# This setup thing keeps popping up everyday



## CamiKitti (Aug 29, 2011)

I always kill the service. There's a picture attached.
I don't why it won't stop. It usually starts with GL______.tmp
Help!


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Firstly, welcome to the *TSG - Virus & Other Malware Removal Forum*. 
My name is *Scolabar*, and I'll be helping you with your *malware* problems.
Logs can take a while to research, so please be patient.
*If you no longer require help i would be grateful if you would let me know.*

*Please note the following important guidelines before proceeding:*


*The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable*!
If you have any questions or do not understand something, *please do not hesitate to ask*, don't guess or assume.
*Only* post your problem at *One help site*. Applying fixes from multiple help sites can cause problems.
*Only* reply to this thread, do not start another. Please, continue responding, until I give you the *All Clean*.
Absence of symptoms does not necessarily mean that everything is clear.
*DO NOT run any other fix or removal tools unless instructed to do so!*
*DO NOT install* any other software (or hardware) during the cleaning process. This adds more items to be researched.
*Print each set of instructions*, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 *Vista - W7 Advice:*
*Please Note:* The programs I ask you to use will need to be run in *Administrator Mode*.
In order to do this *Right-click* on the program file and select the *Run as Administrator* option.
Additionally, the built-in *User Account Control (UAC)* utility, if enabled, may prompt you for permission to run the program. 
If prompted, please click on the *Allow* button.
*Reference:* *User Account Control (UAC) and Running as Administrator*



> Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose *before* we start.


*Backup Your Data - Windows XP*
*Backup Your Data - Windows Vista*
*Backup Your Data - Windows 7*
If you follow these guidelines, things should proceed smoothly. 

In the meantime please can you read the instructions provided *HERE* and post the HijackThis and DDS logs into your next reply.

*Include in Next Post*


Did you have any problems carrying out the instructions?
*HijackThis Log*.
*DDS.txt*.
Do you have the original Windows installation media for your PC?
*Attachment(s) Required:*
*Attach.txt*.

 Thank you for your patience.

*
Scolabar*


----------



## CamiKitti (Aug 29, 2011)

1. Had trouble with saving DDS files.
2. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:34:30 PM, on 1/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\SNL\Desktop\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S6E3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\SNL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14613 bytes

3..
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by SNL at 17:37:18 on 2012-01-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1596 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIAFA.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = 
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uSearch Bar = 
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
uRun: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S6E3F.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\SNL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 10.100.22.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\2456374702755637475627E60234F656572702460214C656E6560294E6E6 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\247534441494E4E433 : DhcpNameServer = 216.229.160.10 216.229.168.10 216.136.95.2
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\D697177756374743535333 : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\SNL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\SNL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-3 44768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-13 259192]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-29 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-29 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-13 44736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-7-29 1021840]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-22 22:17:01	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F0D4123-187A-42E2-BBD0-8B43122CD4CE}\offreg.dll
2012-01-22 02:39:34	8602168	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F0D4123-187A-42E2-BBD0-8B43122CD4CE}\mpengine.dll
2012-01-18 20:35:43	--------	d-----w-	C:\Users\SNL\AppData\Local\{7A93A845-761A-47BD-8D81-53F6108EA59E}
2012-01-18 20:35:31	--------	d-----w-	C:\Users\SNL\AppData\Local\{95113215-1EC3-43A8-91C6-60B3FFE07733}
2012-01-16 19:13:25	--------	d-----w-	C:\Users\SNL\AppData\Roaming\PhotoFiltre 7
2012-01-16 19:13:20	--------	d-----w-	C:\Program Files (x86)\PhotoFiltre 7
2012-01-16 01:44:00	626688	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-16 01:44:00	548864	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-16 01:44:00	479232	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-16 01:44:00	43992	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 04:42:57	1572864	----a-w-	C:\Windows\System32\quartz.dll
2012-01-11 04:42:57	1328128	----a-w-	C:\Windows\SysWow64\quartz.dll
2012-01-11 04:42:56	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-01-11 04:42:55	366592	----a-w-	C:\Windows\System32\qdvd.dll
2012-01-11 04:42:54	1292080	----a-w-	C:\Windows\SysWow64\ntdll.dll
2012-01-11 04:42:53	1731920	----a-w-	C:\Windows\System32\ntdll.dll
2012-01-11 04:42:51	77312	----a-w-	C:\Windows\System32\packager.dll
2012-01-11 04:42:51	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2012-01-05 01:59:50	--------	d-----r-	C:\Program Files (x86)\Skype
2012-01-04 01:57:22	--------	d-----w-	C:\Users\SNL\AppData\Local\APN
2012-01-04 01:56:34	--------	d-----w-	C:\Program Files (x86)\ManyCam
2012-01-03 13:10:44	182672	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44	182672	----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-17 05:16:29	952	--sha-w-	C:\ProgramData\KGyGaAvL.sys
2011-11-28 18:01:25	41184	----a-w-	C:\Windows\avastSS.scr
2011-11-28 17:54:06	591192	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11	66904	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-24 04:52:09	3145216	----a-w-	C:\Windows\System32\win32k.sys
2011-11-23 06:27:03	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14	152432	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43	459232	----a-w-	C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28	395776	----a-w-	C:\Windows\System32\webio.dll
2011-11-17 06:35:26	29184	----a-w-	C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26	136192	----a-w-	C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25	340992	----a-w-	C:\Windows\System32\schannel.dll
2011-11-17 06:35:25	28160	----a-w-	C:\Windows\System32\secur32.dll
2011-11-17 06:35:19	1447936	----a-w-	C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55	31232	----a-w-	C:\Windows\System32\lsass.exe
2011-11-17 05:35:02	314880	----a-w-	C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52	224768	----a-w-	C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2011-11-15 22:29:56	270720	------w-	C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50	2048	----a-w-	C:\Windows\System32\tzres.dll
2011-11-05 04:26:03	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2011-11-04 18:56:44	770384	----a-w-	C:\Windows\SysWow64\msvcr100.dll
2011-11-04 18:56:44	421200	----a-w-	C:\Windows\SysWow64\msvcp100.dll
2011-11-04 01:53:39	2309120	----a-w-	C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47	1390080	----a-w-	C:\Windows\System32\wininet.dll
2011-11-04 01:44:21	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42	1798144	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20	43520	----a-w-	C:\Windows\System32\csrsrv.dll
.
============= FINISH: 17:40:49.04 ===============

4. Nope, came with computer.
5.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the logs. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*OTL - Scan*


Please download *OTL* by *Old Timer*. *Save it to your Desktop*.
Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Under *Output*, ensure that the *Standard Output* option is selected.
Under the *Extra Registry* section, select the *Use SafeList* option.
Click the *Scan All Users* checkbox.
Tick the *LOP Check* and *Purity Check* checkboxes.
Also make sure the *Include 64bit Scans* checkbox is *ticked*.
*Note:* Please leave the remaining selections on the default settings.
Click on the *Run Scan* button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
*OTL.txt* <-- _Will be opened, maximized._
*Extras.txt* <-- _Will be minimized on task bar._

Please *Copy* and *Paste* the entire contents of both *OTL.txt* and *Extras.txt* files into your next reply.
 *Step 2:*
*Disable Windows Defender*

*Windows Defender's Real Time Protection* may interfere with the fix, so we need to *temporarily disable* it.


Close all open program windows so that you are returned to your Desktop.
Click on *Start* > *Computer*.
Click the *Start Search* box on the *Start Menu*.
*Copy* and *Paste* the following value into the open text entry box:
*
defender

*
Double-click on *Windows Defender* to launch the program.
Click on the *Tools* button at the top of the Windows Defender screen.
Under the *Settings* section click on *Options*.
Under the *Automatic scanning* section *Uncheck* the *Automatically scan my computer (recommended)* box.
*Scroll* down to the *Real Time Protection Options* section.
*Uncheck* the *Turn on Real Time Protection (recommended)* box.
*Close* Windows Defender.
 *Please Note: Don't forget to re-enable Windows Defender's Real Time Protection, after your computer has been declared to be clear of malware infection.*

*Step 3:*
*Disable Avast! Realtime Protection*

We need to temporarily disable Avast! realtime protection as follows:


Right-click on the orange Avast! icon in the system tray and select *avast! shields control*.
Select the *Disable until computer is restarted* option.
Then click on the *OK* button in the subsequent pop-up alert window.
*Note:*The Avast! realtime protection will now be temporarily disabled.
 *Step 4:*
*TDSSKiller - Scan*


Please download *TDSSKiller.exe* by *Kaspersky* and *save* it to your *Desktop*. *<-- Important!!!*
Right-click on *TDSSKiller.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
If TDSSKiller does not run, try renaming the program file. Right-click on *TDSSKiller.exe*, select the *Rename* option and give the program a random name with the *.com* file extension (i.e. ektfhtw.com). 
If you cannot see file extensions, please refer to: How to change the file extension.
Click the *Start Scan* button. Do not use the computer during the scan!
When the scan has finished, if it finds anything please click on the drop down arrow next to *Cure* and select *Skip*
Now click on *Report* to open the log file created by TDSSKiller.
The log file named *TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt* is created and saved to the root directory. (Usually C: drive).
*Copy* and *Paste* the entire contents of the *TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt* file into your next reply.
 *PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.*

*Step 5:*
*Re-enable Avast! Realtime Protection*

Remember to re-enable Avast! realtime protection as follows:


Right-click on the orange Avast! icon in the system tray and select *avast! shields control*.
Select the *Enable all shields* option.
*Note:*The Avast! realtime protection will now be re-enabled.

Alternatively, you can simply restart your computer to re-enable Avast! realtime protection.
 *Step 6:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*OTL.exe*.
*Extras.txt*.
*TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt*.

*Scolabar*


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

*It has been over 48 hours since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I need more time, I'm sorry about that.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the update. 

*Please Note:* It is very important to reply in a timely manner when dealing with malware. 
Unnecessary delays will inevitably lead to the attempted clean up procress taking longer which could lead to potentially damaging consequences for the computer.

Please advise how much additional time you require.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

OTL isn't running very well on my computer. It freezes at times, starts to run again, and then freezes again.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Apologies for the inconvenience. 

Please try disabling Windows Defender and Avast! Realtime Protection first before running OTL to see if that allows OTL to run properly.
If that works, please continue with the rest of the instructions.

*Otherwise:*If it doesn't work, please download and run the following tool and post back the log:

*RogueKiller*


Please download *RogueKiller.exe* by *Tigzy* and *Save* it to your *Desktop*.
*Note:* If malware prevents execution, you may try executing the program several times. If that is unsuccessful, rename the program to *winlogon.exe* and try running it again.
Close all open windows, quit all running programs.
Right-click on *RogueKiller.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
When the program window appears, type *1* and then press *Enter*.
When the scan is finished, a file named *RKreport.txt* should appear on your *Desktop*.
Then *Copy* and *Paste* the entire contents of the *RKreport.txt* file into your next reply.
Thank you for your patience.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Right, when it starts Scanning Modules, it freezes...

RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: SNL [Admin rights]
Mode: Scan -- Date : 01/28/2012 15:12:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9SA00 +++++
--- User ---
[MBR] a066cdd656cd30d5271c42a41fbc2718
[BSP] ec84700d304d904d43f806f37668d51c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10977 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21442560 | Size: 104 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21647360 | Size: 308988 Mo

User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Ricoh Memory Stick Disk Device +++++
--- User ---
[MBR] 2e289e2cd9695254e77cb00d662f517b
[BSP] 8729554be724306ebed1cc8b20dc5aa9 : MBR Code unknown
Partition table:
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
------------

15:14:43.0343 3036	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:14:45.0793 3036	Perform update action was selected
15:14:45.0808 2540	Deinitialize success
--------------------------------


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the log and feedback.
Let's try the following instructions to see if we can get OTL to run. If this doesn't work we will try an alternative tack. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed and *disconnect any flash/thumb drives*.

*Step 1:*
*OTH*


Please Download *OTH* by *Old Timer* and *Save *it to your* Desktop*.
Right-click on *OTH.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Click on *Kill All Processes * <-- The desktop, taskbar, etc will now disappear, this is normal as all running process will have been stopped.
Then click on the *OTL* button.
_If you receive an *Open File - Security Warning* alert, please click on the *Run* button to continue._
Now run OTL as previously instructed.
 *Step 2:*
*SystemLook*


Please download *SystemLook_x64.exe* by *jpshortstuff* and *Save *it to your* Desktop*. 
Alternate download *site*.
Right-click on *SystemLook_x64.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
_If you receive an *Open File - Security Warning* alert, please click on the *Run* button to continue._
*Copy* and *Paste* the text in the code box below into SystemLook's main text entry window:

```
:filefind
TDSSKiller*_log.txt

:regfind
NewStartPanel
```

Click on the *Look* button to start the scan. 
_When SystemLook_x64 has completed its task a Notepad window will open showing the results of the scan._
A log file will be created on your Desktop named *SystemLook.txt*.
Please post the contents of the *SystemLook.txt* file in your next reply.
 *Step 3:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*OTL.exe*.
*Extras.txt*.
*SystemLook.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I wanted to say that if I don't reply back quick enough, it's because of school. I have finals coming up.
Also, OTL didn't work again, and I think OTH didn't work either cause the desktop wasn't blank when I clicked on kill all process. :\


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,



> I wanted to say that if I don't reply back quick enough, it's because of school. I have finals coming up.


Thank you for letting me know. Please post back as soon as you are able. 



> Also, OTL didn't work again, and I think OTH didn't work either cause the desktop wasn't blank when I clicked on kill all process.


Thank you for this update.

Let's try a different tack to see if we can get OTL to run.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 2:*
*Rkill*


Please download *rkill.com* by *Grinler*. *Save* it to your *Desktop*.
Alternate download links are available as follows: *rkill.scr* or *iExplore.exe*.
*Note:* If your security software warns about Rkill, please ignore and allow the download to continue.
Right-click on the *Rkill* desktop icon and select the *Run As Administrator* option, or the *Open* option if "Run As Administrator" is not available, to launch the program. If you receive a UAC prompt, please allow it.
A command window will open then disappear upon completion, this is normal.
If this does not happen, delete the file, then download and use the next alternative link provided.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
 *Do not reboot* your machine until asked to do so. 
If no version of Rkill would run, please let me know.
When finished, Notepad will open with a log file, automatically saved at *C:\rkill.log*.
*Copy* and *Paste* the entire contents of the *rkill.log* file into your next reply.
*Note:* Please leave *Rkill* on the *Desktop* unless instructed otherwise.



> *Note:* If you get an alert that Rkill is infected, *ignore it*. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, *leave the warning on the screen*, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.


Please try running Rkill until malware is no longer running. You should then be able to proceed with the rest of the instructions.

*Step 3:*
*OTL - Scan*

Then run OTL as instructed initially (without running OTH) and post back the logs.

*Step 4:*
*SystemLook*

Then run SystemLook as previously instructed and post back the log.

*Step 5:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*rkill.log*.
*OTL.exe*.
*Extras.txt*.
*SystemLook.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

1)
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish.

Rkill was run on 02/02/2012 at 16:05:46. 
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\SNL\AppData\Local\Google\Update\GoogleUpdate.exe

Rkill completed on 02/02/2012 at 16:05:58.

