AB07-766C8840B3B8} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31301"][email protected],-31301[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{9F8C4729-F76E-44C3-A6C8-C0B00B5F4DDC} -> profile=public | protocol=6 | dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
{A4B35243-9948-4FB2-BD01-2460DDBFD2C0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{A689C3F0-40FB-4735-A962-45780BBE57B1} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
{A9A23C7E-3D74-4083-8B99-849A7B143AEA} -> profile=public | protocol=17 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
{B1F8E2B9-0FC3-40D0-8F44-0896B2370E71} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31297"][email protected],-31297[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{B99E6678-1123-4258-AA5C-FF1DA5A3AEBD} -> profile=public | protocol=17 | dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
{B9D1CD24-DEED-49ED-BE9D-98B449E9DDCB} -> profile=public | protocol=6 | dir=in | action=allow | name=job status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe | 
{BBA07541-D69F-4076-BD6A-AC67CE79DB84} -> profile=public | protocol=6 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
{BD2DBE3D-9913-4290-A6F1-91F6EA69719A} -> profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31313"][email protected],-31313[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{BE0FB030-AFE1-44A6-B22A-12760944423D} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{C00CC7CF-4152-4CEA-8CF6-7CA8D824C2BF} -> profile=public | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
{C0A22871-7FB5-40FF-A987-A6F2C81E7E8F} -> profile=public | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
{C63BC407-3FAC-488C-9AE3-60AF45125BBE} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31025"][email protected],-31025[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{CE105AFF-27CB-4068-9063-291D0E96FD1E} -> profile=private | protocol=6 | dir=in | action=allow | name=vaio media plus digital media server | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe | 
{CF9F0634-C055-4A5C-874C-53A448D007C3} -> profile=domain | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31024"][email protected],-31024[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D3287DC7-78D9-410E-A056-CCE01D28CD0D} -> profile=public | protocol=6 | dir=in | action=allow | name=  | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe | 
{D85562F7-EF50-4190-881B-59EFE52223FE} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31324"][email protected],-31324[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{DB176A04-F1ED-47E5-A426-F9BC90C99E74} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{E2DE8B83-91E6-4E6E-80B7-3F53BF4A1CE6} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{EE03BFDE-54A6-42FB-AF69-F79D8C85CAD2} -> profile=public | protocol=17 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdxcoms.exe | 
{F6304030-DBC0-49E6-960C-CE9DE49E1410} -> profile=public | protocol=17 | dir=in | action=allow | name=  | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe | 
{F9992801-97E4-481B-BFD9-34C95591C8F6} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
TCP Query User{09CEF813-8740-4ADD-BF9D-F4DB85C08DC9}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=6 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
TCP Query User{2D2DF65B-E821-4EF5-8235-5C71D4DF3FE0}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe -> profile=private | protocol=6 | dir=in | action=allow | name=lxdxlscn | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
TCP Query User{309AAA1E-D7A0-44F1-83F6-7E49486BBD85}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe -> profile=public | protocol=6 | dir=in | action=allow | name=lxdxlscn | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
TCP Query User{49D29E90-8EEA-4832-A050-A01B5C80A014}C:\program files\sony\vaio care\vaiocare.exe -> profile=private | protocol=6 | dir=in | action=block | name=vaio care | app=c:\program files\sony\vaio care\vaiocare.exe | 
TCP Query User{4E70EE84-FA8F-4CE5-B042-66C2466B1EE8}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe -> profile=private | protocol=6 | dir=in | action=allow | name=magicjack.exe | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
TCP Query User{522B2ACD-83F1-421E-877B-A5DBDAC0D48D}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe -> profile=public | protocol=6 | dir=in | action=allow | name=magicjack.exe | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
TCP Query User{88994CFA-0920-4DC8-B5DF-F8772FBFC182}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{962E6688-F553-41FC-B1DF-029B0DFF7060}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe -> profile=private | protocol=6 | dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
TCP Query User{B8961D23-1D69-476D-81C1-DEB4BFF4A938}C:\program files\sony\vaio care\vaiocare.exe -> profile=public | protocol=6 | dir=in | action=allow | name=vaio care | app=c:\program files\sony\vaio care\vaiocare.exe | 
TCP Query User{E5CB11AF-8D95-45CE-B7B2-C0AFD540618D}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe -> profile=private | protocol=6 | dir=in | action=block | name=printer device monitor | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
TCP Query User{F9468BFB-038E-44AF-A45C-C59C45AE36F8}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe -> profile=public | protocol=6 | dir=in | action=block | name=printer device monitor | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
UDP Query User{0383E52B-94D6-4B29-8AFB-F149741418A1}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe -> profile=public | protocol=17 | dir=in | action=allow | name=lxdxlscn | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
UDP Query User{2B13D306-E0A3-464A-A6D8-D568F7905807}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=17 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
UDP Query User{378A92AA-FCA8-4551-B6E0-03A5AA217F70}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe -> profile=public | protocol=17 | dir=in | action=allow | name=magicjack.exe | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
UDP Query User{6B2DB2F7-3164-491E-BAF9-B999D068AFFC}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe -> profile=private | protocol=17 | dir=in | action=block | name=printer device monitor | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
UDP Query User{70EB9ACE-25AC-4088-947D-21EBF7FF8B82}C:\program files\sony\vaio care\vaiocare.exe -> profile=private | protocol=17 | dir=in | action=block | name=vaio care | app=c:\program files\sony\vaio care\vaiocare.exe | 
UDP Query User{735A2BD2-5DAF-4C8B-8411-D303221C75E2}C:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe -> profile=private | protocol=17 | dir=in | action=allow | name=magicjack.exe | app=c:\users\dennis\appdata\roaming\mjusbsp\magicjack.exe | 
UDP Query User{86CF9D17-0A71-446F-8696-8210B8339AB6}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe -> profile=private | protocol=17 | dir=in | action=allow | name=lxdxlscn | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe | 
UDP Query User{8799BC95-EF5D-40B4-877A-33E2C50F8430}C:\program files\sony\vaio care\vaiocare.exe -> profile=public | protocol=17 | dir=in | action=allow | name=vaio care | app=c:\program files\sony\vaio care\vaiocare.exe | 
UDP Query User{8AC012BF-335A-4DF4-9634-1426E34A66D5}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{DAD2D28C-7B25-4A17-85A8-8E54490919CD}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe -> profile=public | protocol=17 | dir=in | action=block | name=printer device monitor | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe | 
UDP Query User{DFD58812-5A28-4B14-95F1-FE831EA3206E}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe -> profile=private | protocol=17 | dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 01:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2011/10/24 17:21:53 | 000,646,144 | ---- | C] (OldTimer Tools)
 pavboot64.sys -> C:\Windows\SysNative\drivers\pavboot64.sys -> [2011/10/24 15:06:28 | 000,033,800 | ---- | C] (Panda Security, S.L.)
 Panda Security -> C:\Program Files (x86)\Panda Security -> [2011/10/24 15:06:25 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/10/22 12:35:02 | 000,000,000 | -HSD | C]
 FixIEDef.exe -> C:\Users\Dennis\Desktop\FixIEDef.exe -> [2011/10/22 12:30:10 | 001,093,459 | ---- | C] (Zoll Technologies)
 temp -> C:\Windows\temp -> [2011/10/19 18:38:21 | 000,000,000 | ---D | C]
 username12326185u -> C:\username12326185u -> [2011/10/19 17:59:19 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2011/10/18 00:49:09 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2011/10/18 00:49:09 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/10/18 00:49:09 | 000,060,416 | ---- | C] (NirSoft)
 username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2011/10/18 00:33:41 | 004,266,378 | R--- | C] (Swearware)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2011/10/18 00:26:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2011/10/18 00:26:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2011/10/18 00:26:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 _OTL -> C:\_OTL -> [2011/10/13 11:12:56 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/10/13 03:01:10 | 000,096,256 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/10/13 03:01:10 | 000,072,704 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2011/10/13 03:01:09 | 000,231,936 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2011/10/13 03:01:08 | 000,237,056 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2011/10/13 03:01:07 | 002,309,120 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/10/13 03:01:07 | 000,248,320 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/10/13 03:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/10/13 03:01:05 | 000,818,176 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/10/13 03:01:05 | 000,716,800 | ---- | C] (Microsoft Corporation)
 oleacc.dll -> C:\Windows\SysNative\oleacc.dll -> [2011/10/12 08:21:22 | 000,332,288 | ---- | C] (Microsoft Corporation)
 oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2011/10/12 08:21:21 | 000,847,360 | ---- | C] (Microsoft Corporation)
 UIAutomationCore.dll -> C:\Windows\SysNative\UIAutomationCore.dll -> [2011/10/12 08:21:21 | 000,735,744 | ---- | C] (Microsoft Corporation)
 UIAutomationCore.dll -> C:\Windows\SysWow64\UIAutomationCore.dll -> [2011/10/12 08:21:21 | 000,555,520 | ---- | C] (Microsoft Corporation)
 oleaccrc.dll -> C:\Windows\SysWow64\oleaccrc.dll -> [2011/10/12 08:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation)
 oleaccrc.dll -> C:\Windows\SysNative\oleaccrc.dll -> [2011/10/12 08:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation)
 psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2011/10/12 08:17:51 | 000,375,808 | ---- | C] (Microsoft Corporation)
 psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2011/10/12 08:17:51 | 000,293,376 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2011/10/12 08:17:51 | 000,289,792 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2011/10/12 08:17:51 | 000,217,088 | ---- | C] (Microsoft Corporation)
 Mpeg2Data.ax -> C:\Windows\SysNative\Mpeg2Data.ax -> [2011/10/12 08:17:51 | 000,100,352 | ---- | C] (Microsoft Corporation)
 MSDvbNP.ax -> C:\Windows\SysNative\MSDvbNP.ax -> [2011/10/12 08:17:51 | 000,073,216 | ---- | C] (Microsoft Corporation)
 Mpeg2Data.ax -> C:\Windows\SysWow64\Mpeg2Data.ax -> [2011/10/12 08:17:51 | 000,069,632 | ---- | C] (Microsoft Corporation)
 MSDvbNP.ax -> C:\Windows\SysWow64\MSDvbNP.ax -> [2011/10/12 08:17:51 | 000,057,856 | ---- | C] (Microsoft Corporation)
 OTL.exe -> C:\Users\Dennis\Desktop\OTL.exe -> [2011/10/10 21:00:08 | 000,582,656 | ---- | C] (OldTimer Tools)
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/10/08 17:29:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation)
 username123 -> C:\username123 -> [2011/10/05 16:10:28 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/10/05 15:54:55 | 000,000,000 | ---D | C]
 ERDNT -> C:\ERDNT -> [2011/10/05 13:59:07 | 000,000,000 | ---D | C]
 ERUNT -> C:\Windows\ERUNT -> [2011/10/05 13:59:03 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2011/10/05 13:59:03 | 000,000,000 | ---D | C]
 !FixIEDef -> C:\!FixIEDef -> [2011/10/05 13:58:28 | 000,000,000 | ---D | C]
 AVG Secure Search -> C:\Program Files (x86)\AVG Secure Search -> [2011/10/04 09:48:48 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysWow64\drivers\AVG -> [2011/10/04 09:32:30 | 000,000,000 | ---D | C]
 HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2011/10/01 15:02:59 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 SUPERAntiSpyware.com -> C:\Users\Dennis\AppData\Roaming\SUPERAntiSpyware.com -> [2011/10/01 14:25:19 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/10/01 14:24:46 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/10/01 14:24:43 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/10/01 14:24:43 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Users\Dennis\AppData\Roaming\Malwarebytes -> [2011/09/28 14:06:51 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/09/28 14:06:30 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/09/28 14:06:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation)
 MALWAREBYTES ANTI-MALWARE -> C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE -> [2011/09/28 14:06:27 | 000,000,000 | ---D | C]
 lxdxinpa.dll -> C:\Windows\SysWow64\lxdxinpa.dll -> [2009/05/11 18:08:19 | 000,364,544 | ---- | C] ( )
 lxdxiesc.dll -> C:\Windows\SysWow64\lxdxiesc.dll -> [2009/05/11 18:08:19 | 000,339,968 | ---- | C] ( )
 lxdxpmui.dll -> C:\Windows\SysWow64\lxdxpmui.dll -> [2009/05/11 18:08:18 | 000,647,168 | ---- | C] ( )
 lxdxserv.dll -> C:\Windows\SysWow64\lxdxserv.dll -> [2009/05/11 18:08:16 | 001,105,920 | ---- | C] ( )
 lxdxusb1.dll -> C:\Windows\SysWow64\lxdxusb1.dll -> [2009/05/11 18:08:16 | 000,843,776 | ---- | C] ( )
 lxdxlmpm.dll -> C:\Windows\SysWow64\lxdxlmpm.dll -> [2009/05/11 18:08:15 | 000,569,344 | ---- | C] ( )
 lxdxih.exe -> C:\Windows\SysWow64\lxdxih.exe -> [2009/05/11 18:08:15 | 000,320,168 | ---- | C] ( )
 lxdxprox.dll -> C:\Windows\SysWow64\lxdxprox.dll -> [2009/05/11 18:08:15 | 000,053,248 | ---- | C] ( )
 lxdxhbn3.dll -> C:\Windows\SysWow64\lxdxhbn3.dll -> [2009/05/11 18:08:14 | 000,663,552 | ---- | C] ( )
 lxdxcoms.exe -> C:\Windows\SysWow64\lxdxcoms.exe -> [2009/05/11 18:08:13 | 000,594,600 | ---- | C] ( )
 lxdxcomc.dll -> C:\Windows\SysWow64\lxdxcomc.dll -> [2009/05/11 18:08:12 | 000,851,968 | ---- | C] ( )
 lxdxcomm.dll -> C:\Windows\SysWow64\lxdxcomm.dll -> [2009/05/11 18:08:12 | 000,376,832 | ---- | C] ( )
 lxdxcfg.exe -> C:\Windows\SysWow64\lxdxcfg.exe -> [2009/05/11 18:08:11 | 000,365,224 | ---- | C] ( )
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2011/10/24 17:21:53 | 000,646,144 | ---- | M] (OldTimer Tools)
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/24 16:12:51 | 000,003,616 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/24 16:12:51 | 000,003,616 | -H-- | M] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2011/10/24 08:22:55 | 107,197,753 | ---- | M] ()
 Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2011/10/23 19:14:00 | 000,000,880 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/23 18:35:00 | 000,000,898 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/23 06:35:00 | 000,000,894 | ---- | M] ()
 FixIEDef.exe -> C:\Users\Dennis\Desktop\FixIEDef.exe -> [2011/10/22 12:30:17 | 001,093,459 | ---- | M] (Zoll Technologies)
 SystemLook_x64.exe -> C:\Users\Dennis\Desktop\SystemLook_x64.exe -> [2011/10/22 11:37:57 | 000,165,376 | ---- | M] ()
 MSN e-mail.url -> C:\Users\Dennis\Desktop\MSN e-mail.url -> [2011/10/20 16:14:43 | 000,000,383 | ---- | M] ()
 iavichjg.avm -> C:\Windows\SysNative\drivers\AVG\iavichjg.avm -> [2011/10/19 22:22:18 | 000,100,789 | ---- | M] ()
 username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2011/10/19 17:58:59 | 004,266,378 | R--- | M] (Swearware)
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/10/18 14:12:04 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/10/18 14:11:59 | 3081,797,632 | -HS- | M] ()
 bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2011/10/18 14:08:59 | 000,000,012 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2011/10/18 01:14:13 | 000,000,027 | ---- | M] ()
 kgpcpy.cfg -> C:\Windows\SysNative\drivers\kgpcpy.cfg -> [2011/10/14 18:59:53 | 000,000,784 | ---- | M] ()
 Facebook.url -> C:\Users\Dennis\Desktop\Facebook.url -> [2011/10/14 18:28:32 | 000,000,193 | ---- | M] ()
 JavaRa.exe -> C:\Users\Dennis\Desktop\JavaRa.exe -> [2011/10/13 10:40:53 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/10/13 03:40:36 | 000,406,624 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/10/13 03:08:35 | 000,709,998 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/10/13 03:08:35 | 000,595,996 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/10/13 03:08:35 | 000,104,070 | ---- | M] ()
 magicJack.lnk -> C:\Users\Dennis\Desktop\magicJack.lnk -> [2011/10/11 04:27:23 | 000,000,900 | ---- | M] ()
 OTL.exe -> C:\Users\Dennis\Desktop\OTL.exe -> [2011/10/10 21:00:09 | 000,582,656 | ---- | M] (OldTimer Tools)
 test.xml -> C:\test.xml -> [2011/10/09 14:40:43 | 000,372,521 | ---- | M] ()