2)
OTL logfile created on: 2/2/2012 4:07:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SNL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 50.33% Memory free
7.34 Gb Paging File | 5.31 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.77 Gb Total Space | 213.53 Gb Free Space | 74.20% Space Free | Partition Type: NTFS

Computer Name: LANG | User Name: SNL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 16:49:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
PRC - [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/29 14:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/08/13 18:14:16 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/02/14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/07/15 10:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/07/15 10:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/07/15 10:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/07/15 10:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/06/17 11:44:10 | 000,851,824 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/06/01 02:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/05/31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 18:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 16:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 12:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 12:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/19 21:35:35 | 000,411,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/19 21:35:34 | 003,767,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/19 21:34:10 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/19 21:34:09 | 000,222,208 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/19 21:34:07 | 001,746,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2012/01/19 18:14:40 | 008,593,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
MOD - [2012/01/09 19:33:15 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/09 19:33:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 18:34:42 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/10/16 16:35:36 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2011/10/16 16:35:22 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll
MOD - [2011/10/16 16:35:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
MOD - [2011/10/16 16:34:40 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
MOD - [2011/10/16 16:34:40 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
MOD - [2011/10/16 16:34:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/16 16:33:16 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2011/10/16 16:32:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/16 16:17:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/16 16:16:37 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/16 16:16:36 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/16 16:16:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/16 16:16:04 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/16 16:15:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/16 16:15:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/16 16:15:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/16 16:15:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/16 16:15:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
MOD - [2011/10/16 16:14:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/16 16:14:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/16 16:14:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/16 16:14:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/04 14:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 14:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 17:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 17:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 17:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 17:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/15 10:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/07/15 10:07:40 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/07/15 10:07:40 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/07/15 10:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/07/15 10:07:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/07/15 10:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/07/15 10:07:40 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/07/15 10:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/07/15 10:07:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/07/15 10:07:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/07/15 10:07:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/07/15 10:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/07/15 10:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/07/15 10:07:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/07/15 10:07:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/07/15 10:07:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/07/15 10:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/07/15 10:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2010/07/15 10:07:40 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:*64bit:* - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:*64bit:* - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:*64bit:* - [2011/04/20 09:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:*64bit:* - [2011/02/14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:*64bit:* - [2011/01/29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:*64bit:* - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/06/21 17:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:*64bit:* - [2010/06/09 14:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:*64bit:* - [2010/06/09 14:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:*64bit:* - [2010/06/09 14:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:*64bit:* - [2010/06/06 21:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/13 18:14:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/06/20 20:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/20 20:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 06:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/17 11:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/01 02:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 12:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/28 12:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/11/28 09:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2011/11/28 09:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2011/11/28 09:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:*64bit:* - [2011/11/28 09:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2011/11/28 09:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2011/11/28 09:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/15 16:55:01 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2010/08/26 01:19:38 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2010/08/26 01:16:50 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/06/24 12:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2010/06/23 12:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:*64bit:* - [2010/06/23 12:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:*64bit:* - [2010/05/31 13:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2010/05/31 13:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2010/05/31 13:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2010/05/28 12:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:*64bit:* - [2010/05/28 12:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2010/04/26 12:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:*64bit:* - [2010/03/29 16:31:18 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)
DRV:*64bit:* - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/12/23 10:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/03/12 23:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:*64bit:* - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://www.google.com/search?&q="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SNL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SNL\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SNL\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 17:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/10 15:14:37 | 000,000,000 | ---D | M]

[2010/12/04 13:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Extensions
[2010/12/04 13:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/27 22:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions
[2012/01/26 18:05:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/11 15:45:52 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/11/23 16:41:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/15 17:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/26 18:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/26 18:24:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\SNL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KIJ2RELY.DEFAULT\EXTENSIONS\{4AA181F9-4BE4-4D09-9B4B-28F957D14BF3}.XPI
() (No name found) -- C:\USERS\SNL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KIJ2RELY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/15 17:44:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/15 17:43:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/15 17:43:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\SNL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: di.slik.es - the Facebook Dislike Button = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmlfebmbccbmdaihmpefcfehaodlecb\1.2.0.1_0\
CHR - Extension: Angry Birds = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: WOT = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\
CHR - Extension: AdBlock = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.14_0\
CHR - Extension: HappyBirthday Extension = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfhjkomemmocbjiepgnmlmbjgmhehgk\1.0_0\
CHR - Extension: Poke All for Chrome = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj\2.6_0\
CHR - Extension: MyYearBook Secret Admirer Hack = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lelhmjggcjldkkfkdooiemacaihhchej\1.0.9.1_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: FB Dislike = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\2.0.1_0\
CHR - Extension: Cath Kidston = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.7_0\
CHR - Extension: Facebook Super Select All = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnaoebelpbmmcdoboinnphhoakdnaah\1.4.2_0\
CHR - Extension: ezLinkPreview Modal = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmljbopmblcfhknligfhgfjjfaigkll\0.45_0\
CHR - Extension: MegaSkipper = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.64_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:*64bit:* - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001..\Run: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S6E3F.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001..\Run: [Facebook Update] C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 10.100.22.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18:*64bit:* - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 20:30:52 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTH.exe
[2012/01/28 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Roaming\Bullzip
[2012/01/28 23:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2012/01/28 23:08:54 | 000,232,960 | ---- | C] (BullZip) -- C:\Windows\SysNative\bzpdf.dll
[2012/01/28 23:08:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.OCX
[2012/01/28 23:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/01/28 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\SNL\Desktop\RK_Quarantine
[2012/01/24 16:44:58 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SNL\Desktop\TDSSKiller (2).exe
[2012/01/23 22:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 22:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 22:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/23 22:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/23 16:49:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
[2012/01/18 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{7A93A845-761A-47BD-8D81-53F6108EA59E}
[2012/01/18 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{95113215-1EC3-43A8-91C6-60B3FFE07733}
[2012/01/16 11:17:43 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
[2012/01/16 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre 7
[2012/01/16 11:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2012/01/16 11:13:22 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2012/01/16 11:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre 7
[2012/01/15 17:35:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/15 17:35:48 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/15 17:35:48 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/15 17:35:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/15 17:35:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 17:35:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/10 20:42:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 20:42:57 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 20:42:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 20:42:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 20:42:53 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 20:42:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 20:42:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/04 17:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/04 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/01/04 17:59:50 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/01/03 17:57:22 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\APN
[2012/01/03 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam

========== Files - Modified Within 30 Days ==========

[2012/02/02 16:16:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2012/02/02 16:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/02/02 16:14:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2012/02/02 16:08:39 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 16:08:39 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 16:01:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 16:00:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 16:00:27 | 2955,493,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 00:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 22:20:48 | 001,008,141 | ---- | M] () -- C:\Users\SNL\Desktop\rkill.com
[2012/02/01 22:19:54 | 000,165,376 | ---- | M] () -- C:\Users\SNL\Desktop\SystemLook_x64.exe
[2012/02/01 22:14:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/01/31 00:50:02 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/31 00:50:02 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/31 00:50:02 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 20:30:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTH.exe
[2012/01/28 15:15:17 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SNL\Desktop\TDSSKiller (2).exe
[2012/01/28 15:11:14 | 001,200,128 | ---- | M] () -- C:\Users\SNL\Desktop\RogueKiller.exe
[2012/01/23 22:07:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 16:49:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
[2012/01/23 00:44:48 | 490,031,122 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 08:56:29 | 000,408,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/17 21:36:18 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/17 21:36:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/16 21:16:29 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/16 11:13:23 | 000,001,062 | ---- | M] () -- C:\Users\SNL\Desktop\PhotoFiltre 7.lnk
[2012/01/16 10:22:11 | 000,412,260 | ---- | M] () -- C:\test.xml
[2012/01/10 15:19:13 | 000,003,584 | ---- | M] () -- C:\Users\SNL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 17:59:55 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/02/01 22:20:33 | 001,008,141 | ---- | C] () -- C:\Users\SNL\Desktop\rkill.com
[2012/02/01 22:19:59 | 000,165,376 | ---- | C] () -- C:\Users\SNL\Desktop\SystemLook_x64.exe
[2012/01/28 15:11:17 | 001,200,128 | ---- | C] () -- C:\Users\SNL\Desktop\RogueKiller.exe
[2012/01/23 22:07:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 18:12:45 | 000,001,547 | ---- | C] () -- C:\Users\SNL\Desktop\Windows Media Player.lnk
[2012/01/16 11:13:23 | 000,001,062 | ---- | C] () -- C:\Users\SNL\Desktop\PhotoFiltre 7.lnk
[2012/01/10 15:19:13 | 000,003,584 | ---- | C] () -- C:\Users\SNL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 17:59:55 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/11 12:06:01 | 000,002,189 | ---- | C] () -- C:\Users\SNL\AppData\Local\TempfixPerms.vbs
[2011/11/29 16:27:23 | 000,000,017 | ---- | C] () -- C:\Users\SNL\AppData\Local\resmon.resmoncfg
[2011/02/25 19:55:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/06 13:30:38 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2010/11/28 16:54:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/28 16:54:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/28 16:54:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/28 16:54:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/28 16:54:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/28 16:54:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/28 16:54:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/28 16:54:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/28 16:54:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/28 16:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/28 16:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/28 16:54:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/28 16:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/28 16:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/28 16:54:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/28 16:54:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/26 13:49:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/26 01:17:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/26 01:16:26 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/12 14:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/12 12:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/12 12:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/12 12:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/12 12:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010/07/12 12:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/20 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\AnvSoft
[2011/12/24 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Audacity
[2011/03/18 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Auslogics
[2010/12/16 20:49:21 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Broderbund
[2012/01/28 23:11:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Bullzip
[2011/08/07 12:19:20 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\gtk-2.0
[2012/01/29 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\IMVU
[2011/11/18 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\IMVUClient
[2012/01/17 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\ManyCam
[2011/07/03 08:14:54 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\NCH Swift Sound
[2011/12/19 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Nitro PDF
[2011/12/19 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\OpenCandy
[2011/06/25 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PACE Anti-Piracy
[2011/02/05 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre
[2012/01/16 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre 7
[2012/01/16 11:19:43 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre Studio X
[2011/12/19 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PrimoPDF
[2011/09/08 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Texas Instruments
[2011/09/08 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\TI-Nspire
[2010/12/04 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Vivox
[2011/03/20 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Windows Live Writer
[2012/02/02 16:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/02/02 16:16:00 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2011/12/26 16:11:19 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1199 bytes -> C:\Users\SNL\AppData\Local\uX8VtKpRTlRC:xIIjrWYClGCT0RzRq1cIw1T

< End of report >

3)
OTL Extras logfile created on: 2/2/2012 4:07:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SNL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 50.33% Memory free
7.34 Gb Paging File | 5.31 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.77 Gb Total Space | 213.53 Gb Free Space | 74.20% Space Free | Partition Type: NTFS

Computer Name: LANG | User Name: SNL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
"EPSON Printer and Utilities" = EPSON Printer Software
"GIMP-2_is1" = GIMP 2.6.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B591D7-1C20-44FB-97C2-6953AE67DE18}" = Mavis Beacon Teaches Typing Deluxe 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}" = VAIO Help and Support
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0197E45-D866-44D0-90AF-529F28F15ABA}" = Skype 5.7
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DD980D24-1240-4052-A5F7-411786C36AC8}" = Remote Keyboard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Application Manager for VAIO" = Application Manager for VAIO
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"splashtop" = VAIO Quick Web Access
"TI-Nspire Student Software" = TI-Nspire Student Software
"VAIO Messenger" = VAIO Messenger
"VST Bridge_is1" = VST Bridge 1.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"PhotoFiltre 7" = PhotoFiltre 7
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Tango" = Tango
"The Moving Man" = The Moving Man

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

4)
SystemLook 30.07.11 by jpshortstuff
Log created at 16:41 on 02/02/2012 by SNL
Administrator - Elevation successful

========== filefind ==========

Searching for "TDSSKiller*_log.txt"
C:\TDSSKiller.2.7.6.0_28.01.2012_15.14.43_log.txt	--a---- 346 bytes	[23:14 28/01/2012]	[23:14 28/01/2012] 697E87DB05F9D9DBACAC164CD060819D
C:\TDSSKiller.2.7.7.0_28.01.2012_15.15.27_log.txt	--a---- 80438 bytes	[23:15 28/01/2012]	[23:16 28/01/2012] 643CFADD8A40128B47214F018A2A6625

========== regfind ==========

Searching for "NewStartPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartPanel]

-= EOF =-


----------



## CamiKitti (Aug 29, 2011)

Note: I'd like to inform you that I will be not be able to respond for the weekend, until Sunday night.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the logs. :up:



> Note: I'd like to inform you that I will be not be able to respond for the weekend, until Sunday night.


Thanks for letting me know. Please complete the instructions below when you are ready.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 2:*
*Re-Run Rkill*

Please *Re-run Rkill* as before and post the contents of *rkill.log* in your next reply.

*Step 3:*
*aswMBR - Scan*


Please download *aswMBR.exe* © *Avast Software* ( 511KB ) and *Save* it to your *Desktop*.
Right-click on *aswMBR.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Click on the *Scan* button to start the scan.
On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the *Save log* button.
You will be prompted to save a file named *aswMBR.txt*. *Save it to your Desktop*.
Please *Copy* and *Paste* the contents of *aswMBR.txt* into your next reply.
 *Please Note:* A file will be created and placed on your desktop when you execute aswMBR, named *MBR.dat*. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

*Step 4:*
*SystemLook*


Right-click on *SystemLook_x64.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
_If you receive an *Open File - Security Warning* alert, please click on the *Run* button to continue._
*Copy* and *Paste* the text in the code box below into SystemLook's main text entry window:

```
:contents
C:\TDSSKiller.2.7.6.0_28.01.2012_15.14.43_log.txt
C:\TDSSKiller.2.7.7.0_28.01.2012_15.15.27_log.txt
```

Click on the *Look* button to start the scan. 
_When SystemLook_x64 has completed its task a Notepad window will open showing the results of the scan._
A log file will be created on your Desktop named *SystemLook.txt*.
Please post the contents of the *SystemLook.txt* file in your next reply.
 *Step 5:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*aswMBR.txt*.
*SystemLook.txt*.

*Scolabar*


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

*It has been over 48 hours since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Sorry about that. I do need more time and something went wrong. The speakers were acting up during a scan (or after, I'm not sure, I left the computer with my sister) and when my sister when to press the power button (it is set to just sleep when pressed), it restarted the computer and it did that screen where it said







. I checked the event viewer and apparently there was a bug check or something like that.0x000000d1 (0x00000000723d2005, 0x0000000000000002, 0x0000000000000001, 0xfffff880012712ad)


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thanks for the update.

That crash could have been caused by a number of things. 
Are you still able to boot the computer normally?
If so, let's try the following first.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*Re-Run Rkill*

Please *Re-run Rkill* as before and post the contents of *rkill.log* in your next reply.