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/10/08 17:29:02 | 000,041,272 | ---- | M] (Malwarebytes Corporation)
 d3d9caps.dat -> C:\Users\Dennis\AppData\Local\d3d9caps.dat -> [2011/10/06 16:12:49 | 000,000,680 | ---- | M] ()
 AVG 2012.lnk -> C:\Users\Public\Desktop\AVG 2012.lnk -> [2011/10/06 08:45:11 | 000,000,872 | ---- | M] ()
 Handsome bench hides a hose - Sunset.com.url -> C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url -> [2011/10/05 17:44:27 | 000,000,236 | ---- | M] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/10/04 09:32:30 | 000,000,000 | ---- | M] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/10/04 09:32:30 | 000,000,000 | ---- | M] ()
 HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2011/10/01 15:03:00 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/10/01 14:24:46 | 000,001,716 | ---- | M] ()
 CD-ED-Brochure.pdf -> C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf -> [2011/09/28 12:50:33 | 003,062,855 | ---- | M] ()
 HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url -> C:\Users\Dennis\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url -> [2011/09/25 13:21:47 | 000,000,170 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/09/25 12:08:28 | 435,289,724 | ---- | M] ()
 
[Files - No Company Name]
 SystemLook_x64.exe -> C:\Users\Dennis\Desktop\SystemLook_x64.exe -> [2011/10/22 11:37:30 | 000,165,376 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/10/18 00:49:09 | 000,256,000 | ---- | C] ()
 kgpcpy.cfg -> C:\Windows\SysNative\drivers\kgpcpy.cfg -> [2011/10/14 18:59:43 | 000,000,784 | ---- | C] ()
 Handsome bench hides a hose - Sunset.com.url -> C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url -> [2011/10/05 17:44:27 | 000,000,236 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2011/10/05 15:55:09 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2011/10/05 15:55:09 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2011/10/05 15:55:09 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2011/10/05 15:55:09 | 000,068,096 | ---- | C] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/10/04 09:32:30 | 000,000,000 | ---- | C] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/10/04 09:32:30 | 000,000,000 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/10/01 14:24:46 | 000,001,716 | ---- | C] ()
 CD-ED-Brochure.pdf -> C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf -> [2011/09/28 12:49:49 | 003,062,855 | ---- | C] ()
 HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url -> C:\Users\Dennis\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url -> [2011/09/25 13:21:47 | 000,000,170 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/09/25 12:17:15 | 3081,797,632 | -HS- | C] ()
 BDTSupport.dll0814.old -> C:\Windows\BDTSupport.dll0814.old -> [2011/08/02 20:34:45 | 000,767,952 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2011/04/02 15:46:17 | 000,000,376 | ---- | C] ()
 lxdxdrs.dll -> C:\Windows\SysWow64\lxdxdrs.dll -> [2010/03/16 20:20:24 | 000,782,336 | ---- | C] ()
 lxdxcaps.dll -> C:\Windows\SysWow64\lxdxcaps.dll -> [2010/03/16 20:20:24 | 000,081,920 | ---- | C] ()
 UninstallWSST.exe -> C:\Windows\UninstallWSST.exe -> [2009/09/28 09:39:56 | 000,180,224 | ---- | C] ()
 sbacknt.bin -> C:\Windows\sbacknt.bin -> [2009/09/28 08:47:41 | 000,000,005 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/09/04 12:24:00 | 000,117,248 | ---- | C] ()
 StructuredQuerySchema.bin -> C:\Windows\SysWow64\StructuredQuerySchema.bin -> [2009/09/04 12:22:25 | 000,107,612 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/09/04 12:20:54 | 000,368,640 | ---- | C] ()
 LXDXinst.dll -> C:\Windows\SysWow64\LXDXinst.dll -> [2009/05/11 18:08:20 | 000,348,160 | ---- | C] ()
 lxdxcomx.dll -> C:\Windows\SysWow64\lxdxcomx.dll -> [2009/05/11 18:08:20 | 000,335,872 | ---- | C] ()
 lxdxcnv4.dll -> C:\Windows\SysWow64\lxdxcnv4.dll -> [2009/05/09 21:09:44 | 000,069,632 | ---- | C] ()
 d3d9caps.dat -> C:\Users\Dennis\AppData\Local\d3d9caps.dat -> [2009/04/11 17:19:01 | 000,000,680 | ---- | C] ()
 wklnhst.dat -> C:\Users\Dennis\AppData\Roaming\wklnhst.dat -> [2009/02/13 18:34:22 | 000,000,214 | ---- | C] ()
 StructuredQuerySchemaTrivial.bin -> C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin -> [2009/01/31 07:19:12 | 000,018,904 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/20 20:21:20 | 000,028,160 | ---- | C] ()
 VAIOUpdt.INI -> C:\Windows\VAIOUpdt.INI -> [2008/09/01 05:18:06 | 000,000,000 | ---- | C] ()
 bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2008/08/12 16:22:35 | 000,000,012 | ---- | C] ()
 atiumdva.dat -> C:\Windows\SysWow64\atiumdva.dat -> [2008/08/12 14:34:41 | 003,107,788 | ---- | C] ()
 igkrng500.bin -> C:\Windows\SysWow64\igkrng500.bin -> [2008/08/12 14:31:23 | 002,192,024 | ---- | C] ()
 igfcg550.bin -> C:\Windows\SysWow64\igfcg550.bin -> [2008/08/12 14:31:16 | 000,147,172 | ---- | C] ()
 igcompkrng500.bin -> C:\Windows\SysWow64\igcompkrng500.bin -> [2008/08/12 14:31:12 | 000,492,496 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2008/08/12 13:50:12 | 000,000,000 | ---- | C] ()
 tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 000,060,124 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 11:37:05 | 000,067,584 | --S- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2006/11/02 08:37:14 | 000,215,943 | ---- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2006/11/02 08:24:17 | 000,000,741 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2006/11/02 08:18:17 | 000,673,088 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2006/11/02 05:47:54 | 000,043,131 | ---- | C] ()
 OUTLPERF.INI -> C:\Windows\SysWow64\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
```


----------



## dchville (Sep 25, 2011)

I hope that I did that right... I did not click to fix anything... Should I???


----------



## eddie5659 (Mar 19, 2001)

Yep, you did right in not fixing anything, as here comes the fix 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> 64bit-{00000000-0000-0000-0000-000000000000}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> {00000000-0000-0000-0000-000000000000}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{00000000-0000-0000-0000-000000000000}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {00000000-0000-0000-0000-000000000000}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> 64bit-{00000000-0000-0000-0000-000000000000}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> {00000000-0000-0000-0000-000000000000}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> file:///C:/Program%20Files%20(x86)/M...es/stg_drm.ocx [Reg Error: Key error.]
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Alternate Data Streams]
NY -> @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:D1B5B4F1
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## dchville (Sep 25, 2011)

[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\ButtonText not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\CLSID not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}\\Default Visible not found.
Starting removal of ActiveX control {149E45D8-163E-4189-86FC-45022AB2B6C9}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.
[Alternate Data Streams]
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 10252011_173053


----------



## dchville (Sep 25, 2011)

I am still runnig over 100 processes and the csrss.exe file is still there. Also when I receive an email from facebook to my windows live account and I click on it explorer shuts down???


----------



## dchville (Sep 25, 2011)

I just noticed my AVG icon had an exclamation mark on it. When I opened it, it said I was not fully protected so I clicked the FIX button. The pC analizer ran a scan and found some errors in my registry, junk files and shortcuts. Should I click on the fix now button?


----------



## eddie5659 (Mar 19, 2001)

Leave AVG for now, as in the fix button, as I'm going to look at the other things first 

Okay, lets see if there is anything starting on startup, before the antivirus kicks in.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









===============

Also, can you run SystemLook again, but as follows:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*csrss.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

====

eddie


----------



## dchville (Sep 25, 2011)

hi Eddie I'm running that scan now


----------



## dchville (Sep 25, 2011)

When I clicked to scan Windows shut down and I got the blue screen????


----------



## dchville (Sep 25, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 15:39 on 26/10/2011 by Dennis
Administrator - Elevation successful
========== filefind ==========
Searching for "*csrss.exe"
C:\Windows\System32\csrss.exe --a---- 7680 bytes [02:49 21/01/2008] [02:49 21/01/2008] B4ABE68596B173FF2AB2076BC7C35EB4
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe --a---- 7680 bytes [02:49 21/01/2008] [02:49 21/01/2008] B4ABE68596B173FF2AB2076BC7C35EB4
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

You got the blue screen with aswMBR?

Can you remember what it said?

Okay, don't run it for the moment, I'll check about this.


----------



## eddie5659 (Mar 19, 2001)

Okay, with regards to the csrss.exe, they're both showing as legit.

I'll be back soon with regards to the blue screen, so don't use that tool for the moment.


----------



## dchville (Sep 25, 2011)

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-26 15:45:09
-----------------------------
15:45:09.889 OS Version: Windows x64 6.0.6002 Service Pack 2
15:45:09.889 Number of processors: 2 586 0xF0D
15:45:09.890 ComputerName: DENNIS-PC UserName: Dennis
15:45:11.188 Initialize success
15:45:19.983 AVAST engine defs: 11102600
15:45:21.102 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:45:21.105 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
15:45:21.108 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
15:45:21.112 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
15:45:21.116 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
15:45:21.120 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
15:45:21.166 Disk 0 MBR read successfully
15:45:21.170 Disk 0 MBR scan
15:45:21.184 Disk 0 Windows VISTA default MBR code
15:45:21.189 Service scanning
15:45:22.636 Modules scanning
15:45:22.642 Disk 0 trace - called modules:
15:45:22.666 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 
15:45:22.675 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003fd56a0]
15:45:22.683 3 CLASSPNP.SYS[fffffa60011d4c33] -> nt!IofCallDriver -> [0xfffffa8003241e40]
15:45:22.694 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003244050]
15:45:23.678 AVAST engine scan C:\Windows
15:45:33.338 AVAST engine scan C:\Windows\system32
15:47:56.413 AVAST engine scan C:\Windows\system32\drivers
15:48:10.565 AVAST engine scan C:\Users\Dennis
15:49:52.928 Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Desktop\MBR.dat"
15:49:52.941 The log file has been saved successfully to "C:\Users\Dennis\Desktop\aswMBR.txt"


----------



## dchville (Sep 25, 2011)

LOL too late


----------



## dchville (Sep 25, 2011)

blue screen said....
"_A problem has been detected and windows has been shutdown to prevent damage to your computer_


----------



## eddie5659 (Mar 19, 2001)

Okay, after all that, it looks fine :up:

So, lets look at the Processes that are running. Can you open up OTL again, and before you click the Scan button, can you select *All* under *Processes* in the top left.

Post the log that comes back.


----------



## eddie5659 (Mar 19, 2001)

dchville said:


> LOL too late


Its no problem, I was speaking to others about this, and we were just coming up with some ideas, and then it was posted, so we left it at that 

The message on the screen can happen if something is conflicting witha Windows file, or causing it to be unstable. I had it on this pc, as I'm used to XP, so the jump to Windows 7 was different. I was updating Windows, and an installer was running after a reboot, so I was trying to close it thinking it was bad, and up popped the message.

Turns out that's how Windows updates now


----------



## dchville (Sep 25, 2011)

OTL logfile created on: 26/10/2011 4:10:00 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Dennis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.10% Memory free
5.95 Gb Paging File | 3.70 Gb Available in Paging File | 62.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.78 Gb Total Space | 141.70 Gb Free Space | 63.61% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2011/10/10 21:00:09 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011/10/04 09:48:51 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/03 17:21:23 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/09/03 11:46:28 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/28 17:06:48 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/07/09 21:59:37 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/30 19:07:07 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/12/23 17:05:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2010/09/22 14:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/28 08:49:09 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/28 20:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/13 12:04:03 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/05/24 22:01:16 | 000,086,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
PRC - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
PRC - [2008/05/20 16:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/03 23:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/02 05:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dllhost.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 03:49:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 03:49:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 03:47:57 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 03:47:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/04 09:48:51 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/08/17 16:30:20 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/01/27 18:57:50 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/27 18:57:48 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/27 18:57:46 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2008/07/28 20:45:44 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2008/06/13 11:11:51 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2008/06/13 11:11:44 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2008/06/13 11:11:43 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2008/06/13 11:10:18 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll
MOD - [2008/06/13 11:03:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2008/06/13 11:03:03 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2008/02/27 20:02:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
MOD - [2007/09/06 14:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2009/06/26 16:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:*64bit:* - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:*64bit:* - [2008/08/06 21:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:*64bit:* - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:*64bit:* - [2008/06/12 02:10:46 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:*64bit:* - [2008/04/30 23:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2008/04/30 22:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2008/04/27 20:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:*64bit:* - [2008/02/27 20:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:*64bit:* - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/03 11:46:28 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/15 08:17:50 | 000,139,808 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 17:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 04:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 04:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 04:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:*64bit:* - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2010/03/18 04:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:*64bit:* - [2010/03/18 04:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:*64bit:* - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:*64bit:* - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:*64bit:* - [2009/06/10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:*64bit:* - [2009/04/24 10:32:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:*64bit:* - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2008/08/08 20:11:11 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:*64bit:* - [2008/08/08 20:10:43 | 007,907,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2008/08/08 20:09:04 | 000,021,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:*64bit:* - [2008/08/08 20:09:03 | 000,132,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:*64bit:* - [2008/08/08 20:09:03 | 000,095,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:*64bit:* - [2008/08/08 20:08:35 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:*64bit:* - [2008/08/07 20:20:32 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2008/08/01 20:02:36 | 000,176,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:*64bit:* - [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2008/07/17 20:02:44 | 000,064,512 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:*64bit:* - [2008/06/25 20:13:33 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:*64bit:* - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:*64bit:* - [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:*64bit:* - [2008/04/27 20:00:52 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:*64bit:* - [2008/04/27 20:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:*64bit:* - [2008/04/27 20:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:*64bit:* - [2008/04/27 20:00:35 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:*64bit:* - [2008/04/27 20:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:*64bit:* - [2008/04/27 20:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:*64bit:* - [2008/04/08 06:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2008/03/10 07:01:26 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:*64bit:* - [2008/01/30 20:33:30 | 000,019,456 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:*64bit:* - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:*64bit:* - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV - [2008/07/11 19:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 58 EF 7D 40 6A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.iwon.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 17:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/25 10:03:59 | 000,000,000 | ---D | M]

[2011/05/19 13:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2011/09/03 11:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions
[2011/09/03 11:46:36 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1tj91kcf.default\extensions\[email protected]
[2011/10/13 11:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2010/12/23 17:06:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/09/02 03:00:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\

O1 HOSTS File: ([2011/10/18 01:14:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [cdloader] C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:*64bit:* - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:*64bit:* - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://ak.imgfarm.com/images/iwon/games/playfirst/PiratePoppers.1.0.0.32.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab (GameTap Player)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://ak.imgfarm.com/images/iwon/games/playfirst/Chocolatier2Web.1.0.0.10.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68B9D9C9-78FD-4226-BE19-2FB008CF6893}: NameServer = 67.90.152.122,67.107.71.186
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:*64bit:* - Protocol\Filter\text/xml - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 15:12:52 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2011/10/25 17:30:53 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/10/24 17:21:53 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTS.exe
[2011/10/24 15:06:28 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011/10/24 15:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/22 12:35:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/22 12:30:10 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Users\Dennis\Desktop\FixIEDef.exe
[2011/10/19 18:38:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/19 17:59:19 | 000,000,000 | ---D | C] -- C:\username12326185u
[2011/10/18 00:49:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/18 00:49:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/18 00:49:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/18 00:33:41 | 004,266,378 | R--- | C] (Swearware) -- C:\Users\Dennis\Desktop\username123.exe
[2011/10/18 00:26:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/18 00:26:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/18 00:26:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/13 11:12:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/13 03:01:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 03:01:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 03:01:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 03:01:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 03:01:07 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 03:01:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 03:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 03:01:05 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 03:01:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/12 08:21:22 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/12 08:21:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 08:21:21 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/10/12 08:21:21 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/10/12 08:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/10/12 08:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/10/12 08:17:51 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 08:17:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 08:17:51 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 08:17:51 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 08:17:51 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/12 08:17:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/12 08:17:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/12 08:17:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/10 21:00:08 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/10/08 17:29:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/05 16:10:28 | 000,000,000 | ---D | C] -- C:\username123