*Step 2:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 3:*
*Uninstall Programs*


Select *Start* > *Control Panel* > *Programs* > *Programs and Features*.
Under the *Programs* heading, click on *Uninstall a program*.
Scroll down the list of installed programs and locate the following program:

*Best Buy pc app
Java(TM) 6 Update 20 (64-bit)

*
Right-click on *Uninstall* to uninstall it.
*Repeat steps 3 - 4 *for *each program *in the list.
When finished *Close* the *Control Panel* window.
Restart the computer to complete removal of the program.
 *Step 4:*
*SystemLook*


Right-click on *SystemLook_x64.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
_If you receive an *Open File - Security Warning* alert, please click on the *Run* button to continue._
*Copy* and *Paste* the text in the code box below into SystemLook's main text entry window:

```
:contents
C:\TDSSKiller.2.7.6.0_28.01.2012_15.14.43_log.txt
C:\TDSSKiller.2.7.7.0_28.01.2012_15.15.27_log.txt

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons /sub
```

Click on the *Look* button to start the scan. 
_When SystemLook_x64 has completed its task a Notepad window will open showing the results of the scan._
A log file will be created on your Desktop named *SystemLook.txt*.
Please post the contents of the *SystemLook.txt* file in your next reply.
 *Step 5:*
*OTL - Script*


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*.

```
:otl
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected] <mailto:[email protected]>:3.11.3.15590
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: <mailto:HKLM%5CSoftware%5CMozillaPlugins%[email protected]/iTunes,version=:> File not found
[2012/01/11 15:45:52 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\exte nsions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab <http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab> (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
[2012/01/18 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{7A93A845-761A-47BD-8D81-53F6108EA59E}
[2012/01/18 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{95113215-1EC3-43A8-91C6-60B3FFE07733}
[2011/12/19 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\OpenCandy
@Alternate Data Stream - 1199 bytes -> C:\Users\SNL\AppData\Local\uX8VtKpRTlRC:xIIjrWYClGCT0RzRq1cIw1T

:files
ipconfig /flushdns /c
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe

:commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]
[REBOOT]
```

Then click the *Run Fix* button at the top.
*Click*







.
*OTL may ask to reboot the machine. Please do so if asked.*
The report should appear in Notepad after the reboot.*Copy* and *Paste* that report in your next reply.
 *Step 6:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*SystemLook.txt*.
*OTL Fix Report*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

The computer wouldn't reset correctly so I just held the power button until it turned off and turned it on again.

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish.

Rkill was run on 02/07/2012 at 16:12:25. 
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 02/07/2012 at 16:13:00.
----------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 07/02/2012 by SNL
Administrator - Elevation successful

========== contents ==========

C:\TDSSKiller.2.7.6.0_28.01.2012_15.14.43_log.txt - Opened succesfully.

ÿþ15:14:43.0343 3036	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:14:45.0793 3036	Perform update action was selected
15:14:45.0808 2540	Deinitialize success

C:\TDSSKiller.2.7.7.0_28.01.2012_15.15.27_log.txt - Opened succesfully.

ÿþ15:15:27.0044 6928	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
15:15:27.0450 6928	============================================================
15:15:27.0450 6928	Current date / time: 2012/01/28 15:15:27.0450
15:15:27.0450 6928	SystemInfo:
15:15:27.0450 6928	
15:15:27.0450 6928	OS Version: 6.1.7601 ServicePack: 1.0
15:15:27.0450 6928	Product type: Workstation
15:15:27.0450 6928	ComputerName: LANG
15:15:27.0450 6928	UserName: SNL
15:15:27.0450 6928	Windows directory: C:\Windows
15:15:27.0450 6928	System windows directory: C:\Windows
15:15:27.0450 6928	Running under WOW64
15:15:27.0450 6928	Processor architecture: Intel x64
15:15:27.0450 6928	Number of processors: 2
15:15:27.0450 6928	Page size: 0x1000
15:15:27.0450 6928	Boot type: Normal boot
15:15:27.0450 6928	============================================================
15:15:27.0996 6928	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:28.0011 6928	Drive \Device\Harddisk1\DR2 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x3BCC, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'W'
15:15:28.0043 6928	Initialize success
15:15:36.0560 6076	============================================================
15:15:36.0560 6076	Scan started
15:15:36.0560 6076	Mode: Manual; 
15:15:36.0560 6076	============================================================
15:15:37.0605 6076	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:15:37.0621 6076	1394ohci - ok
15:15:37.0699 6076	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:15:37.0715 6076	ACPI - ok
15:15:37.0824 6076	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:15:37.0824 6076	AcpiPmi - ok
15:15:37.0995 6076	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:15:38.0011 6076	adp94xx - ok
15:15:38.0120 6076	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:15:38.0136 6076	adpahci - ok
15:15:38.0183 6076	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:15:38.0198 6076	adpu320 - ok
15:15:38.0339 6076	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:15:38.0354 6076	AFD - ok
15:15:38.0479 6076	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:15:38.0479 6076	agp440 - ok
15:15:38.0573 6076	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:15:38.0573 6076	aliide - ok
15:15:38.0697 6076	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:15:38.0713 6076	amdide - ok
15:15:38.0807 6076	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:15:38.0807 6076	AmdK8 - ok
15:15:38.0931 6076	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:15:38.0931 6076	AmdPPM - ok
15:15:38.0994 6076	amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:15:39.0009 6076	amdsata - ok
15:15:39.0056 6076	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:15:39.0056 6076	amdsbs - ok
15:15:39.0165 6076	amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:15:39.0165 6076	amdxata - ok
15:15:39.0243 6076	ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
15:15:39.0243 6076	ApfiltrService - ok
15:15:39.0446 6076	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:15:39.0446 6076	AppID - ok
15:15:39.0524 6076	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:15:39.0540 6076	arc - ok
15:15:39.0602 6076	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:15:39.0602 6076	arcsas - ok
15:15:39.0665 6076	aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
15:15:39.0665 6076	aswFsBlk - ok
15:15:39.0758 6076	aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
15:15:39.0789 6076	aswMonFlt - ok
15:15:39.0821 6076	aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
15:15:39.0821 6076	aswRdr - ok
15:15:39.0945 6076	aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
15:15:39.0961 6076	aswSnx - ok
15:15:40.0039 6076	aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
15:15:40.0055 6076	aswSP - ok
15:15:40.0133 6076	aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
15:15:40.0133 6076	aswTdi - ok
15:15:40.0226 6076	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:40.0226 6076	AsyncMac - ok
15:15:40.0304 6076	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:15:40.0304 6076	atapi - ok
15:15:40.0445 6076	athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
15:15:40.0476 6076	athr - ok
15:15:40.0725 6076	atikmdag (eaea2ce49de0cca80beb9134107e5dd7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:41.0037 6076	atikmdag - ok
15:15:41.0178 6076	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:15:41.0178 6076	b06bdrv - ok
15:15:41.0287 6076	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:41.0287 6076	b57nd60a - ok
15:15:41.0334 6076	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:41.0334 6076	Beep - ok
15:15:41.0474 6076	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:15:41.0474 6076	blbdrive - ok
15:15:41.0599 6076	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:41.0615 6076	bowser - ok
15:15:41.0646 6076	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:15:41.0646 6076	BrFiltLo - ok
15:15:41.0724 6076	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:15:41.0724 6076	BrFiltUp - ok
15:15:41.0786 6076	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:41.0802 6076	Brserid - ok
15:15:41.0833 6076	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:41.0833 6076	BrSerWdm - ok
15:15:41.0927 6076	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:41.0927 6076	BrUsbMdm - ok
15:15:41.0973 6076	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:41.0973 6076	BrUsbSer - ok
15:15:42.0067 6076	BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:15:42.0083 6076	BthEnum - ok
15:15:42.0129 6076	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:15:42.0145 6076	BTHMODEM - ok
15:15:42.0207 6076	BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:15:42.0223 6076	BthPan - ok
15:15:42.0285 6076	BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:15:42.0301 6076	BTHPORT - ok
15:15:42.0426 6076	BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:15:42.0426 6076	BTHUSB - ok
15:15:42.0473 6076	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:42.0473 6076	cdfs - ok
15:15:42.0582 6076	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:15:42.0582 6076	cdrom - ok
15:15:42.0644 6076	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:15:42.0660 6076	circlass - ok
15:15:42.0722 6076	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:42.0738 6076	CLFS - ok
15:15:42.0816 6076	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:15:42.0816 6076	CmBatt - ok
15:15:42.0909 6076	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:42.0925 6076	cmdide - ok
15:15:42.0987 6076	CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:15:42.0987 6076	CNG - ok
15:15:43.0097 6076	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:15:43.0097 6076	Compbatt - ok
15:15:43.0143 6076	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:43.0143 6076	CompositeBus - ok
15:15:43.0221 6076	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:15:43.0237 6076	crcdisk - ok
15:15:43.0331 6076	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:43.0331 6076	DfsC - ok
15:15:43.0409 6076	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:43.0409 6076	discache - ok
15:15:43.0487 6076	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:15:43.0487 6076	Disk - ok
15:15:43.0580 6076	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:15:43.0580 6076	drmkaud - ok
15:15:43.0658 6076	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:43.0674 6076	DXGKrnl - ok
15:15:43.0845 6076	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:15:43.0908 6076	ebdrv - ok
15:15:44.0033 6076	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:15:44.0048 6076	elxstor - ok
15:15:44.0173 6076	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:15:44.0173 6076	ErrDev - ok
15:15:44.0235 6076	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:15:44.0251 6076	exfat - ok
15:15:44.0345 6076	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:15:44.0345 6076	fastfat - ok
15:15:44.0407 6076	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:15:44.0407 6076	fdc - ok
15:15:44.0532 6076	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:15:44.0532 6076	FileInfo - ok
15:15:44.0563 6076	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:15:44.0563 6076	Filetrace - ok
15:15:44.0610 6076	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:15:44.0610 6076	flpydisk - ok
15:15:44.0750 6076	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:15:44.0750 6076	FltMgr - ok
15:15:44.0797 6076	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:15:44.0797 6076	FsDepends - ok
15:15:44.0906 6076	fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:15:44.0906 6076	fssfltr - ok
15:15:44.0969 6076	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:15:44.0969 6076	Fs_Rec - ok
15:15:45.0078 6076	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:15:45.0078 6076	fvevol - ok
15:15:45.0140 6076	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:15:45.0140 6076	gagp30kx - ok
15:15:45.0234 6076	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:15:45.0234 6076	GEARAspiWDM - ok
15:15:45.0390 6076	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:15:45.0390 6076	hcw85cir - ok
15:15:45.0452 6076	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:15:45.0468 6076	HdAudAddService - ok
15:15:45.0593 6076	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:15:45.0593 6076	HDAudBus - ok
15:15:45.0655 6076	HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
15:15:45.0655 6076	HECIx64 - ok
15:15:45.0733 6076	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:15:45.0733 6076	HidBatt - ok
15:15:45.0780 6076	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:15:45.0780 6076	HidBth - ok
15:15:45.0858 6076	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:15:45.0858 6076	HidIr - ok
15:15:45.0967 6076	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:15:45.0967 6076	HidUsb - ok
15:15:46.0045 6076	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:15:46.0045 6076	HpSAMD - ok
15:15:46.0139 6076	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:15:46.0154 6076	HTTP - ok
15:15:46.0248 6076	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:15:46.0248 6076	hwpolicy - ok
15:15:46.0326 6076	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:15:46.0326 6076	i8042prt - ok
15:15:46.0419 6076	iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
15:15:46.0419 6076	iaStor - ok
15:15:46.0560 6076	iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:15:46.0575 6076	iaStorV - ok
15:15:46.0903 6076	igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:15:47.0121 6076	igfx - ok
15:15:47.0199 6076	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:15:47.0215 6076	iirsp - ok
15:15:47.0324 6076	Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:15:47.0340 6076	Impcd - ok
15:15:47.0433 6076	IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:47.0465 6076	IntcAzAudAddService - ok
15:15:47.0589 6076	IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:15:47.0605 6076	IntcDAud - ok
15:15:47.0636 6076	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:47.0636 6076	intelide - ok
15:15:47.0745 6076	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:15:47.0745 6076	intelppm - ok
15:15:47.0823 6076	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:47.0823 6076	IpFilterDriver - ok
15:15:47.0933 6076	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:47.0948 6076	IPMIDRV - ok
15:15:47.0995 6076	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:47.0995 6076	IPNAT - ok
15:15:48.0151 6076	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:48.0151 6076	IRENUM - ok
15:15:48.0198 6076	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:48.0213 6076	isapnp - ok
15:15:48.0307 6076	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:48.0307 6076	iScsiPrt - ok
15:15:48.0369 6076	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:15:48.0369 6076	kbdclass - ok
15:15:48.0463 6076	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:15:48.0479 6076	kbdhid - ok
15:15:48.0525 6076	KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:15:48.0525 6076	KSecDD - ok
15:15:48.0557 6076	KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:48.0557 6076	KSecPkg - ok
15:15:48.0650 6076	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:48.0650 6076	ksthunk - ok
15:15:48.0713 6076	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:48.0728 6076	lltdio - ok
15:15:48.0822 6076	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:15:48.0822 6076	LSI_FC - ok
15:15:48.0869 6076	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:15:48.0869 6076	LSI_SAS - ok
15:15:48.0947 6076	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:15:48.0947 6076	LSI_SAS2 - ok
15:15:48.0993 6076	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:15:48.0993 6076	LSI_SCSI - ok
15:15:49.0087 6076	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:49.0087 6076	luafv - ok
15:15:49.0196 6076	ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
15:15:49.0196 6076	ManyCam - ok
15:15:49.0274 6076	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:15:49.0274 6076	megasas - ok
15:15:49.0337 6076	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:15:49.0337 6076	MegaSR - ok
15:15:49.0415 6076	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:49.0415 6076	Modem - ok
15:15:49.0477 6076	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:49.0477 6076	monitor - ok
15:15:49.0586 6076	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:15:49.0586 6076	mouclass - ok
15:15:49.0649 6076	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
15:15:49.0649 6076	mouhid - ok
15:15:49.0742 6076	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:15:49.0742 6076	mountmgr - ok
15:15:49.0805 6076	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:15:49.0805 6076	mpio - ok
15:15:49.0883 6076	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:49.0883 6076	mpsdrv - ok
15:15:49.0976 6076	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:15:49.0976 6076	MRxDAV - ok
15:15:50.0070 6076	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:50.0070 6076	mrxsmb - ok
15:15:50.0163 6076	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:50.0179 6076	mrxsmb10 - ok
15:15:50.0241 6076	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:50.0241 6076	mrxsmb20 - ok
15:15:50.0304 6076	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:15:50.0304 6076	msahci - ok
15:15:50.0397 6076	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:15:50.0397 6076	msdsm - ok
15:15:50.0460 6076	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:50.0460 6076	Msfs - ok
15:15:50.0475 6076	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:50.0491 6076	mshidkmdf - ok
15:15:50.0585 6076	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:15:50.0585 6076	msisadrv - ok
15:15:50.0663 6076	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:50.0663 6076	MSKSSRV - ok
15:15:50.0741 6076	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:50.0741 6076	MSPCLOCK - ok
15:15:50.0787 6076	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:50.0803 6076	MSPQM - ok
15:15:50.0897 6076	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:15:50.0912 6076	MsRPC - ok
15:15:50.0975 6076	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:15:50.0975 6076	mssmbios - ok
15:15:51.0068 6076	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:51.0068 6076	MSTEE - ok
15:15:51.0115 6076	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:15:51.0115 6076	MTConfig - ok
15:15:51.0146 6076	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:51.0146 6076	Mup - ok
15:15:51.0240 6076	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:51.0240 6076	NativeWifiP - ok
15:15:51.0333 6076	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:15:51.0349 6076	NDIS - ok
15:15:51.0443 6076	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:51.0443 6076	NdisCap - ok
15:15:51.0474 6076	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:51.0474 6076	NdisTapi - ok
15:15:51.0599 6076	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:51.0599 6076	Ndisuio - ok
15:15:51.0661 6076	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:51.0661 6076	NdisWan - ok
15:15:51.0786 6076	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:15:51.0786 6076	NDProxy - ok
15:15:51.0833 6076	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:51.0833 6076	NetBIOS - ok
15:15:51.0879 6076	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:15:51.0895 6076	NetBT - ok
15:15:52.0020 6076	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:15:52.0020 6076	nfrd960 - ok
15:15:52.0067 6076	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:52.0067 6076	Npfs - ok
15:15:52.0129 6076	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:52.0129 6076	nsiproxy - ok
15:15:52.0223 6076	Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:15:52.0254 6076	Ntfs - ok
15:15:52.0332 6076	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:52.0347 6076	Null - ok
15:15:52.0410 6076	nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:15:52.0410 6076	nvraid - ok
15:15:52.0519 6076	nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:15:52.0519 6076	nvstor - ok
15:15:52.0566 6076	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:15:52.0566 6076	nv_agp - ok
15:15:52.0722 6076	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:15:52.0722 6076	ohci1394 - ok
15:15:52.0784 6076	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:15:52.0784 6076	Parport - ok
15:15:52.0909 6076	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:15:52.0909 6076	partmgr - ok
15:15:52.0971 6076	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:15:52.0971 6076	pci - ok
15:15:53.0081 6076	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:15:53.0081 6076	pciide - ok
15:15:53.0127 6076	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:15:53.0143 6076	pcmcia - ok
15:15:53.0205 6076	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:53.0205 6076	pcw - ok
15:15:53.0252 6076	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:53.0268 6076	PEAUTH - ok
15:15:53.0471 6076	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:53.0471 6076	PptpMiniport - ok
15:15:53.0502 6076	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:15:53.0502 6076	Processor - ok
15:15:53.0642 6076	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:53.0642 6076	Psched - ok
15:15:53.0720 6076	PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:15:53.0720 6076	PxHlpa64 - ok
15:15:53.0845 6076	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:15:53.0876 6076	ql2300 - ok
15:15:53.0970 6076	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:15:53.0970 6076	ql40xx - ok
15:15:54.0001 6076	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:54.0001 6076	QWAVEdrv - ok
15:15:54.0017 6076	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:54.0017 6076	RasAcd - ok
15:15:54.0126 6076	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:54.0126 6076	RasAgileVpn - ok
15:15:54.0188 6076	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:54.0188 6076	Rasl2tp - ok
15:15:54.0219 6076	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:54.0219 6076	RasPppoe - ok
15:15:54.0329 6076	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:54.0329 6076	RasSstp - ok
15:15:54.0407 6076	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:54.0407 6076	rdbss - ok
15:15:54.0438 6076	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:15:54.0438 6076	rdpbus - ok
15:15:54.0500 6076	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:54.0500 6076	RDPCDD - ok
15:15:54.0531 6076	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:54.0531 6076	RDPENCDD - ok
15:15:54.0547 6076	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:54.0547 6076	RDPREFMP - ok
15:15:54.0594 6076	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:15:54.0609 6076	RDPWD - ok
15:15:54.0734 6076	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:54.0734 6076	rdyboost - ok
15:15:54.0765 6076	regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
15:15:54.0765 6076	regi - ok
15:15:54.0812 6076	RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:15:54.0812 6076	RFCOMM - ok
15:15:54.0921 6076	rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
15:15:54.0921 6076	rimspci - ok
15:15:55.0031 6076	risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
15:15:55.0031 6076	risdsnpe - ok
15:15:55.0124 6076	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:55.0124 6076	rspndr - ok
15:15:55.0233 6076	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:55.0233 6076	sbp2port - ok
15:15:55.0311 6076	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:55.0311 6076	scfilter - ok
15:15:55.0421 6076	sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:15:55.0436 6076	sdbus - ok
15:15:55.0483 6076	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:55.0483 6076	secdrv - ok
15:15:55.0577 6076	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:15:55.0592 6076	Serenum - ok
15:15:55.0623 6076	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:15:55.0623 6076	Serial - ok
15:15:55.0670 6076	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:15:55.0670 6076	sermouse - ok
15:15:55.0779 6076	SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
15:15:55.0779 6076	SFEP - ok
15:15:55.0842 6076	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:55.0857 6076	sffdisk - ok
15:15:55.0951 6076	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:55.0951 6076	sffp_mmc - ok
15:15:55.0967 6076	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:55.0982 6076	sffp_sd - ok
15:15:56.0013 6076	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:15:56.0013 6076	sfloppy - ok
15:15:56.0123 6076	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:15:56.0123 6076	SiSRaid2 - ok
15:15:56.0169 6076	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:15:56.0169 6076	SiSRaid4 - ok
15:15:56.0263 6076	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:56.0263 6076	Smb - ok
15:15:56.0341 6076	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:56.0341 6076	spldr - ok
15:15:56.0450 6076	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:56.0466 6076	srv - ok
15:15:56.0591 6076	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:56.0591 6076	srv2 - ok
15:15:56.0653 6076	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:56.0669 6076	srvnet - ok
15:15:56.0747 6076	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:15:56.0747 6076	stexstor - ok
15:15:56.0840 6076	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:56.0840 6076	swenum - ok
15:15:56.0981 6076	tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
15:15:56.0981 6076	tbhsd - ok
15:15:57.0074 6076	Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:15:57.0105 6076	Tcpip - ok
15:15:57.0261 6076	TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:57.0293 6076	TCPIP6 - ok
15:15:57.0402 6076	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:57.0402 6076	tcpipreg - ok
15:15:57.0449 6076	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:57.0449 6076	TDPIPE - ok
15:15:57.0480 6076	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:15:57.0480 6076	TDTCP - ok
15:15:57.0573 6076	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:57.0573 6076	tdx - ok
15:15:57.0636 6076	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:57.0636 6076	TermDD - ok
15:15:57.0776 6076	Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
15:15:57.0792 6076	Tpkd - ok
15:15:57.0854 6076	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:57.0854 6076	tssecsrv - ok
15:15:57.0979 6076	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:57.0979 6076	TsUsbFlt - ok
15:15:58.0057 6076	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:58.0057 6076	tunnel - ok
15:15:58.0135 6076	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:15:58.0135 6076	uagp35 - ok
15:15:58.0197 6076	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:58.0213 6076	udfs - ok
15:15:58.0322 6076	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:58.0322 6076	uliagpkx - ok
15:15:58.0369 6076	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:15:58.0369 6076	umbus - ok
15:15:58.0431 6076	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:15:58.0431 6076	UmPass - ok
15:15:58.0525 6076	USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:15:58.0525 6076	USBAAPL64 - ok
15:15:58.0619 6076	usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:58.0634 6076	usbccgp - ok
15:15:58.0697 6076	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:58.0697 6076	usbcir - ok
15:15:58.0821 6076	usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:15:58.0821 6076	usbehci - ok
15:15:58.0868 6076	usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:58.0884 6076	usbhub - ok
15:15:58.0962 6076	usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:58.0977 6076	usbohci - ok
15:15:59.0009 6076	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:15:59.0024 6076	usbprint - ok
15:15:59.0040 6076	USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:15:59.0040 6076	USBSTOR - ok
15:15:59.0149 6076	USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys
15:15:59.0165 6076	USBTINSP - ok
15:15:59.0243 6076	usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:15:59.0243 6076	usbuhci - ok
15:15:59.0352 6076	usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:15:59.0367 6076	usbvideo - ok
15:15:59.0555 6076	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:59.0555 6076	vdrvroot - ok
15:15:59.0601 6076	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:59.0601 6076	vga - ok
15:15:59.0679 6076	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:59.0679 6076	VgaSave - ok
15:15:59.0726 6076	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:59.0742 6076	vhdmp - ok
15:15:59.0804 6076	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:59.0804 6076	viaide - ok
15:15:59.0913 6076	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:59.0913 6076	volmgr - ok
15:15:59.0976 6076	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:59.0976 6076	volmgrx - ok
15:16:00.0085 6076	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:16:00.0085 6076	volsnap - ok
15:16:00.0132 6076	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:16:00.0147 6076	vsmraid - ok
15:16:00.0257 6076	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:00.0257 6076	vwifibus - ok
15:16:00.0303 6076	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:00.0303 6076	vwififlt - ok
15:16:00.0335 6076	vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:16:00.0335 6076	vwifimp - ok
15:16:00.0413 6076	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:16:00.0413 6076	WacomPen - ok
15:16:00.0491 6076	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:00.0491 6076	WANARP - ok
15:16:00.0506 6076	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:00.0506 6076	Wanarpv6 - ok
15:16:00.0631 6076	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:16:00.0631 6076	Wd - ok
15:16:00.0678 6076	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:00.0693 6076	Wdf01000 - ok
15:16:00.0834 6076	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:00.0834 6076	WfpLwf - ok
15:16:00.0865 6076	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:00.0865 6076	WIMMount - ok
15:16:00.0990 6076	winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:16:01.0005 6076	winusb - ok
15:16:01.0052 6076	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:16:01.0052 6076	WmiAcpi - ok
15:16:01.0208 6076	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:01.0208 6076	ws2ifsl - ok
15:16:01.0271 6076	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:01.0271 6076	WudfPf - ok
15:16:01.0396 6076	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:01.0396 6076	WUDFRd - ok
15:16:01.0520 6076	yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
15:16:01.0536 6076	yukonw7 - ok
15:16:01.0614 6076	MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:16:01.0832 6076	\Device\Harddisk0\DR0 - ok
15:16:01.0832 6076	MBR (0x1B8) (2632b0df4aba6f6ca81619119056b4bc) \Device\Harddisk1\DR2
15:16:01.0864 6076	\Device\Harddisk1\DR2 - ok
15:16:01.0864 6076	Boot (0x1200) (96496829318439eb667afd757f41d36d) \Device\Harddisk0\DR0\Partition0
15:16:01.0879 6076	\Device\Harddisk0\DR0\Partition0 - ok
15:16:01.0895 6076	Boot (0x1200) (95ddf9e44aef378872bf91791a015b4c) \Device\Harddisk0\DR0\Partition1
15:16:01.0895 6076	\Device\Harddisk0\DR0\Partition1 - ok
15:16:01.0895 6076	============================================================
15:16:01.0895 6076	Scan finished
15:16:01.0895 6076	============================================================
15:16:01.0895 5308	Detected object count: 0
15:16:01.0895 5308	Actual detected object count: 0
15:16:58.0259 3188	Deinitialize success