[2011/10/05 15:54:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/05 13:59:07 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/10/05 13:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2011/10/05 13:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/05 13:58:28 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/10/04 09:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/04 09:32:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/01 15:02:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/10/01 14:25:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/01 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/01 14:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/01 14:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/28 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2011/09/28 14:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 14:06:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 14:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2009/05/11 18:08:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2009/05/11 18:08:19 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2009/05/11 18:08:18 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2009/05/11 18:08:16 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2009/05/11 18:08:16 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2009/05/11 18:08:15 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2009/05/11 18:08:15 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
[2009/05/11 18:08:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
[2009/05/11 18:08:14 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2009/05/11 18:08:13 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
[2009/05/11 18:08:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2009/05/11 18:08:12 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2009/05/11 18:08:11 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/26 16:14:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/26 15:49:52 | 000,000,512 | ---- | M] () -- C:\Users\Dennis\Desktop\MBR.dat
[2011/10/26 15:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 15:30:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 15:30:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 15:30:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 15:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 15:29:49 | 3081,797,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 15:29:44 | 539,784,060 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/26 15:13:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2011/10/26 08:59:27 | 107,381,670 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/25 17:20:55 | 000,130,170 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/25 15:52:33 | 000,000,170 | ---- | M] () -- C:\Users\Dennis\Desktop\HelpOnThe.Net Tech Support Guy - Free help for Windows 7, XP, Vista, and more!.url
[2011/10/25 10:03:59 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/24 18:46:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/24 17:21:53 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTS.exe
[2011/10/22 12:30:17 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Users\Dennis\Desktop\FixIEDef.exe
[2011/10/22 11:37:57 | 000,165,376 | ---- | M] () -- C:\Users\Dennis\Desktop\SystemLook_x64.exe
[2011/10/20 16:14:43 | 000,000,383 | ---- | M] () -- C:\Users\Dennis\Desktop\MSN e-mail.url
[2011/10/19 17:58:59 | 004,266,378 | R--- | M] (Swearware) -- C:\Users\Dennis\Desktop\username123.exe
[2011/10/18 01:14:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/14 18:59:53 | 000,000,784 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/14 18:28:32 | 000,000,193 | ---- | M] () -- C:\Users\Dennis\Desktop\Facebook.url
[2011/10/13 10:40:53 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Dennis\Desktop\JavaRa.exe
[2011/10/13 03:40:36 | 000,406,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 03:08:35 | 000,709,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/13 03:08:35 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/13 03:08:35 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/11 04:27:23 | 000,000,900 | ---- | M] () -- C:\Users\Dennis\Desktop\magicJack.lnk
[2011/10/10 21:00:09 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/10/09 14:40:43 | 000,372,521 | ---- | M] () -- C:\test.xml
[2011/10/08 17:29:02 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/06 16:12:49 | 000,000,680 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2011/10/05 17:44:27 | 000,000,236 | ---- | M] () -- C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url
[2011/10/04 09:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/04 09:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/01 15:03:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/10/01 14:24:46 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 12:50:33 | 003,062,855 | ---- | M] () -- C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf

========== Files Created - No Company Name ==========

[2011/10/26 15:49:52 | 000,000,512 | ---- | C] () -- C:\Users\Dennis\Desktop\MBR.dat
[2011/10/22 11:37:30 | 000,165,376 | ---- | C] () -- C:\Users\Dennis\Desktop\SystemLook_x64.exe
[2011/10/18 00:49:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/14 18:59:43 | 000,000,784 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/05 17:44:27 | 000,000,236 | ---- | C] () -- C:\Users\Dennis\Desktop\Handsome bench hides a hose - Sunset.com.url
[2011/10/05 15:55:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/05 15:55:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/05 15:55:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/05 15:55:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/04 09:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/04 09:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/01 14:24:46 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 12:49:49 | 003,062,855 | ---- | C] () -- C:\Users\Dennis\Desktop\CD-ED-Brochure.pdf
[2011/08/02 20:34:45 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0814.old
[2011/04/02 15:46:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/16 20:20:24 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2010/03/16 20:20:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2009/09/28 09:39:56 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2009/09/28 08:47:41 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009/09/04 12:24:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/04 12:22:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/04 12:20:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/11 18:08:20 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2009/05/11 18:08:20 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2009/05/09 21:09:44 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2009/04/11 17:19:01 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2009/02/13 18:34:22 | 000,000,214 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat
[2009/01/31 07:19:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/20 20:21:20 | 000,028,160 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/01 05:18:06 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/08/12 16:22:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/12 14:34:41 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/08/12 14:31:23 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/08/12 14:31:16 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/08/12 14:31:12 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/08/12 13:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP1B5B4F1
< End of report >


----------



## eddie5659 (Mar 19, 2001)

Well, all the processes you have are okay, as in no malware related. However, you have in the log what is known as Optionals. These are not actually malware, but could have the same kind of tracking as malware.

For example, you have these in the log:

*O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()*

These are related to AVG Security Toolbar, and this is about it:

http://remove-malware.com/antimalware/anti-malware-reviews/avg-security-toolbar…no-thanks…/

But, like I say, its optional. If you want to uninstall it, you can via AddRemove Programs, then we can doublecheck its all clear with a fresh OTL log 

Also, looking at your startup list, you may want to trim some down, but again its up to you. The processes, although you say you have about a 100, I have a clean version of Windows 7, and it has 77 processes running. Most are needed by Windows to run some areas of the programs, etc.

-------------------

The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious.

Don't worry, you're not uninstalling these, just preventing them loading at startup

=======================================
Apoint - Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work. Up to you

EvtMgr6 - Related to Logitech SetPoint Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys. Up to you

EzPrint - Configuration options for Lexmark Printing devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. Up to you

HotKeysCmds - Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel. Up to you

IgfxTray - Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel. Not needed

lxdxmon.exe - Related to Lexmar 3600-4600 Series printers. Up to you

Persistence - Related to igfxpers.exe a process installed alongside NVidia graphics cards and provides additional configuration options for these devices. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. Up to you

RtHDVCpl - Related to High_Definition_Audio_System driver from Realtek Semiconductor. Up to you

AML - Related to Sony VAIO AV Mode Launcher 1.1 & DSD Direct Player. Up to you

AVG_TRAY - Related to AVG_Anti-Spyware from Grisoft. Up to you

FaxCenterServer - Lexmark integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others. Up to you

Google Quick Search Box - Related to Google Quick Search Box an open source search box that allows you to search data on your computer and across the web. Up to you

HTC Sync Loader - Related to HTC You can use HTC Sync™ to synchronize Outlook contacts and calendar or Outlook Express contacts,and more. Up to you

ISBMgr.exe - Related to Sony ISB Utility. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. Up to you

SSDMonitor - Monitors startup and display status in PC Tools Registry Mechanic's System Monitor. Up to you

TkBellExe - Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it.

http://www.mikescomputerinfo.com/TkBellExe.htm

To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK. Not needed

vProt - Related to AVG, leave for now.

VWLASU - Sony Wireless setup wizard. Up to you

WD Drive Manager - Installed with Western Digital's "My Book" Mirror Edition external drive; lets the user see the status of the drive, the percentage of space used, if the temperature is OK, and the health of the RAID volume. Up to you

cdloader - From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge." Keep

SUPERAntiSpyware - uninstall, not needed anymore 

VMpTtray.exe - Related to Sony VAIO Media tray plus from Sony Corporation. Not needed

AvgUninstallURL - Related to AVG Free version Uninstall Survey by AVG. Not needed

=======================================

Okay, for the one's that say Not Needed, do this:

Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are Not Needed, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK.

For the Up To You ones, that's exactly that. Its your choice if you need them. One way to do this, is after you've done the above with the Not Needed, is to go back to MSCONFIG, and untick one of them. Reboot, and see if all your 'normal' programs work okay. If, for instance your Sony Wireless has a problem after unticking VWLASU, then just go back in, retick it, and restart.

------------------

eddie


----------



## dchville (Sep 25, 2011)

so is that it? we're done?


----------



## eddie5659 (Mar 19, 2001)

I tend to run a quick tool, that is similar to aswmbr, just to triple-check (hope it goes okay this time).

Also, want to look at this part:



> I just noticed my AVG icon had an exclamation mark on it. When I opened it, it said I was not fully protected so I clicked the FIX button. The pC analizer ran a scan and found some errors in my registry, junk files and shortcuts. Should I click on the fix now button?


Is there a way you can get a logfile of the error's it found? Not too sure about AVG as I don't run it, but if you're not sure, I'll have a look and get a reply for you 

-------------

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply


----------



## dchville (Sep 25, 2011)

I can't find AVG security toolbar. I think I would have to uninstall AVG completely in order to remove the toolbar


----------



## dchville (Sep 25, 2011)

zero threats found and I didn't find a log?