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"= 0x0000000000 (0)
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"= 0x0000000001 (1)
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"= 0x0000000001 (1)
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"= 0x0000000001 (1)
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"= 0x0000000001 (1)
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"= 0x0000000001 (1)
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"= 0x0000000000 (0)
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"= 0x0000000001 (1)
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"= 0x0000000001 (1)
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"= 0x0000000001 (1)
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"= 0x0000000001 (1)
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"= 0x0000000001 (1)
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"= 0x0000000001 (1)

-= EOF =-
-----------------------------------------------------------------------------------

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
C:\Users\SNL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## CamiKitti (Aug 29, 2011)

Also, there is no Best Buy PC app anymore, I uninstalled that a few weeks after I first got the laptop. Weird...


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you again for the logs and update. :up:



CamiKitti said:


> Files\Folders moved on Reboot...
> File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
> C:\Users\SNL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
> 
> Registry entries deleted on Reboot...


That OTL Fix report looks incomplete, however. 
The OTL.txt log file should still be located on the Desktop. Please can you post the entire contents of that report.

*Include in Next Post*


Did you have any problems carrying out the instructions?
Are you still experiencing the issue with the pop-up setup program initially mentioned?
*OTL.txt*.
How is the computer now running?

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I can't find it. The only one have is the last one report and the one I posted. That's there is of that report.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

OK, we'll need to re-run the OTL script.



Scolabar said:


> 2. Are you still experiencing the issue with the pop-up setup program initially mentioned?
> ...
> 4. How is the computer now running?


Please could you also answer the other questions asked. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 2:*
*OTL - Script*


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*.

```
:otl
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected] <mailto:[email protected]>:3.11.3.15590
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: <mailto:HKLM%5CSoftware%5CMozillaPlugins%[email protected]/iTunes,version=:> File not found
[2012/01/11 15:45:52 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\exte nsions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab <http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab> (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab> (Java Plug-in 1.6.0_20)
[2012/01/18 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{7A93A845-761A-47BD-8D81-53F6108EA59E}
[2012/01/18 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{95113215-1EC3-43A8-91C6-60B3FFE07733}
[2011/12/19 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\OpenCandy
@Alternate Data Stream - 1199 bytes -> C:\Users\SNL\AppData\Local\uX8VtKpRTlRC:xIIjrWYClGCT0RzRq1cIw1T

:files
ipconfig /flushdns /c
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe

:commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]
```

Then click the *Run Fix* button at the top.
*Click*







.
*OTL may ask to reboot the machine. Please do so if asked.*
The report should appear in Notepad after the reboot.*Copy* and *Paste* that report in your next reply.
 *Step 3:*
*OTL - Scan*

Please run another OTL scan.


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Under *Output*, ensure that the *Standard Output* option is selected.
Under the *Extra Registry* section, select the *Use SafeList* option.
Click the *Scan All Users* checkbox.
Tick the *LOP Check* and *Purity Check* checkboxes.
Also make sure the *Include 64bit Scans* checkbox is *ticked*.
*Note:* Please leave the remaining selections on the default settings.
Click on the *Run Scan* button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
*OTL.txt* <-- _Will be opened, maximized._
*Extras.txt* <-- _Will be minimized on task bar._

Please *Copy* and *Paste* the entire contents of both *OTL.txt* and *Extras.txt* files into your next reply.
 *Step 4:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*OTL Fix Report*
*OTL.exe*
*Extras.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

The setup thing pops up randomly and I haven't seen it. I'm not sure if it's entirely gone though.
3. The computer is running fine.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Please can you run the steps and post the logs requested in my last reply. 
I need to make sure the OTL Fix ran correctly. 

Thank you once again for your patience. 

*Include in Next Post*


Did you have any problems carrying out the instructions?
*OTL Fix Report*
*OTL.txt*
*Extras.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Another bugcheck today: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e90c02)


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

That bugcheck error points to driver incompatibility.

I will deal with that once we have established that your PC is clear of infection. 

Please can you complete the instructions requested in my last post.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Sorry about that, I'd like to ask for some more time.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

No problem. Please post the logs when you are ready and otherwise let me know how you are progressing. 

*Scolabar*


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

*It has been over 48 hours since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: [email protected] <mailto:[email protected]>:3.11.3.15590 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Folder C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\exte nsions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk scheduled to be moved on reboot.
File C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk scheduled to be moved on reboot.
File C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Users\SNL\AppData\Local\{7A93A845-761A-47BD-8D81-53F6108EA59E}\ not found.
Folder C:\Users\SNL\AppData\Local\{95113215-1EC3-43A8-91C6-60B3FFE07733}\ not found.
Folder C:\Users\SNL\AppData\Roaming\OpenCandy\ not found.
Unable to delete ADS C:\Users\SNL\AppData\Local\uX8VtKpRTlRC:xIIjrWYClGCT0RzRq1cIw1T .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SNL\Desktop\cmd.bat deleted successfully.
C:\Users\SNL\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SNL
->Temp folder emptied: 35526199 bytes
->Temporary Internet Files folder emptied: 45532373 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 220472894 bytes
->Google Chrome cache emptied: 376367313 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 30898 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 147219 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 332342 bytes

Total Files Cleaned = 647.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_163702

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
C:\Users\SNL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the log file. :bigthumb:

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before proceeding please make sure any open programs are closed.

*Step 1:*
*Create System Restore Point*

First we need to make sure we have a back up of the Registry to return to if we need it.


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C: drive) indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.
 *< STOP >* *If you did not successfully complete this step.* *< STOP >* *Do not continue with any other steps, post back and let me know!*

*Step 2:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 3:*
*Java Runtime Environment Update Needed!*

*Your Java Runtime Environment is out of date.* The latest currently available version is *Java RE 6 Update 30*.
The existing program can be updated simply by using the Java control panel.