----------



## dchville (Sep 25, 2011)

found it... lol

19:32:46.0985 5168 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
19:32:47.0480 5168 ============================================================
19:32:47.0480 5168 Current date / time: 2011/10/26 19:32:47.0480
19:32:47.0480 5168 SystemInfo:
19:32:47.0480 5168 
19:32:47.0480 5168 OS Version: 6.0.6002 ServicePack: 2.0
19:32:47.0480 5168 Product type: Workstation
19:32:47.0480 5168 ComputerName: DENNIS-PC
19:32:47.0481 5168 UserName: Dennis
19:32:47.0481 5168 Windows directory: C:\Windows
19:32:47.0481 5168 System windows directory: C:\Windows
19:32:47.0481 5168 Running under WOW64
19:32:47.0481 5168 Processor architecture: Intel x64
19:32:47.0481 5168 Number of processors: 2
19:32:47.0481 5168 Page size: 0x1000
19:32:47.0481 5168 Boot type: Normal boot
19:32:47.0481 5168 ============================================================
19:32:47.0982 5168 Initialize success
19:33:42.0590 5228 ============================================================
19:33:42.0590 5228 Scan started
19:33:42.0590 5228 Mode: Manual; SigCheck; TDLFS; 
19:33:42.0590 5228 ============================================================
19:33:43.0083 5228 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:33:43.0200 5228 ACPI - ok
19:33:43.0289 5228 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:33:43.0313 5228 adp94xx - ok
19:33:43.0413 5228 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:33:43.0435 5228 adpahci - ok
19:33:43.0485 5228 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:33:43.0500 5228 adpu160m - ok
19:33:43.0585 5228 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:33:43.0601 5228 adpu320 - ok
19:33:43.0676 5228 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:33:43.0748 5228 AFD - ok
19:33:43.0857 5228 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:33:43.0870 5228 agp440 - ok
19:33:43.0913 5228 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:33:43.0927 5228 aic78xx - ok
19:33:44.0033 5228 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:33:44.0044 5228 aliide - ok
19:33:44.0180 5228 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:33:44.0193 5228 amdide - ok
19:33:44.0258 5228 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:33:44.0449 5228 AmdK8 - ok
19:33:44.0530 5228 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:33:44.0564 5228 ApfiltrService - ok
19:33:44.0637 5228 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:33:44.0650 5228 arc - ok
19:33:44.0685 5228 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:33:44.0699 5228 arcsas - ok
19:33:44.0742 5228 ArcSoftKsUFilter (59d2ba1b18f14d0b49b830dc452261b0) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:33:44.0754 5228 ArcSoftKsUFilter - ok
19:33:44.0777 5228 ASPI32 - ok
19:33:44.0862 5228 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:33:44.0917 5228 AsyncMac - ok
19:33:44.0993 5228 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
19:33:45.0005 5228 atapi - ok
19:33:45.0174 5228 atikmdag (f3631ca5f0309ee4f941ea1e37e5ca60) C:\Windows\system32\DRIVERS\atikmdag.sys
19:33:45.0469 5228 atikmdag - ok
19:33:45.0600 5228 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:33:45.0614 5228 AVGIDSDriver - ok
19:33:45.0665 5228 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:33:45.0675 5228 AVGIDSEH - ok
19:33:45.0709 5228 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:33:45.0719 5228 AVGIDSFilter - ok
19:33:45.0802 5228 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
19:33:45.0818 5228 Avgldx64 - ok
19:33:45.0952 5228 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:33:45.0962 5228 Avgmfx64 - ok
19:33:46.0046 5228 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:33:46.0056 5228 Avgrkx64 - ok
19:33:46.0103 5228 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
19:33:46.0124 5228 Avgtdia - ok
19:33:46.0215 5228 Beep - ok
19:33:46.0334 5228 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:33:46.0372 5228 blbdrive - ok
19:33:46.0438 5228 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:33:46.0480 5228 bowser - ok
19:33:46.0546 5228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:33:46.0590 5228 BrFiltLo - ok
19:33:46.0665 5228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:33:46.0701 5228 BrFiltUp - ok
19:33:46.0744 5228 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:33:46.0931 5228 Brserid - ok
19:33:47.0016 5228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:33:47.0094 5228 BrSerWdm - ok
19:33:47.0150 5228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:33:47.0213 5228 BrUsbMdm - ok
19:33:47.0256 5228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:33:47.0322 5228 BrUsbSer - ok
19:33:47.0363 5228 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
19:33:47.0405 5228 BthEnum - ok
19:33:47.0484 5228 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:33:47.0557 5228 BTHMODEM - ok
19:33:47.0617 5228 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
19:33:47.0662 5228 BthPan - ok
19:33:47.0713 5228 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
19:33:47.0872 5228 BTHPORT - ok
19:33:47.0979 5228 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
19:33:48.0008 5228 BTHUSB - ok
19:33:48.0065 5228 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys
19:33:48.0078 5228 btwaudio - ok
19:33:48.0122 5228 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys
19:33:48.0135 5228 btwavdt - ok
19:33:48.0178 5228 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:33:48.0189 5228 btwl2cap - ok
19:33:48.0267 5228 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys
19:33:48.0277 5228 btwrchid - ok
19:33:48.0288 5228 catchme - ok
19:33:48.0342 5228 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:33:48.0402 5228 CAXHWAZL - ok
19:33:48.0456 5228 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:33:48.0500 5228 cdfs - ok
19:33:48.0580 5228 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:33:48.0617 5228 cdrom - ok
19:33:48.0707 5228 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:33:48.0812 5228 circlass - ok
19:33:48.0903 5228 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:33:48.0924 5228 CLFS - ok
19:33:48.0990 5228 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:33:49.0044 5228 CmBatt - ok
19:33:49.0213 5228 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:33:49.0225 5228 cmdide - ok
19:33:49.0246 5228 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:33:49.0258 5228 Compbatt - ok
19:33:49.0276 5228 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:33:49.0288 5228 crcdisk - ok
19:33:49.0367 5228 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:33:49.0414 5228 DfsC - ok
19:33:49.0468 5228 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:33:49.0482 5228 disk - ok
19:33:49.0544 5228 DMICall - ok
19:33:49.0640 5228 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:33:49.0682 5228 drmkaud - ok
19:33:49.0771 5228 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:33:49.0806 5228 DXGKrnl - ok
19:33:49.0884 5228 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:33:49.0935 5228 E1G60 - ok
19:33:50.0024 5228 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:33:50.0041 5228 Ecache - ok
19:33:50.0127 5228 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:33:50.0148 5228 elxstor - ok
19:33:50.0219 5228 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:33:50.0269 5228 ErrDev - ok
19:33:50.0366 5228 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:33:50.0418 5228 exfat - ok
19:33:50.0546 5228 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:33:50.0615 5228 fastfat - ok
19:33:50.0676 5228 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:33:50.0730 5228 fdc - ok
19:33:50.0775 5228 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:33:50.0789 5228 FileInfo - ok
19:33:50.0936 5228 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:33:51.0003 5228 Filetrace - ok
19:33:51.0041 5228 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:33:51.0080 5228 flpydisk - ok
19:33:51.0161 5228 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:33:51.0178 5228 FltMgr - ok
19:33:51.0256 5228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:33:51.0269 5228 fssfltr - ok
19:33:51.0347 5228 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:33:51.0386 5228 Fs_Rec - ok
19:33:51.0419 5228 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:33:51.0432 5228 gagp30kx - ok
19:33:51.0516 5228 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:33:51.0587 5228 HdAudAddService - ok
19:33:51.0708 5228 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:33:51.0831 5228 HDAudBus - ok
19:33:51.0897 5228 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:33:51.0954 5228 HidBth - ok
19:33:52.0020 5228 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:33:52.0083 5228 HidIr - ok
19:33:52.0159 5228 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:33:52.0209 5228 HidUsb - ok
19:33:52.0303 5228 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:33:52.0316 5228 HpCISSs - ok
19:33:52.0378 5228 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:33:52.0423 5228 HSFHWAZL - ok
19:33:52.0612 5228 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:33:52.0731 5228 HSF_DPV - ok
19:33:52.0816 5228 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:33:52.0863 5228 HTCAND64 - ok
19:33:52.0996 5228 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
19:33:53.0007 5228 htcnprot - ok
19:33:53.0090 5228 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:33:53.0170 5228 HTTP - ok
19:33:53.0232 5228 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:33:53.0244 5228 i2omp - ok
19:33:53.0318 5228 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:33:53.0360 5228 i8042prt - ok
19:33:53.0427 5228 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
19:33:53.0446 5228 iaStor - ok
19:33:53.0510 5228 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:33:53.0526 5228 iaStorV - ok
19:33:53.0793 5228 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:33:54.0337 5228 igfx - ok
19:33:54.0443 5228 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:33:54.0455 5228 iirsp - ok
19:33:54.0551 5228 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
19:33:54.0677 5228 IntcAzAudAddService - ok