Click on *Start* > *Control Panel* > *Programs* and then click on the *JAVA* icon.
Then under the *Update* tab click on the *Update Now* button.
The update process should then commence. 
*Note:* There may be a short delay before the Update window appears. Please be patient.
Just follow the prompts to complete the update.
 *Step 4:*
*Malwarebytes' Anti-Malware*

I notice you already have this program installed on your computer. 
Let's check for updates and run the program.

*Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.*


Right-click on the *Malwarebytes' Anti-Malware* desktop icon and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
You will be asked to update the program before performing a scan. Please do so.
If an update is found, the program will automatically downoad and install the update.
Click on the *OK* button to close that box and continue.
_If you have any problems downloading updates download them manually from *here* and double-click on *mbam-rules.exe* to complete the installation._

 *On the Scanner tab:*


Make sure the *Perform quick scan* option is selected.
Then click on the *Scan* button.
If asked to select the drives to scan, leave all the drives selected and then click on the *Start Scan* button.
The scan will begin and *Scan in progress* will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will be displayed saying *The scan completed successfully. Click 'Show Results' to display all objects found.*
Click on the *OK* button to close the message box and continue with the removal process.
 *Back at the main Scanner screen:*


Click on the *Show Results* button to see a list of any malware that was found.
Check all items *except* items in the *C:\System Volume Information* folder and then click on the *Remove Selected* button.
_The *System Volume Information* items will be taken care of later._
When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. _(See *Note* below)._
The log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM.
The log can also be found here: 
C:\Documents and Settings\_Account Name_\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*mbam-log-date (time).txt*
Please *Copy* and *Paste* the entire contents of *mbam-log-date (time).txt* into your next reply and exit MBAM.
 _*Note*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. 
Click *OK* to either prompt and let MBAM proceed with the disinfection process. 
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware._

*Step 5:*
*ESET NOD32 Online Scan*



> *Please Note:* If using *Mozilla Firefox* you will need to download *esetsmartinstaller_enu.exe* when prompted. Then double-click on it to install.


*Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.*
Please go to *ESET Online Scanner* - *© ESET (All Rights Reserved)* to run an online scan.
*** Make sure you are using an account that has Administrative privileges ***


Click on the *ESET Online Scanner* button.
Check the box next to *"YES, I accept the Terms of Use."*
Click *Start*.
A window will open. It may appear nothing is happening, but please be patient.
Click *Yes* to the *run ActiveX* prompt.
Click *Install* at the *install ActiveX* prompt.
Once installed, the scanner will be initialized.
Click on the *Start* button.
Make sure that the options:
*Remove found threats* is *UNCHECKED*
Leave the "default" settings under *Advanced* as they are. If not set, please check:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*


Click on the *Start* button.
ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
Use *Notepad* to open the log file located at *C:\Program Files\ESET\ESET Online Scanner\log.txt*.
*Copy* and *Paste* the entire contents of *log.txt* into your next reply.
 *Remember to re-enable your Anti-virus protection before continuing!*

*Step 6:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*mbam-log-date (time).txt*.
*log.txt*.
How is the computer now running?

 *Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SNL :: LANG [administrator]

2/18/2012 3:47:16 PM
mbam-log-2012-02-18 (15-47-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333097
Time elapsed: 57 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SNL\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
_____________________________________________________________________________
I used IE for the scan.
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
(nothing was found)
_____________________________________________________________________________
The computer seems to be running fine, although sometimes the volume does this weird little buzz thing to whatever I'm listening to, and it just goes back to normal after it blips. It's been doing that for a few months or so. Might just be internal hardware.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

*Congratulations!* Your computer now *appears* to be malware free! 



CamiKitti said:


> ..sometimes the volume does this weird little buzz thing to whatever I'm listening to, and it just goes back to normal after it blips. It's been doing that for a few months or so. Might just be internal hardware.


I can now confirm that any computer issues you are still experiencing are not malware-related.

*Not A Malware Issue*

I recommend you try a good System/Hardware Help Forum. Some suggested links are provided below. 
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.

*Good System/Hardware Help Forums*


*Computer Trouble*
*GeekstoGo*
*NutNWorks*
*TechSupportGuy*
*Whatthetech*
 Free registration may be required in order to post at these forums and will only take a few minutes. 

Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items:

*Step 1:*
*Housekeeping*

It's now time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer.*ComboFix - Cleanup*


Click on *Start* > *Run*.
*Copy* and *Paste* the contents of the box below into the text entry box:


```
Combofix /Uninstall
```

Then click on the *OK* button. (See image below for reference.)









 *Note:* This script will automatically remove the files the program quarantined. 

*OTL - Cleanup*


Double-click *OTL.exe* to start the program. This will remove most of the tools we used to clean your PC.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the *CleanUp!* button.
Click on the *Yes* button at the prompt and then allow the program to reboot your computer.
 *Uninstall HiJackThis*


Select *Start* > *Control Panel* > *Add/Remove Programs*.
Scroll down the list of installed programs and *select* the following program:

*HiJackThis

*
Click on the *Remove* button to uninstall the program.
Click on the *Yes* button at the prompt.
Close the *Add/Remove Programs* control panel when the removals have been completed.
You may be asked to Restart the computer to complete removal of the program. Please do so if required.
 *Remove Tools Used*

You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.*aswMBR.exe
RogueKiller.exe
SystemLook_x64.exe*​Also, whichever of the following Rkill programs you downloaded and used:*rkill.com
rkill.scr
iExplore.exe*​*Please Note:* These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.​*Step 2:*
*Create Clean System Restore Point*

Create a new, clean System Restore point which be used in the event of future system problems:


Click on *Start* > *All Programs* > *Accessories* > *System Tools* > *System Restore*.
Select the *Create a restore point* option then click on *Next*.
You can name your *new Restore Point* something like *All Clean*, for example, and then select *Create*.
Once the *Restore Point* has been created you can click on *Close*.
*Now remove old, infected System Restore points:*
Next click on *Start* > *Run*.
*Copy* and *Paste* the following command into the text entry box:

```
cleanmgr
```

Then click on the *OK* button.
Make sure the boxes for *Recycle Bin*, *Temporary Files* and *Temporary Internet Files* are checked. _You can choose to check other boxes if you wish but they are not required._
Select the *More Options* tab, under *System Restore* and click on the *Clean up...* button and reply *Yes* to the prompt.
Click on the *OK* button and the *Yes* button to confirm.
 *Step 3:*
*Maintaining Your Computer's Security*

*MalwareBytes' AntiMalware*
It is worth keeping *MalwareBytes' AntiMalware* on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

*Web of Trust (WOT) for Firefox*
As you are already using Web of Trust (WOT) for Internet Explorer it would also be advisable to install WOT for Firefox as well.
You can find more information about the program and download it from *Here* .*Please Note:* You should also make sure Mozilla Firefox is kept up-to-date. The latest version currently available is version 10.0.2 which was released a few days ago on February 16, 2012. ​*Below are additional (free) programs that can help improve your computer's security.*
Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try. *WinPatrol*
Download it from Copyright © BillP Studios.
Information about how WinPatrol works, is available *here*.
(The free version of WinPatrol provides limited real-time protection.)

*SpywareBlaster*
Download and install Javacool's SpywareBlaster from *Here*.
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

*MVPS Hosts*
For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided *here*.
Install *MVPS Hosts File* from *here*.
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can read the Tutorial* *here*.

*Panda USB Vaccine*
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from *Here*.​*Step 4:*
*Further Guidelines*

Please follow these simple guidelines in order to help keep your computer more secure:*Update your Anti-virus program and other programs regularly.*
Online Secunia Software Inspector - Copyright © Secunia. 
Refer to F-secure Health Check - Copyright © F-Secure Corporation.

*Visit Microsoft often*
Keep on top of critical updates, as well as other updates for your computer.
Using Windows Update in Windows 7
What is Windows Update?
Microsoft Update Home

* Read, stay informed.*
To help minimize the chances of becoming re-infected, please read:*Computer Security - a short guide to staying safer online*
*How to prevent Malware* by *miekiemoes*.​If your computer is running slowly after your clean up, please read:
*What to do if your Computer is running slowly*​*Please confirm that you have completed the cleanup steps and reviewed the rest of the post.
Once your reply has been received, unless there are other malware questions or concerns, this topic will be closed as resolved.*

Stay Safe! :cheers:
*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Yep, done! THank you!


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,



> Yep, done! THank you!


You are very welcome. :up:

As your malware issues appear to have been dealt with, I will mark this thread as "*Solved*". 

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Bump.
It's showing up again.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

I'm sorry to hear this problem has reared its head again. 

Can you remember what were you doing on the computer immediately prior to the issue recurring?
Is this consistent with what you were doing the first time the issue occurred?
It it exactly the same pop-up issue? Please can you provide a screenshot again?

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*RSIT (Random's System Information Tool)*

Let's run RSIT to see if this tool can uncover some more information about the infection.


Please download *RSIT* by *random/random* and save it to your *Desktop*.
Right-click on *RSIT.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Read the disclaimer and then click on the *Continue* button.
*RSIT* will start running.
When the program has finished *two logs files* will automatically open in Notepad:
*log.txt* <-- _Will be opened, maximized._
*info.txt* <-- _Will be minimized on task bar._

Please *Copy* and *Paste* the entire contents of both *log.txt* and *info.txt* files into your next reply.
 *Note*: These logs can be lengthy, so please post *one log per reply*.

*Step 2:*
*Security Check*


Please download *Security Check* by *screen317* and *Save* it to your *Desktop*.
Alternate download site: *Link 2*
Right-click on *SecurityCheck.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Press the *Space Bar* when you see the _Press any key to continue..._ message.
*Please Note:* This scan will take a short while to complete, so please be patient.
When the scan has completed, a Notepad file will automatically open called *checkup.txt*.
Save the file *checkup.txt* to your *Desktop*.
*Please Note:* This output file is NOT automatically saved!
Then *Copy* and *Paste* the entire contents of the *checkup.txt* file into your next reply.
 *Step 3:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
What were you doing on the computer immediately prior to the issue recurring?
Is this consistent with what you were doing the first time the issue occurred?
It it exactly the same pop-up issue?
Please provide a screenshot.
*log.txt*.
*info.txt*.
*checkup.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

It's the same screenshot. I was on youtube, facebook, and curcica.
No, it just shows up whenever it wants.

Logfile of random's system information tool 1.09 (written by random/random)
Run by SNL at 2012-03-20 21:00:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 220 GB (74%) free of 295 GB
Total RAM: 3758 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:15 PM, on 3/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 10\LogTransport2.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SNL\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\SNL.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S6E3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\SNL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SNL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15156 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:blank"

"[email protected]"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCouponPrinter.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npCouponPrinter.dll
npdeployJava1.dll
npMozCouponPrinter.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\
[email protected]
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{90b49673-5506-483e-b92b-ca0265bd9ca8}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\searchplugins\
search-the-web.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-18 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-02-23 998560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20 1671840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20 1671840]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-02-23 998560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"SmartWiHelper"=C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [2010-07-15 89080]
"ISBMgr.exe"=C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2010-05-31 673136]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-02-23 4031368]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-03-06 421736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX7800 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE [2007-01-23 211968]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-29 39408]
"Google Update"=C:\Users\SNL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
"Facebook Update"=C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 137536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.iv50"=ir50_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-20 21:00:07 ----D---- C:\rsit
2012-03-20 21:00:07 ----D---- C:\Program Files (x86)\trend micro
2012-03-13 21:21:19 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 21:21:17 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 21:09:50 ----A---- C:\Windows\SysWOW64\DWrite.dll
2012-03-13 20:00:21 ----A---- C:\Windows\SysWOW64\rdpcore.dll
2012-03-12 21:55:46 ----D---- C:\Program Files (x86)\iTunes
2012-03-11 09:41:19 ----HDC---- C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}
2012-03-07 16:50:25 ----D---- C:\Program Files (x86)\AnvSoft
2012-03-02 17:00:34 ----D---- C:\Users\SNL\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

======List of files/folders modified in the last 1 month======

2012-03-20 21:00:07 ----RD---- C:\Program Files (x86)
2012-03-20 17:45:20 ----D---- C:\Windows\Temp
2012-03-20 16:26:02 ----D---- C:\Windows\System32
2012-03-20 16:26:02 ----D---- C:\Windows\inf
2012-03-20 15:11:59 ----A---- C:\Windows\SysWOW64\log.txt
2012-03-20 06:18:44 ----SHD---- C:\System Volume Information
2012-03-19 21:58:56 ----A---- C:\Windows\Model.txt
2012-03-19 20:50:43 ----SHD---- C:\Windows\Installer
2012-03-19 17:25:26 ----D---- C:\Windows\Prefetch
2012-03-18 22:15:10 ----SHD---- C:\Config.Msi
2012-03-18 22:15:08 ----D---- C:\Users\SNL\AppData\Roaming\Mozilla
2012-03-17 21:35:39 ----D---- C:\Users\SNL\AppData\Roaming\IMVU
2012-03-15 18:19:11 ----D---- C:\Windows
2012-03-14 19:20:14 ----RSD---- C:\Windows\assembly
2012-03-14 19:20:14 ----D---- C:\Windows\Microsoft.NET
2012-03-13 21:24:36 ----D---- C:\Windows\winsxs
2012-03-13 21:22:42 ----D---- C:\Windows\SysWOW64
2012-03-12 21:55:47 ----RD---- C:\Program Files
2012-03-12 21:55:46 ----D---- C:\Program Files (x86)\Common Files\Apple
2012-03-12 01:51:21 ----SD---- C:\Windows\Fonts
2012-03-11 09:41:19 ----HD---- C:\ProgramData
2012-03-11 09:41:19 ----D---- C:\ProgramData\DDNi
2012-03-10 00:02:07 ----D---- C:\Program Files (x86)\DDNi
2012-03-04 14:24:27 ----D---- C:\Users\SNL\AppData\Roaming\IMVUClient
2012-03-02 16:51:28 ----D---- C:\Users\SNL\AppData\Roaming\Adobe
2012-03-02 15:17:25 ----D---- C:\Users\SNL\AppData\Roaming\Audacity
2012-02-28 22:34:46 ----D---- C:\Users\SNL\AppData\Roaming\Skype
2012-02-28 21:41:31 ----RD---- C:\Program Files (x86)\Skype
2012-02-23 09:23:21 ----A---- C:\Windows\SysWOW64\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 Tpkd;Tpkd; C:\Windows\SysWOW64\drivers\Tpkd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys []
R2 rimspci;rimspci; C:\Windows\system32\drivers\rimssne64.sys []
R2 risdsnpe;risdsnpe; C:\Windows\system32\drivers\risdsne64.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\drivers\Apfiltr.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\drivers\SFEP.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver; C:\Windows\system32\DRIVERS\tinspusb.sys []
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-02-23 44768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-28 268824]
R2 Oasis2Service;Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SampleCollector;VAIO Care Performance Service; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [2010-05-31 217968]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
R2 VCFw;VAIO Content Folder Watcher; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-06 934760]
R3 SpfService;VAIO Entertainment Common Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 VCService;VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service; c:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-29 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
S3 VUAgent;VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------