19:33:54.0756 5228 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
19:33:54.0791 5228 IntcHdmiAddService - ok
19:33:54.0878 5228 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:33:54.0890 5228 intelide - ok
19:33:54.0962 5228 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:33:55.0011 5228 intelppm - ok
19:33:55.0118 5228 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:55.0164 5228 IpFilterDriver - ok
19:33:55.0200 5228 IpInIp - ok
19:33:55.0303 5228 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:33:55.0352 5228 IPMIDRV - ok
19:33:55.0400 5228 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:33:55.0453 5228 IPNAT - ok
19:33:55.0484 5228 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:33:55.0532 5228 IRENUM - ok
19:33:55.0623 5228 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:33:55.0637 5228 isapnp - ok
19:33:55.0722 5228 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:33:55.0739 5228 iScsiPrt - ok
19:33:55.0775 5228 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:33:55.0788 5228 iteatapi - ok
19:33:55.0826 5228 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:33:55.0839 5228 iteraid - ok
19:33:55.0938 5228 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:33:55.0952 5228 kbdclass - ok
19:33:55.0997 5228 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:33:56.0033 5228 kbdhid - ok
19:33:56.0115 5228 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:33:56.0155 5228 KSecDD - ok
19:33:56.0276 5228 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:33:56.0326 5228 ksthunk - ok
19:33:56.0383 5228 LEqdUsb (8817aba3a9180f6c4b8938842925b1e1) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:33:56.0396 5228 LEqdUsb - ok
19:33:56.0515 5228 LHidEqd (8bcb069c2b6da65b5f6f561293ee447c) C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:33:56.0525 5228 LHidEqd - ok
19:33:56.0613 5228 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:33:56.0624 5228 LHidFilt - ok
19:33:56.0681 5228 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:33:56.0748 5228 lltdio - ok
19:33:56.0794 5228 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:33:56.0806 5228 LMouFilt - ok
19:33:56.0855 5228 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:33:56.0868 5228 LSI_FC - ok
19:33:56.0953 5228 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:33:56.0966 5228 LSI_SAS - ok
19:33:57.0015 5228 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:33:57.0029 5228 LSI_SCSI - ok
19:33:57.0065 5228 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:33:57.0112 5228 luafv - ok
19:33:57.0161 5228 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:33:57.0191 5228 mdmxsdk - ok
19:33:57.0266 5228 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:33:57.0278 5228 megasas - ok
19:33:57.0350 5228 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:33:57.0371 5228 MegaSR - ok
19:33:57.0415 5228 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:33:57.0467 5228 Modem - ok
19:33:57.0506 5228 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:33:57.0543 5228 monitor - ok
19:33:57.0623 5228 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:33:57.0638 5228 mouclass - ok
19:33:57.0710 5228 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:33:57.0757 5228 mouhid - ok
19:33:57.0798 5228 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:33:57.0811 5228 MountMgr - ok
19:33:57.0853 5228 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:33:57.0866 5228 mpio - ok
19:33:57.0941 5228 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:33:57.0990 5228 mpsdrv - ok
19:33:58.0056 5228 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:33:58.0068 5228 Mraid35x - ok
19:33:58.0166 5228 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:33:58.0218 5228 MRxDAV - ok
19:33:58.0335 5228 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:58.0376 5228 mrxsmb - ok
19:33:58.0450 5228 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:58.0471 5228 mrxsmb10 - ok
19:33:58.0562 5228 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:58.0601 5228 mrxsmb20 - ok
19:33:58.0670 5228 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:33:58.0682 5228 msahci - ok
19:33:58.0766 5228 msdsm  (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:33:58.0779 5228 msdsm - ok
19:33:58.0830 5228 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:33:58.0875 5228 Msfs - ok
19:33:58.0951 5228 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:33:58.0964 5228 msisadrv - ok
19:33:59.0029 5228 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:33:59.0081 5228 MSKSSRV - ok
19:33:59.0121 5228 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:33:59.0174 5228 MSPCLOCK - ok
19:33:59.0206 5228 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:33:59.0265 5228 MSPQM - ok
19:33:59.0423 5228 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:33:59.0443 5228 MsRPC - ok
19:33:59.0496 5228 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:33:59.0510 5228 mssmbios - ok
19:33:59.0546 5228 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:33:59.0590 5228 MSTEE - ok
19:33:59.0648 5228 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:33:59.0662 5228 Mup - ok
19:33:59.0754 5228 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:33:59.0782 5228 NativeWifiP - ok
19:33:59.0875 5228 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:33:59.0906 5228 NDIS - ok
19:33:59.0995 5228 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:00.0043 5228 NdisTapi - ok
19:34:00.0104 5228 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:00.0226 5228 Ndisuio - ok
19:34:00.0306 5228 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:00.0357 5228 NdisWan - ok
19:34:00.0442 5228 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:34:00.0483 5228 NDProxy - ok
19:34:00.0548 5228 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:34:00.0594 5228 NetBIOS - ok
19:34:00.0676 5228 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:34:00.0736 5228 netbt - ok
19:34:01.0298 5228 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
19:34:01.0637 5228 NETw5v64 - ok
19:34:01.0738 5228 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:34:01.0752 5228 nfrd960 - ok
19:34:02.0123 5228 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:34:02.0175 5228 Npfs - ok
19:34:02.0282 5228 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:34:02.0329 5228 nsiproxy - ok
19:34:02.0478 5228 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:34:02.0578 5228 Ntfs - ok
19:34:02.0688 5228 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:34:02.0737 5228 Null - ok
19:34:02.0800 5228 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:34:02.0814 5228 nvraid - ok
19:34:02.0954 5228 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:34:02.0967 5228 nvstor - ok
19:34:03.0033 5228 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:34:03.0047 5228 nv_agp - ok
19:34:03.0079 5228 NwlnkFlt - ok
19:34:03.0101 5228 NwlnkFwd - ok
19:34:03.0171 5228 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:34:03.0212 5228 ohci1394 - ok
19:34:03.0299 5228 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:34:03.0355 5228 Parport - ok
19:34:03.0435 5228 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:34:03.0449 5228 partmgr - ok
19:34:03.0528 5228 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
19:34:03.0555 5228 pavboot - ok
19:34:03.0637 5228 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:34:03.0653 5228 pci - ok
19:34:03.0726 5228 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:34:03.0739 5228 pciide - ok
19:34:03.0796 5228 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:34:03.0821 5228 pcmcia - ok
19:34:03.0895 5228 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:34:04.0063 5228 PEAUTH - ok
19:34:04.0188 5228 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:34:04.0228 5228 PptpMiniport - ok
19:34:04.0306 5228 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:34:04.0358 5228 Processor - ok
19:34:04.0451 5228 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:34:04.0479 5228 PSched - ok
19:34:04.0530 5228 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
19:34:04.0541 5228 PxHlpa64 - ok
19:34:04.0638 5228 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:34:04.0709 5228 ql2300 - ok
19:34:04.0805 5228 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:34:04.0818 5228 ql40xx - ok
19:34:04.0878 5228 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:34:04.0896 5228 QWAVEdrv - ok
19:34:04.0932 5228 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:34:04.0981 5228 RasAcd - ok
19:34:05.0058 5228 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:05.0103 5228 Rasl2tp - ok
19:34:05.0208 5228 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:05.0248 5228 RasPppoe - ok
19:34:05.0310 5228 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:34:05.0349 5228 RasSstp - ok
19:34:05.0436 5228 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:34:05.0490 5228 rdbss - ok
19:34:05.0545 5228 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:05.0582 5228 RDPCDD - ok
19:34:05.0661 5228 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:34:05.0702 5228 rdpdr - ok
19:34:05.0747 5228 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:34:05.0788 5228 RDPENCDD - ok
19:34:05.0862 5228 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:34:05.0916 5228 RDPWD - ok
19:34:05.0983 5228 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
19:34:06.0017 5228 RFCOMM - ok
19:34:06.0096 5228 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys
19:34:06.0136 5228 rimsptsk - ok
19:34:06.0198 5228 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys
19:34:06.0235 5228 risdptsk - ok
19:34:06.0347 5228 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:34:06.0397 5228 rspndr - ok
19:34:06.0483 5228 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys
19:34:06.0497 5228 RTHDMIAzAudService - ok
19:34:06.0585 5228 sbp2port  (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:34:06.0598 5228 sbp2port - ok
19:34:06.0674 5228 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
19:34:06.0713 5228 sdbus - ok
19:34:06.0826 5228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:34:06.0890 5228 secdrv - ok