----------



## CamiKitti (Aug 29, 2011)

info.txt logfile of random's system information tool 1.09 2012-03-20 21:00:19

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\InstallShield Installation Information\{70991E0A-1108-437E-BA7D-085702C670C0}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{803E4FA5-A940-4420-B89D-A8BC2E160247}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{82F09B1C-F602-4552-9C40-5BD5F8EAF750}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{855DDD3C-131E-42A8-BCBD-F9581F80CACB}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\VAIO Messenger Setup 2.0.424.0.exe
-->C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Community Help-->msiexec /qb /x {A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}
Adobe Community Help-->MsiExec.exe /I{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}
Adobe Photoshop Elements 10-->msiexec /i {EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF} NOT_STANDALONE=1 /l* C:\Users\SNL\AppData\Local\Temp\PSE10Uninstall.log
Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {EC8282AB-48DD-91D2-7387-01CD6E100A5D}
Adobe Photoshop.com Inspiration Browser-->MsiExec.exe /I{EC8282AB-48DD-91D2-7387-01CD6E100A5D}
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Any Video Converter 3.3.5-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Application Manager for VAIO-->C:\Program Files (x86)\Sony\VAIO Uninstaller\vaiouninstaller.exe
ArcSoft WebCam Companion 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}\Setup.exe" -l0x9 
Audacity 1.3.13 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
Corel WinDVD-->MsiExec.exe /X{5C1F18D2-F6B7-4242-B803-B5A78648185D}
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Facebook Video Calling 1.1.1.1-->MsiExec.exe /X{624E54D0-E4F4-434F-9EF6-D4D066EE4348}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Talk Plugin-->MsiExec.exe /I{71CC8771-1F1D-3394-8F70-A5B442D20C95}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript Lite 9.04-->"C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LAME v3.98.3 for Audacity-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\unins000.exe"
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing Deluxe 20-->MsiExec.exe /X{23B591D7-1C20-44FB-97C2-6953AE67DE18}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Oasis2Service-->MsiExec.exe /I{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}
OOBE-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\setup.exe" -l0x9 -removeonly
PMB VAIO Edition Guide-->MsiExec.exe /X{88C252C8-A7EE-4B60-BF74-8E5919A8048F}
PMB VAIO Edition plug-in (Click to Disc)-->MsiExec.exe /I{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}
PMB VAIO Edition plug-in (Click to Disc)-->MsiExec.exe /X{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}
PMB VAIO Edition plug-in (VAIO Image Optimizer)-->MsiExec.exe /X{1873FFC1-FDCB-47E1-B7C7-F418211E3530}
PMB VAIO Edition plug-in (VAIO Movie Story)-->MsiExec.exe /I{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}
PMB VAIO Edition plug-in (VAIO Movie Story)-->MsiExec.exe /X{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}
PMB-->MsiExec.exe /X{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}
PSE10 STI Installer-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{11D08055-939C-432b-98C3-E072478A0CD7}"
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Remote Play with PlayStation®3-->"C:\Program Files (x86)\InstallShield Installation Information\{07441A52-E208-478A-92B7-5C337CA8C131}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Skype 5.8-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
SmartWi Connection Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}\setup.exe" -l0x9 -removeonly
TI-Nspire Student Software-->C:\Program Files (x86)\TI Education\TI-Nspire Student Software\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VAIO - Media Gallery-->"C:\Program Files (x86)\InstallShield Installation Information\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO - PMB VAIO Edition Guide-->"C:\Program Files (x86)\InstallShield Installation Information\{88C252C8-A7EE-4B60-BF74-8E5919A8048F}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - PMB VAIO Edition plug-in (Click to Disc)-->"C:\Program Files (x86)\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)-->"C:\Program Files (x86)\InstallShield Installation Information\{1873FFC1-FDCB-47E1-B7C7-F418211E3530}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)-->"C:\Program Files (x86)\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - Remote Keyboard-->"C:\Program Files (x86)\InstallShield Installation Information\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Care-->"C:\Program Files (x86)\InstallShield Installation Information\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->"C:\Program Files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Data Restore Tool-->"C:\Program Files (x86)\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO DVD Menu Data-->C:\Program Files (x86)\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Gate Default-->"C:\Program Files (x86)\InstallShield Installation Information\{B7546697-2A80-4256-A24B-1C33163F535B}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Gate-->"C:\Program Files (x86)\InstallShield Installation Information\{A7C30414-2382-4086-B0D6-01A88ABA21C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Help and Support-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}\setup.exe" -l0x9 -removeonly
VAIO Manual-->"C:\Program Files (x86)\InstallShield Installation Information\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Media plus Opening Movie-->"C:\Program Files (x86)\InstallShield Installation Information\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Media plus-->"C:\Program Files (x86)\InstallShield Installation Information\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Messenger-->"C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\VAIO Messenger Setup 2.0.424.0.exe" REMOVE=TRUE MODIFY=FALSE
VAIO Movie Story Template Data-->"C:\Program Files (x86)\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO Movie Story Template Data-->MsiExec.exe /X{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}
VAIO Quick Web Access-->MsiExec.exe /I{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}
VAIO Quick Web Access-->MsiExec.exe /x{5A92468F-3ED8-4F96-A9E1-4F176C80EC29} CUSTOM_HAVE_DIALOG=Yes
VAIO Sample Contents-->"C:\Program Files (x86)\InstallShield Installation Information\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Survey-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{34B37A74-125E-4406-87BA-E4BD3D097AE5}\setup.exe" -l0x9 -removeonly
VAIO Transfer Support-->"C:\Program Files (x86)\InstallShield Installation Information\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Update-->"C:\Program Files (x86)\InstallShield Installation Information\{5BEE8F1F-BD32-4553-8107-500439E43BD7}\setup.exe" -runfromtemp -l0x0009 -removeonly
VST Bridge 1.1-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\VST Bridge\unins000.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WOT for Internet Explorer-->MsiExec.exe /X{1D10C273-3F95-42A2-8371-AB6B1F59821B}
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE

======System event log======

Computer Name: LANG
Event Code: 1014
Message: Name resolution for the name cat.trl.org timed out after none of the configured DNS servers responded.
Record Number: 193582
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111126044140.191243-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LANG
Event Code: 1014
Message: Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.
Record Number: 193580
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111126043124.485356-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LANG
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 193579
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111126042941.475869-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LANG
Event Code: 1014
Message: Name resolution for the name mmkhere.wordpress.com timed out after none of the configured DNS servers responded.
Record Number: 193577
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111126042457.330684-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LANG
Event Code: 1014
Message: Name resolution for the name www.qwest.com timed out after none of the configured DNS servers responded.
Record Number: 193391
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111126012933.212350-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: LANG
Event Code: 1002
Message: The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1428
Start Time: 01cc078816455c86
Termination Time: 18
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 7763833b-737b-11e0-874c-544249e59962

Record Number: 22059
Source Name: Application Hang
Time Written: 20110430224501.000000-000
Event Type: Error
User:

Computer Name: LANG
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 21993
Source Name: LMS
Time Written: 20110430171257.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LANG
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 21948
Source Name: LMS
Time Written: 20110430060936.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LANG
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 21886
Source Name: LMS
Time Written: 20110429221919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LANG
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 21829
Source Name: LMS
Time Written: 20110428220221.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: LANG
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name:	Microsoft Software Key Storage Provider
Algorithm Name:	Not Available.
Key Name:	bd62ae95-867e-49f9-ae5f-670691a5bb0c
Key Type:	Machine key.

Key File Operation Information:
File Path:	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03eafc5504e9bd2ad3b2248eed3498f7_e932d317-2d48-4ade-b239-fc1a426f36b9
Operation:	Read persisted key from file.
Return Code:	0x0
Record Number: 34133
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110812153315.133930-000
Event Type: Audit Success
User:

Computer Name: LANG
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: LANG$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID:	0x1120
Process Name:	C:\Windows\System32\VSSVC.exe

Event Source:
Source Name:	VSSAudit
Event Source ID:	0x1bd0d9
Record Number: 34132
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110812151951.521241-000
Event Type: Audit Success
User:

Computer Name: LANG
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: LANG$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID:	0x1120
Process Name:	C:\Windows\System32\VSSVC.exe

Event Source:
Source Name:	VSSAudit
Event Source ID:	0x1bd0d9
Record Number: 34131
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110812151951.521241-000
Event Type: Audit Success
User:

Computer Name: LANG
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34130
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110812151749.166217-000
Event Type: Audit Success
User:

Computer Name: LANG
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LANG$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:	
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package:	Negotiate
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 34129
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110812151749.166217-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Sony\VAIO Startup Setting Tool;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## CamiKitti (Aug 29, 2011)

Results of screen317's Security Check version 0.99.31 
Windows 7 x64 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
avast! Free Antivirus 
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) 6 Update 31 
Adobe Reader X (10.1.2) 
Mozilla Firefox (10.0.2) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Alwil Software Avast5 AvastSvc.exe 
Alwil Software Avast5 AvastUI.exe 
*``````````End of Log````````````*

I'll get a screenshot once it pops up again. It pops up at random times, I don't really have any control over it.


----------



## CamiKitti (Aug 29, 2011)

Got it


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for logs and screenshot. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before proceeding please make sure any open programs are closed.

*Step 1:*
*Uninstall Programs*


Select *Start* > *Control Panel* > *Programs* > *Programs and Features*.
Under the *Programs* heading, click on *Uninstall a program*.
Scroll down the list of installed programs and locate the following program:

*Coupon Printer for Windows

*
Right-click on *Uninstall* to uninstall it.
When finished *Close* the *Control Panel* window.
Restart the computer to complete removal of the program.
 *Step 2:*
*SystemLook*


Please download *SystemLook_x64.exe* by *jpshortstuff* and *save it to your Desktop*. 
Alternate download *site*.
Right-click on *SystemLook_x64.exe* to run the programand select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
*Copy* and *Paste* the text in the code box below into SystemLook's main text entry window:

```
:dir
C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735} /s
```

Click on the *Look* button to start the scan. 
_When SystemLook has completed its task a Notepad window will open showing the results of the scan._
A log file will be created on your Desktop named *SystemLook.txt*.
Please post the contents of the *SystemLook.txt* file in your next reply.
 *Step 3:*
*OTL - Scan*


Please download *OTL* by *Old Timer*. *Save it to your Desktop*.
Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
Under *Output*, ensure that the *Standard Output* option is selected.
Under the *Extra Registry* section, select the *Use SafeList* option.
Click the *Scan All Users* checkbox.
Tick the *LOP Check* and *Purity Check* checkboxes.
Also make sure the *Include 64bit Scans* checkbox is *ticked*.
*Note:* Please leave the remaining selections on the default settings.
Click on the *Run Scan* button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
*OTL.txt* <-- _Will be opened, maximized._
*Extras.txt* <-- _Will be minimized on task bar._

Please *Copy* and *Paste* the entire contents of both *OTL.txt* and *Extras.txt* files into your next reply.
 *Step 4:*
*Program Check*


Make sure all program windows are closed.
Go to *Start* > *All Programs* > *Vaio Update*.
Select *Check For Updates*.
Please let me know if the same pop-up window appears.
 *Step 5:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*SystemLook.txt*.
*OTL.txt*.
*Extras.txt*.
Does the same pop-up window appear if you launch Vaio Update and select Check For Updates?

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I will not be able to reply from friday-sunday


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the update. I'll wait to hear from you on Monday. 

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:00 on 25/03/2012 by SNL
Administrator - Elevation successful

========== dir ==========

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735} - Parameters: "/s"

---Files---
instance.dat	--a--c- 96 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
mia.lib	--a--c- 583628 bytes	[16:41 11/03/2012]	[04:17 08/03/2012]
VAIO Messenger Setup 2.0.424.0.dat	--a--c- 259 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
VAIO Messenger Setup 2.0.424.0.exe	--a--c- 3721984 bytes	[16:41 11/03/2012]	[04:17 08/03/2012]
VAIO Messenger Setup 2.0.424.0.lnk	--a--c- 0 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
VAIO Messenger Setup 2.0.424.0.msi	--a--c- 279552 bytes	[16:41 11/03/2012]	[04:17 08/03/2012]
VAIO Messenger Setup 2.0.424.0.par	--a--c- 932 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
VAIO Messenger Setup 2.0.424.0.res	--a--c- 2026463 bytes	[16:41 11/03/2012]	[04:17 08/03/2012]
{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}	--a--c- 0 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.bitness.log	--a--c- 399 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.data.log	--a--c- 3468 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.elements.log	--a--c- 775 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]
{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.weight.log	--a--c- 341 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE	d----c-	[16:41 11/03/2012]
{F974CC36-BF25-4374-A035-B0A9DA79E735}	--a--c- 0 bytes	[16:41 11/03/2012]	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\10C52932	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\10C52932\69BFB700	d----c-	[16:41 11/03/2012]
Caravan.dll	--a--c- 508360 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\11768C0A	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\11768C0A\660DB0AF	d----c-	[16:41 11/03/2012]
ShopPanel.dll	--a--c- 98248 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\11C950CD	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\11C950CD\C03C401B	d----c-	[16:41 11/03/2012]
Interop.SHDocVw.dll	--a--c- 126976 bytes	[16:41 11/03/2012]	[11:38 19/02/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\1834AF1F	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\1834AF1F\C03C401B	d----c-	[16:41 11/03/2012]
Ionic.Zip.dll	--a--c- 437248 bytes	[16:41 11/03/2012]	[14:34 19/08/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\197939B5	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\197939B5\C03C401B	d----c-	[16:41 11/03/2012]
Microsoft.Win32.TaskScheduler.dll	--a--c- 130560 bytes	[16:41 11/03/2012]	[00:19 12/11/2011]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\2EC2122F	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\2EC2122F\C03C401B	d----c-	[16:41 11/03/2012]
Infragistics3.WPF.v7.2.dll	--a--c- 688128 bytes	[16:41 11/03/2012]	[23:43 16/01/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\2F6B9BF9	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\2F6B9BF9\CEA72F28	d----c-	[16:41 11/03/2012]
VAIOMessengerStore.chm	--a--c- 65846 bytes	[16:41 11/03/2012]	[23:37 06/01/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\30964282	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\30964282\33CC4A3	d----c-	[16:41 11/03/2012]
AddInAdapters.dll	--a--c- 18376 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\3606EC3C	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\3606EC3C\CA421EC	d----c-	[16:41 11/03/2012]
Privacy.html	--a--c- 18035 bytes	[16:41 11/03/2012]	[22:41 13/06/2011]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\4FF65F41	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\4FF65F41\95A205FF	d----c-	[16:41 11/03/2012]
DDNiAddIns.dll	--a--c- 81352 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\53F41F3D	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\53F41F3D\CA421EC	d----c-	[16:41 11/03/2012]
Returns.mht	--a--c- 117589 bytes	[16:41 11/03/2012]	[22:41 13/06/2011]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\542D0C6A	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\542D0C6A\B710D49E	d----c-	[16:41 11/03/2012]
LOGO.gif	--a--c- 2833 bytes	[16:41 11/03/2012]	[20:45 15/05/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\54526AB6	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\54526AB6\3D3899BF	d----c-	[16:41 11/03/2012]
DDNiStartup.exe	--a--c- 11208 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\5E803C80	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\5E803C80\3D3899BF	d----c-	[16:41 11/03/2012]
PipelineSegments.store	--a--c- 26503 bytes	[16:41 11/03/2012]	[23:43 28/01/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\66124345	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\66124345\4BEB5BA0	d----c-	[16:41 11/03/2012]
CenterStageAdapters.dll	--a--c- 18376 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\6C9EA555	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\6C9EA555\72EFD0D3	d----c-	[16:41 11/03/2012]
Contracts.dll	--a--c- 12232 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\72C0AEF8	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\72C0AEF8\C03C401B	d----c-	[16:41 11/03/2012]
Interop.IWshRuntimeLibrary.dll	--a--c- 49152 bytes	[16:41 11/03/2012]	[12:12 04/11/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\75629847	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\75629847\C03C401B	d----c-	[16:41 11/03/2012]
WPFToolkit.dll	--a--c- 459104 bytes	[16:41 11/03/2012]	[23:42 02/09/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\7BE555BE	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\7BE555BE\C68DDD0	d----c-	[16:41 11/03/2012]
AddIns.store	--a--c- 28508 bytes	[16:41 11/03/2012]	[23:43 28/01/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\82729DA7	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\82729DA7\C03C401B	d----c-	[16:41 11/03/2012]
ShockwaveFlashObjects.dll	--a--c- 32768 bytes	[16:41 11/03/2012]	[22:54 20/03/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\8B6F274	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\8B6F274\7D1223D3	d----c-	[16:41 11/03/2012]
VAIO Messenger.chm	--a--c- 37130 bytes	[16:41 11/03/2012]	[23:26 06/01/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\8EB80526	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\8EB80526\3D3899BF	d----c-	[16:41 11/03/2012]
DDNiAddIns.dll	--a--c- 81352 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\906D72B6	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\906D72B6\B710D49E	d----c-	[16:41 11/03/2012]
Program.ico	--a--c- 22486 bytes	[16:41 11/03/2012]	[23:26 15/05/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\9E90F4F4	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\9E90F4F4\3D3899BF	d----c-	[16:41 11/03/2012]
AspX2.dll	--a--c- 296448 bytes	[16:41 11/03/2012]	[04:07 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\A927649A	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\A927649A\3D3899BF	d----c-	[16:41 11/03/2012]
DDNiAddIns.dll	--a--c- 81352 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\A9B1D7D2	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\A9B1D7D2\3EEA730F	d----c-	[16:41 11/03/2012]
SDKWrap.dll	--a--c- 125296 bytes	[16:41 11/03/2012]	[01:23 13/01/2011]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\AA79A641	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\AA79A641\3D3899BF	d----c-	[16:41 11/03/2012]
DDNiUtility.dll	--a--c- 426440 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\AFA6589	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\AFA6589\D3E67CCD	d----c-	[16:41 11/03/2012]
VAIO Messenger.exe.config	--a--c- 1737 bytes	[16:41 11/03/2012]	[21:06 10/06/2011]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\BCAECBF2	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\BCAECBF2\3D3899BF	d----c-	[16:41 11/03/2012]
VAIO Messenger.exe	--a--c- 1320392 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\C0BA9A36	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\C0BA9A36\3D3899BF	d----c-	[16:41 11/03/2012]
DDNiUtility.dll	--a--c- 426440 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\D292063C	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\D292063C\4010EF87	d----c-	[16:41 11/03/2012]
info.ini	--a--c- 499 bytes	[16:41 11/03/2012]	[20:45 15/05/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\D8E0F74E	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\D8E0F74E\C03C401B	d----c-	[16:41 11/03/2012]
Interop.Microsoft.Feeds.Interop.dll	--a--c- 55784 bytes	[16:41 11/03/2012]	[23:43 16/01/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\DD63E341	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\DD63E341\3D3899BF	d----c-	[16:41 11/03/2012]
Resources.dll	--a--c- 28104 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\E0182F49	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\E0182F49\3D3899BF	d----c-	[16:41 11/03/2012]
AspX2.dll	--a--c- 296448 bytes	[16:41 11/03/2012]	[04:07 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\EC77CF88	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\EC77CF88\C03C401B	d----c-	[16:41 11/03/2012]
AxShockwaveFlashObjects.dll	--a--c- 19456 bytes	[16:41 11/03/2012]	[22:54 20/03/2009]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\F2D1560B	d----c-	[16:41 11/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\F2D1560B\3D3899BF	d----c-	[16:41 11/03/2012]
TWS.dll	--a--c- 69576 bytes	[16:41 11/03/2012]	[04:10 08/03/2012]