19:34:06.0949 5228 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:34:07.0010 5228 Serenum - ok
19:34:07.0069 5228 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:34:07.0130 5228 Serial - ok
19:34:07.0177 5228 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:34:07.0224 5228 sermouse - ok
19:34:07.0319 5228 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
19:34:07.0346 5228 SFEP - ok
19:34:07.0411 5228 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:34:07.0470 5228 sffdisk - ok
19:34:07.0532 5228 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:34:07.0569 5228 sffp_mmc - ok
19:34:07.0610 5228 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:34:07.0647 5228 sffp_sd - ok
19:34:07.0741 5228 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
19:34:07.0778 5228 sfloppy - ok
19:34:07.0882 5228 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:34:07.0894 5228 SiSRaid2 - ok
19:34:07.0960 5228 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:34:07.0974 5228 SiSRaid4 - ok
19:34:08.0054 5228 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:34:08.0084 5228 Smb - ok
19:34:08.0202 5228 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:34:08.0215 5228 spldr - ok
19:34:08.0295 5228 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:34:08.0361 5228 srv - ok
19:34:08.0436 5228 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:34:08.0483 5228 srv2 - ok
19:34:08.0559 5228 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:34:08.0587 5228 srvnet - ok
19:34:08.0647 5228 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:34:08.0659 5228 swenum - ok
19:34:08.0726 5228 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:34:08.0740 5228 Symc8xx - ok
19:34:08.0782 5228 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:34:08.0794 5228 Sym_hi - ok
19:34:08.0914 5228 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:34:08.0927 5228 Sym_u3 - ok
19:34:09.0021 5228 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
19:34:09.0116 5228 Tcpip - ok
19:34:09.0244 5228 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
19:34:09.0314 5228 Tcpip6 - ok
19:34:09.0436 5228 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:34:09.0462 5228 tcpipreg - ok
19:34:09.0530 5228 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:34:09.0583 5228 TDPIPE - ok
19:34:09.0657 5228 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:34:09.0712 5228 TDTCP - ok
19:34:09.0822 5228 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:34:09.0868 5228 tdx - ok
19:34:09.0955 5228 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:34:09.0970 5228 TermDD - ok
19:34:10.0076 5228 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:10.0126 5228 tssecsrv - ok
19:34:10.0175 5228 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:34:10.0221 5228 tunmp - ok
19:34:10.0330 5228 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:34:10.0354 5228 tunnel - ok
19:34:10.0424 5228 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:34:10.0438 5228 uagp35 - ok
19:34:10.0557 5228 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:34:10.0591 5228 udfs - ok
19:34:10.0668 5228 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:34:10.0683 5228 uliagpkx - ok
19:34:10.0795 5228 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:34:10.0811 5228 uliahci - ok
19:34:10.0881 5228 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:34:10.0898 5228 UlSata - ok
19:34:10.0999 5228 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:34:11.0012 5228 ulsata2 - ok
19:34:11.0140 5228 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:34:11.0186 5228 umbus - ok
19:34:11.0255 5228 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:34:11.0296 5228 usbaudio - ok
19:34:11.0415 5228 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:34:11.0457 5228 usbccgp - ok
19:34:11.0523 5228 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:34:11.0589 5228 usbcir - ok
19:34:11.0626 5228 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:34:11.0655 5228 usbehci - ok
19:34:11.0780 5228 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:34:11.0826 5228 usbhub - ok
19:34:11.0886 5228 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:34:11.0961 5228 usbohci - ok
19:34:12.0048 5228 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:34:12.0086 5228 usbprint - ok
19:34:12.0179 5228 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:34:12.0209 5228 usbscan - ok
19:34:12.0272 5228 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:12.0301 5228 USBSTOR - ok
19:34:12.0390 5228 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:34:12.0436 5228 usbuhci - ok
19:34:12.0536 5228 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:34:12.0591 5228 usbvideo - ok
19:34:12.0681 5228 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
19:34:12.0720 5228 usb_rndisx - ok
19:34:12.0793 5228 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:12.0856 5228 vga - ok
19:34:12.0941 5228 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:34:12.0978 5228 VgaSave - ok
19:34:13.0023 5228 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:34:13.0035 5228 viaide - ok
19:34:13.0109 5228 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:34:13.0123 5228 volmgr - ok
19:34:13.0214 5228 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:34:13.0236 5228 volmgrx - ok
19:34:13.0329 5228 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:34:13.0347 5228 volsnap - ok
19:34:13.0422 5228 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:34:13.0437 5228 vsmraid - ok
19:34:13.0525 5228 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:34:13.0591 5228 WacomPen - ok
19:34:13.0685 5228 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:13.0717 5228 Wanarp - ok
19:34:13.0721 5228 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:13.0752 5228 Wanarpv6 - ok
19:34:13.0847 5228 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:34:13.0860 5228 Wd - ok
19:34:13.0961 5228 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:34:13.0975 5228 WDC_SAM - ok
19:34:14.0035 5228 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:34:14.0069 5228 Wdf01000 - ok
19:34:14.0180 5228 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:34:14.0199 5228 WimFltr - ok
19:34:14.0250 5228 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:34:14.0318 5228 winachsf - ok
19:34:14.0429 5228 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:34:14.0468 5228 WmiAcpi - ok
19:34:14.0562 5228 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:34:14.0592 5228 WpdUsb - ok
19:34:14.0654 5228 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:34:14.0691 5228 ws2ifsl - ok
19:34:14.0748 5228 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:34:14.0800 5228 WUDFRd - ok
19:34:14.0826 5228 X4HSX32 - ok
19:34:14.0904 5228 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
19:34:14.0923 5228 XAudio - ok
19:34:15.0001 5228 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys
19:34:15.0084 5228 yukonx64 - ok
19:34:15.0114 5228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:34:15.0207 5228 \Device\Harddisk0\DR0 - ok
19:34:15.0210 5228 Boot (0x1200) (2b56d247874686c99efc93bdb346feb7) \Device\Harddisk0\DR0\Partition0
19:34:15.0211 5228 \Device\Harddisk0\DR0\Partition0 - ok
19:34:15.0214 5228 ============================================================
19:34:15.0214 5228 Scan finished
19:34:15.0214 5228 ============================================================
19:34:15.0229 5232 Detected object count: 0
19:34:15.0229 5232 Actual detected object count: 0


----------



## dchville (Sep 25, 2011)

as for AVG PC Analyzer...it found 75 registry errors, 68 junk files errors, and 16 broken shortcuts errors. It will show me details but I can't copy and paste the info....here is an example from the registry errors: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVertion\Explorer\FileExts\.jpg\OpenWithList\c


----------



## eddie5659 (Mar 19, 2001)

Okay, that looks clean. As for the AVG PC Analyzer, I wouldn't worry about it. It seems to be trying to go the same route as CCleaner, and I tend to try and avoid promoting them, as they can cause more harm then good in the long run.

I'm guessing you have no problems with opening picture files up, which is what .jpg's are, in the above example.

As for AVG toolbar, there is a way which AVG suggest here:

http://www.avg.com/ww-en/faq.num-2307

Though, again, its up to you. You can always just stop it from running, by rightclicking where the toolbar shows, and selecting unselecting it.

This is mine, with the Avast toolbar not running:


----------



## dchville (Sep 25, 2011)

so are we all fixed now?


----------



## eddie5659 (Mar 19, 2001)

Yep, looks good to me, are you having any problems? If not, we'll remove the tools we've used


----------



## dchville (Sep 25, 2011)

Everything seems ok... However in my task manager under services there are many that have stopped running should I be concerned?


----------



## eddie5659 (Mar 19, 2001)

I think that the old way of showing the Processes in XP meant you only saw the ones that are running. I've just looked at my Windows 7, and there are plenty stopped:


----------



## dchville (Sep 25, 2011)

ok... I guess all is good then...so I can remove all the tools now.
I wanna thank you very much for your time. I hope one day I can pay it forward.


----------



## eddie5659 (Mar 19, 2001)

Okay, I'll post the removal as follows. And good to hear its all okay 

We have a couple of last steps to perform and then you're all set. Any Problems/Questions, let me know 

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================

Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
superantispyware
FixIEDef 
SystemLook 
aswMBR
TDSSKiller
*

==============================

----------------------------

Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------------------------

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
*Install MVPS Hosts File* *From Here*
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can Find the Tutorial * *HERE*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:
*Online Armor Free*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie[/B]


----------