C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}\OFFLINE\mMSI.dll	d----c-	[16:41 11/03/2012]
mMSIExec.dll	--a--c- 442368 bytes	[16:41 11/03/2012]	[17:16 26/09/2011]

-= EOF =-
-------------------------------------------------------------------------------------
OTL logfile created on: 3/25/2012 6:02:25 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SNL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 50.56% Memory free
7.34 Gb Paging File | 5.07 Gb Available in Paging File | 69.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.77 Gb Total Space | 214.83 Gb Free Space | 74.65% Space Free | Partition Type: NTFS

Computer Name: LANG | User Name: SNL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 18:01:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
PRC - [2012/03/21 05:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/07/15 11:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/07/15 11:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/07/15 11:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/07/15 11:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 13:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 13:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/21 05:21:12 | 000,429,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll
MOD - [2012/03/21 05:21:11 | 003,772,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
MOD - [2012/03/21 05:19:52 | 000,527,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\libglesv2.dll
MOD - [2012/03/21 05:19:51 | 000,114,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\libegl.dll
MOD - [2012/03/21 05:19:37 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avutil-51.dll
MOD - [2012/03/21 05:19:35 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avformat-53.dll
MOD - [2012/03/21 05:19:34 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avcodec-53.dll
MOD - [2012/03/21 00:44:18 | 008,593,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
MOD - [2012/02/16 20:05:30 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/16 16:13:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 16:13:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 16:12:22 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 16:12:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 16:11:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 16:11:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 16:11:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 16:11:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/31 16:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/16 17:14:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 15:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 18:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 18:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 18:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 18:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/07/15 11:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/07/15 11:07:40 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/07/15 11:07:40 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/07/15 11:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/07/15 11:07:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/07/15 11:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/07/15 11:07:40 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/07/15 11:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/07/15 11:07:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/07/15 11:07:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/07/15 11:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/07/15 11:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/07/15 11:07:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/07/15 11:07:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/07/15 11:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2010/07/15 11:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2010/07/15 11:07:40 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:*64bit:* - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:*64bit:* - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:*64bit:* - [2011/04/20 10:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:*64bit:* - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:*64bit:* - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:*64bit:* - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/06/21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:*64bit:* - [2010/06/09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:*64bit:* - [2010/06/09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:*64bit:* - [2010/06/09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:*64bit:* - [2010/06/06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/06/20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 13:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/28 13:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/15 17:55:01 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:*64bit:* - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2010/08/26 02:19:38 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2010/08/26 02:16:50 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/06/24 13:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2010/06/23 13:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:*64bit:* - [2010/06/23 13:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:*64bit:* - [2010/05/31 14:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2010/05/31 14:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2010/05/31 14:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2010/05/28 13:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:*64bit:* - [2010/05/28 13:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:*64bit:* - [2010/03/29 17:31:18 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)
DRV:*64bit:* - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:*64bit:* - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes\{59B8C727-27E0-49CD-9737-D1E5987EF9C3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=crm&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYUS&apn_uid=ABFB44F1-F4CD-471C-A89A-0C911B453F1B&apn_sauid=5AC1251B-3E5B-4114-8062-45F09571EB89
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_en
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SNL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SNL\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SNL\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/23 15:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 20:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/22 20:46:48 | 000,000,000 | ---D | M]

[2010/12/04 14:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Extensions
[2010/12/04 14:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/07 09:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions
[2012/01/26 19:05:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/07 09:05:46 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/06 08:10:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/20 12:45:53 | 000,000,000 | ---D | M] (springshine) -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\extensions\[email protected]
[2012/02/10 16:49:36 | 000,001,734 | ---- | M] () -- C:\Users\SNL\AppData\Roaming\Mozilla\Firefox\Profiles\kij2rely.default\searchplugins\search-the-web.xml
[2012/02/21 15:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/26 19:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/26 19:24:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\SNL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KIJ2RELY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/20 12:27:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 16:38:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 12:27:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/20 12:27:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\SNL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\SNL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: di.slik.es - the Facebook Dislike Button = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmlfebmbccbmdaihmpefcfehaodlecb\1.2.0.1_0\
CHR - Extension: Angry Birds = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: WOT = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.12_0\
CHR - Extension: AdBlock = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: HappyBirthday Extension = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfhjkomemmocbjiepgnmlmbjgmhehgk\1.0_0\
CHR - Extension: Poke All for Chrome = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj\2.6_0\
CHR - Extension: MyYearBook Secret Admirer Hack = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lelhmjggcjldkkfkdooiemacaihhchej\1.0.9.1_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: FB Dislike = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\2.0.1_0\
CHR - Extension: Cath Kidston = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.7_0\
CHR - Extension: Facebook Super Select All = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnaoebelpbmmcdoboinnphhoakdnaah\1.4.2_0\
CHR - Extension: ezLinkPreview Modal = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmljbopmblcfhknligfhgfjjfaigkll\0.45_0\
CHR - Extension: MegaSkipper = C:\Users\SNL\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.64_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:*64bit:* - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001..\Run: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S6E3F.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2592790092-465171779-3383857265-1001..\Run: [Facebook Update] C:\Users\SNL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SNL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 10.100.22.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18:*64bit:* - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 18:01:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
[2012/03/20 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012/03/20 21:00:07 | 000,000,000 | ---D | C] -- C:\rsit
[2012/03/13 21:21:20 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/13 21:21:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 21:21:17 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 21:09:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 20:00:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 20:00:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 20:00:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 20:00:21 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 20:00:21 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 21:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/12 21:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/12 21:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/12 21:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/11 09:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger
[2012/03/11 09:41:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}
[2012/03/07 16:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2012/03/07 16:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2012/03/06 22:43:55 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{DDE17B2F-1EF9-4FA8-BEFF-44A3904E7B81}
[2012/03/06 22:43:45 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Local\{448D0A10-9426-4E30-BB26-C2DBA690F3F2}
[2012/03/02 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\SNL\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 11:05:44 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

========== Files - Modified Within 30 Days ==========

[2012/03/25 18:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 18:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2012/03/25 18:01:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SNL\Desktop\OTL.exe
[2012/03/25 18:00:19 | 000,165,376 | ---- | M] () -- C:\Users\SNL\Desktop\SystemLook_x64.exe
[2012/03/25 16:53:21 | 000,571,132 | ---- | M] () -- C:\Windows\SysNative\s000004.dat
[2012/03/25 16:16:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2012/03/25 16:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/03/25 15:19:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/03/25 15:02:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 15:02:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 14:56:02 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2012/03/25 14:56:02 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[2012/03/25 14:55:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 13:58:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/25 13:58:35 | 2955,493,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 06:53:53 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/25 06:53:53 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/25 06:53:53 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/23 15:10:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/21 19:56:53 | 000,417,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/20 20:59:41 | 000,879,700 | ---- | M] () -- C:\Users\SNL\Desktop\SecurityCheck.exe
[2012/03/20 20:58:10 | 000,781,383 | ---- | M] () -- C:\Users\SNL\Desktop\RSIT.exe
[2012/03/17 08:48:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/16 17:02:39 | 000,428,917 | ---- | M] () -- C:\test.xml
[2012/03/12 21:56:45 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 16:50:48 | 000,001,236 | ---- | M] () -- C:\Users\SNL\Desktop\Any Video Converter.lnk
[2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 16:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 16:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/04 14:24:31 | 000,001,861 | ---- | M] () -- C:\Users\SNL\Desktop\IMVU.lnk

========== Files Created - No Company Name ==========

[2012/03/25 18:00:24 | 000,165,376 | ---- | C] () -- C:\Users\SNL\Desktop\SystemLook_x64.exe
[2012/03/25 16:53:21 | 000,571,132 | ---- | C] () -- C:\Windows\SysNative\s000004.dat
[2012/03/20 20:59:42 | 000,879,700 | ---- | C] () -- C:\Users\SNL\Desktop\SecurityCheck.exe
[2012/03/20 20:58:10 | 000,781,383 | ---- | C] () -- C:\Users\SNL\Desktop\RSIT.exe
[2012/03/12 21:56:45 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 16:50:48 | 000,001,236 | ---- | C] () -- C:\Users\SNL\Desktop\Any Video Converter.lnk
[2012/01/10 16:19:13 | 000,003,584 | ---- | C] () -- C:\Users\SNL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 13:06:01 | 000,002,189 | ---- | C] () -- C:\Users\SNL\AppData\Local\TempfixPerms.vbs
[2011/11/29 17:27:23 | 000,000,017 | ---- | C] () -- C:\Users\SNL\AppData\Local\resmon.resmoncfg
[2011/02/25 20:55:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/06 14:30:38 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2010/11/28 17:54:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/28 17:54:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/28 17:54:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/28 17:54:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/28 17:54:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/28 17:54:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/28 17:54:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/28 17:54:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/28 17:54:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/28 17:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/28 17:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/28 17:54:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/28 17:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/28 17:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/28 17:54:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/28 17:54:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/26 14:49:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/26 02:17:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/26 02:16:26 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/12 15:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/12 13:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/12 13:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/12 13:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/12 13:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010/07/12 13:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

========== LOP Check ==========

[2012/02/17 17:52:06 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\.minecraft
[2010/12/20 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\AnvSoft
[2012/03/02 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Audacity
[2011/03/18 17:44:09 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Auslogics
[2010/12/16 21:49:21 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Broderbund
[2012/01/29 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Bullzip
[2012/03/02 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/07 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\gtk-2.0
[2012/03/23 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\IMVU
[2012/03/04 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\IMVUClient
[2012/01/17 22:30:57 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\ManyCam
[2011/07/03 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\NCH Swift Sound
[2011/12/19 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Nitro PDF
[2011/06/25 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PACE Anti-Piracy
[2011/02/05 11:17:56 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre
[2012/01/16 12:17:13 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre 7
[2012/01/16 12:19:43 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PhotoFiltre Studio X
[2011/12/19 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\PrimoPDF
[2011/09/08 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Texas Instruments
[2011/09/08 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\TI-Nspire
[2010/12/04 14:30:35 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Vivox
[2011/03/20 20:42:53 | 000,000,000 | ---D | M] -- C:\Users\SNL\AppData\Roaming\Windows Live Writer
[2012/03/25 16:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001Core.job
[2012/03/25 16:16:02 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2592790092-465171779-3383857265-1001UA.job
[2012/03/09 17:11:33 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >
--------------------------------------------------------------------------------------------

OTL Extras logfile created on: 3/25/2012 6:02:25 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SNL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 50.56% Memory free
7.34 Gb Paging File | 5.07 Gb Available in Paging File | 69.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.77 Gb Total Space | 214.83 Gb Free Space | 74.65% Space Free | Partition Type: NTFS

Computer Name: LANG | User Name: SNL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
"EPSON Printer and Utilities" = EPSON Printer Software
"GIMP-2_is1" = GIMP 2.6.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B591D7-1C20-44FB-97C2-6953AE67DE18}" = Mavis Beacon Teaches Typing Deluxe 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}" = VAIO Help and Support
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DD980D24-1240-4052-A5F7-411786C36AC8}" = Remote Keyboard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Application Manager for VAIO" = Application Manager for VAIO
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"splashtop" = VAIO Quick Web Access
"TI-Nspire Student Software" = TI-Nspire Student Software
"VAIO Messenger" = VAIO Messenger
"VST Bridge_is1" = VST Bridge 1.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2592790092-465171779-3383857265-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"PhotoFiltre 7" = PhotoFiltre 7
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Tango" = Tango
"The Moving Man" = The Moving Man

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
-------------------------------------------------------------------------


----------



## CamiKitti (Aug 29, 2011)

When I go to Start > All Programs > Vaio Update
It says "A new version of VAIO Update is available. VAIO Update cannot be used unless it is updated. Update now?"
I clicked "Yes." Then, that setup thing shows up... Oh...


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the logs and feedback. :up:

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before proceeding please make sure any open programs are closed.

*Step 1:*
*Vaio Update*

Run Vaio Update and allow the program to update this time.
Please let me know if the program updates successfully.

*Step 2:*
*Create System Restore Point*

First we need to make sure we have a back up of the Registry to return to if we need it:


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.
 *< STOP >* *If you did not successfully complete this step.* *< STOP >* *Do not continue with any other steps, post back and let me know!*

*Step 3:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 4:*
*OTL - Script*


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*.

```
:otl
IE - HKU\S-1-5-21-2592790092-465171779-3383857265-1001\..\SearchScopes\{59B8C727-27E0-49CD-9737-D1E5987EF9C3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=crm&q={searchTerms}&locale=&apn_p <http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=crm&q=%7BsearchTerms%7D&locale=&apn_p> tnrs=9G&apn_dtid=YYYYYYYYUS&apn_uid=ABFB44F1-F4CD-471C-A89A-0C911B453F1B&apn_sauid=5AC1251B-3E5B-4114-8062-45F09571EB89
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: <mailto:HKLM%5CSoftware%5CMozillaPlugins%[email protected]/iTunes,version=:> File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab <http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab> (Reg Error: Key error.)

:files
ipconfig /flushdns /c

:commands
[EMPTYTEMP]
[RESETHOSTS]
```

Then click on the *Run Fix* button at the top.
*Click*







.
*OTL may ask to reboot the machine. Please do so if asked.*
The report should appear in Notepad after the reboot.* Copy* and *Paste* that report in your next reply.
 *Step 5:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
Did the Vaio Update program update successfully?
*OTL log*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

When you say update, do you mean just press next and go on with the program?


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

For peace of mind, please can you run the Create System Restore Point step before the Vaio Update step and follow the ameneded Vaio Update instructions as follows:

*Step 1:*
*Create System Restore Point*

Please follow the instructions to create a System Resore Point as provided in my last post.

*Step 2:*
*Vaio Update*

Run Vaio Update and allow the program to update this time.


Go to *Start* > *All Programs* > *Vaio Update*.
Select *Check For Updates*.
Click to continue and *Update* the program.
*Note:* This should bring you to the *Select Country* screen.
Select the appropriate country and click on the *Next button to continue.
[*]Then follow the instructions to process the update(s) as necessary.
[*]Please let me know if the program updates successfully.
*
*
... Then continue with the rest of the steps from Step 3 as supplied in my last post and post back the contents of the log file and feedback requested.

Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I never realized that those pop ups weren't actually viruses... Just VAIO updates. It looked very sketchy because of the quality, but I guess I should've updated it a long time ago because my VAIO stuff hasn't been working well. Works now! XD

No.
Yup, I updated other stuff too, like the remote keyboard.

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2592790092-465171779-3383857265-1001\Software\Microsoft\Internet Explorer\SearchScopes\{59B8C727-27E0-49CD-9737-D1E5987EF9C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59B8C727-27E0-49CD-9737-D1E5987EF9C3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SNL\Desktop\cmd.bat deleted successfully.
C:\Users\SNL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SNL
->Temp folder emptied: 148249101 bytes
->Temporary Internet Files folder emptied: 176807334 bytes
->Java cache emptied: 570376 bytes
->FireFox cache emptied: 263786349 bytes
->Google Chrome cache emptied: 416475412 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 82363 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56039455 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 30479581 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1409666 bytes

Total Files Cleaned = 1,043.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_203539

Files\Folders moved on Reboot...
C:\Users\SNL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the log file and feedback. It's good to know that we have finally got to the bottom of that pop-up installer issue. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before proceeding please make sure any open programs are closed.

*Step 1:*
*Create System Restore Point*

First we need to make sure we have a back up of the Registry to return to if we need it:


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C: drive) indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.
*< STOP >* *If you did not successfully complete this step.* *< STOP >* *Do not continue with any other steps, post back and let me know!*

*Step 2:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 3:*
*Malwarebytes' Anti-Malware*

As you already have this program installed, let's check for updates and run the program again.

*Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.*


*Launch Malwarebytes' Anti-Malware*
You will be asked to update the program before performing a scan. Please do so.
If an update is found, the program will automatically downoad and install the update.
Click on the *OK* button to close that box and continue.
_If you have any problems downloading updates download them manually from *here* and double-click on *mbam-rules.exe* to complete the installation._

*On the Scanner tab:*


Make sure the *Perform quick scan* option is selected.
Then click on the *Scan* button.
If asked to select the drives to scan, leave all the drives selected and then click on the *Start Scan* button.
The scan will begin and *Scan in progress* will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will be displayed saying *The scan completed successfully. Click 'Show Results' to display all objects found.*
Click on the *OK* button to close the message box and continue with the removal process.
*Back at the main Scanner screen:*


Click on the *Show Results* button to see a list of any malware that was found.
Check all items *except* items in the *C:\System Volume Information* folder and then click on the *Remove Selected* button.
_The *System Volume Information* items will be taken care of later._
When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. _(See *Note* below)._
The log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM.
The log can also be found here: 
C:\Documents and Settings\_Account Name_\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*mbam-log-date (time).txt*
Please *Copy* and *Paste* the entire contents of *mbam-log-date (time).txt* into your next reply and exit MBAM.
_*Note*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. 
Click *OK* to either prompt and let MBAM proceed with the disinfection process. 
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware._

*Step 4:*
*Java Runtime Environment Update Needed!*

It is advisable that you update your Java Runtime Environment installation to the latest currently available version: Java(TM) 7 Update 3.
*Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.*
Please follow these steps to remove older versions of Java components and update:

* Attention: Print these instructions or copy them. You will be closing your browser!!*

*DOWNLOAD UPDATED VERSION:*


Get the latest version of *Java Runtime Environment (JRE)* © Oracle Corporation.
Look for *Java SE 7u3*.
Click on the *JRE Download* button to the right.
Then *check* the *Accept License Agreement* option.
Locate the entry for *Windows x64 (64-bit)*, click on the file name *jre-7u3-windows-x64.exe* and save the file to your *Desktop*.
 *<STOP> Do not install the new version of Java yet. We need to do some cleanup first!*

*REMOVE OLD JAVA VERSIONS:*


Close any programs you may have running - especially your web browser.
Click on *Start* > *Control Panel* > *Programs*.
_Depending on your current view setting, then:_
Double-click on *Programs and Features*.
Under *Programs*, click on *Uninstall a program* and remove *all* older versions of Java as follows:

Scroll down to locate the following program(s):
*Java(TM) 6 Update 31*

Select the program and click on *Uninstall* to uninstall it.
When finished *Close* the *Control Panel* window.
 *Delete Old Java Folder*


Click on *Start* > *Computer*.
Then navigate to and find the following *folder*: if found, *delete it*.
_It is possible it may have been removed by the uninstall steps._
*C:\Program Files\Java\* <==== delete this entire folder
When finished, *Close and Exit Explorer*.
*INSTALL UPDATED VERSION:*


Close all open applications (standard), *especially* your browser.
From the *Desktop* double-click on *jre-7u3-windows-x64.exe* to install the latest version.
Follow the on-screen instructions. When the installation has completed successfully, *Reboot* your computer normally.
Once the computer has been restarted, you can delete the downloaded installation file from your desktop.
 *OPTIONAL:*
To prevent some unnecessary JAVA components from running when you boot your computer each time:


Click on *Start* > *Control Panel* > *Programs* and then click on the *JAVA* icon.
Click on the *Update* tab and *UNCHECK* the *Check for Updates Automatically* option. (You can check for updates manually.)
Reply *Never Check* to the warning prompt.

Now click on the *Advanced* tab and then click on the [+] to expand the *Miscellaneous* options.
*UNCHECK* the *Java Quick Starter* option.
Click on the *Apply* button and then the *OK* button to save the changes.
Then *Close* the *Java Control Panel* and *Close and Exit Control Panel*.
_If you choose to update via the Java applet in Control Panel, *uncheck* the option to install the Google Toolbar unless you want it._

*Step 5:*
*ESET NOD32 Online Scan*



> *Please Note:* If using *Mozilla Firefox* you will need to download *esetsmartinstaller_enu.exe* when prompted. Then double-click on it to install.


*If you restarted the computer following the MalwareBytes Anti-Malware scan, please temporarily disable your Windows Defender and Avast! Realtime Protection. If active, it could impact the online scan.*

Please go to *ESET Online Scanner* - *© ESET (All Rights Reserved)* to run an online scan.
*** Make sure you are using an account that has Administrative privileges ***


Click on the *ESET Online Scanner* button.
Check the box next to *"YES, I accept the Terms of Use."*
Click *Start*.
A window will open. It may appear nothing is happening, but please be patient.
Click *Yes* to the *run ActiveX* prompt.
Click *Install* at the *install ActiveX* prompt.
Once installed, the scanner will be initialized.
Click on the *Start* button.
Make sure that the options:
*Remove found threats* is *UNCHECKED*
Leave the "default" settings under *Advanced* as they are. If not set, please check:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*


Click on the *Start* button.
ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
Use *Notepad* to open the log file located at *C:\Program Files\ESET\ESET Online Scanner\log.txt*.
*Copy* and *Paste* the entire contents of *log.txt* into your next reply.
 *Remember to re-enable your Windows Defender and Avast! Realtime Protection before continuing!*

*Step 6:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*mbam-log-date (time).txt*.
*log.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Sorry about that, I was yet again gone for the weekend. I'm back though.


----------



## CamiKitti (Aug 29, 2011)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SNL :: LANG [administrator]

4/1/2012 7:55:33 PM
mbam-log-2012-04-01 (19-55-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343607
Time elapsed: 1 hour(s), 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SNL\Downloads\MarkerFelt_downloader_by_Fonts101.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.

(end)
---------------------------------------------------------------------------------------------------
The log for the ESET didn't update because it still has the old one. One thing was found. Something in my downloads called AVC-free. Something about a n opencandy application.


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Please can you use *Notepad* to open the log file located at *C:\Program Files\ESET\ESET Online Scanner\log.txt*. 
Then *Copy* and *Paste* the entire contents of *log.txt* into your next reply. 

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the log. Unfortunately, for some reason it appears that the detection did not get logged. 

I believe the detection may have been somethig along the lines of:



> C:\Users\SNL\Downloads\avc-free.exe Win32/OpenCandy application deleted - quarantined


To make sure the detection was dealt with I am going to ask you to run an alternative online AV scanner tool.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure any open programs are closed.

*Step 1:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 2:*
*Online Scan - Panda ActiveScan*


Right-click on the Internet Explorer icon under the Start Menu or in the Quick Launch bar and select the *Run as Administrator* option.
Please go to *Panda ActiveScan* © *Panda Security* to perform a free online scan.
*Internet Explorer must be used as the scan requires ActiveX.*
Click on the *Scan your PC now* button.
A new window will open.
Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select *I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable* option.
Click on *Free online scan*.
You will be prompted to install an *ActiveX* module. Please allow it.
Once installed, it will start downloading the virus definitions. This takes a while. Please be patient.
Once the files are downloaded, it will ask you to select what to scan. Select *My Computer*.
The scan will start. This can take some time. So, again, please be patient.
When the scan has completed, click on *View Report*.
The report will be displayed in separate browser window. Click on *Save Report*.
Save the report as *ActiveScan.txt* to your Desktop.
Please *Copy* and *Paste* the entire contents of the *ActiveScan.txt* file into your next reply.
 *Remember to re-enable your Windows Defender and Avast! Realtime Protection after running the above scan!*

*Step 3:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*ActiveScan.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

It only got halfway through, and stopped when it found tracking cookies.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-04-04 14:43:07
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! Antivirus No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\qmmo10ny.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\5g7epl5i.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\150t953k.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\zs56ogne.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\vu5kd0k7.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\0tqslrw4.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\rjifo6be.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\4uk0znbi.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\1lqqrb18.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\bqxe831m.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\6rhlnbnv.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\o4fivk06.txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\0nhjmn7m.txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\b5iyhb5b.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\y6w0ovik.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\19lcnrrx.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\dzp13ry0.txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\qxgfhrjo.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\n3q0q5eu.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\xt7ya10w.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\fgokxc0c.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\1uy4visv.txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\5so3n0fp.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\7mduq9z0.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\0n81gqg5.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\snl\appdata\roaming\microsoft\windows\cookies\low\fi0z40e8.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Apologies for the delay in responding and thank you for the log file and feedback.

FYI, that Panda ActiveScan log looks complete. 

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
*If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.*

Before we proceed please make sure all open programs are closed.

*Step 1:*
*CCleaner*

*Please Note:* The following instructions will remove all saved login and password details stored on the computer for websites frequented.

*Install CCleaner*:


Please download the slim version of *CCleaner* *© Piriform Ltd.* and *Save* it to your *Desktop*. 
*Note:* An icon will appear on your desktop for the program *ccsetup???_slim.exe* where *???* indicates the version number of the program.
Right-click the *ccsetup???_slim.exe* icon on your desktop and select the *Run As Administrator* option to run the installer. If you receive a UAC prompt, please allow it.
Select the appropriate language and click on the *OK* button.
The installation wizard will now open. Click on the *Next* button.
Click on the *I Agree* button in the License Agreement window.
Leave all the Install Options as their default settings (checked) and click on the *Install* button.
When the installer has finished click on the *Finish* button. CCleaner will now automatically launch.
 *Run CCleaner*:

*IMPORTANT*: *DO NOT* click on the *Registry* (building blocks) icon on the left-hand side of the program window. 
This is a built-in *Registry Cleaner*. Removing certain entries can render your computer inoperable!

If a message window is displayed asking: "*Intelligently scan for cookies to keep?*" click on the *Yes (Recommended)* button.
_A quick scan will now be performed to identify cookies to keep, however, no cookies will be deleted at this point._
Click on the *Options* (cog wheel) icon on the left, then click on the *Advanced* button.
*Uncheck* the *Only delete files in Windows Temp folders older than 24 hours* option.
Click on the *Cleaner* (brush) icon on the left.
Click on the *Run Cleaner* button to initiate the cleaning process.
Then click on the *OK* button to accept the disclaimer and allow the program to continue.
Once the cleaning process has finished, *Close* CCleaner.
*Step 2:*
*Disable Realtime Protection*

Make sure Windows Defender and Avast! Realtime Protection are both disabled using the instructions provided previously before continuing.

*Step 3:*
*Re-run Panda ActiveScan*

Please re-run Panda ActiveScan and post the entire contents of the *ActiveScan.txt* file in your next reply.

*Remember to re-enable your Windows Defender and Avast! Realtime Protection after running the above scan!*

*Step 4:*
*Include in Next Post*


Did you have any problems carrying out the instructions?
*ActiveScan.txt*.

*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

I couldn't find where it said view report. It just says "Today you are not infected"


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the feedback. 



CamiKitti said:


> It just says "Today you are not infected"


That is very good news! :up:

Congratulations and well done! I can now confirm that your system now appears to be clean and the pop-up installer issue has now been resolved.

Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items: 

*Step 1:*
*OTL - Clean SRP*

It's now time for some housekeeping. First, we need to clear out your System Restore Points to remove any infection files that may have been backed up by System Restore while you were infected. Then set a new clean Restore Point.


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
*Copy* the following code, _not including the word *Code*_.

```
:commands
[ClearAllRestorePoints]
```

Return to OTL, right click in the *Custom Scans/Fixes* textarea and select *Paste* from the pop-up menu.
Click on the *Run Fix* button at the top.
Then click on the *OK* button to proceed with the fix.
*Close OTL*.
 *Step 2:*

Next, please follow the instructions below to remove the tools we have used to clean up your computer.*OTL - Cleanup*


Right-click on *OTL.exe* and select the *Run As Administrator* option to launch the program. If you receive a UAC prompt, please allow it.
This will remove most, if not all, of the tools we used to clean your PC.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the *CleanUp!* button.
Click on the *Yes* button at the prompt and then allow the program to reboot your computer.
 *Remove Tools Used*

You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.*SecurityCheck.exe
SystemLook_x64.exe*​*Please Note:* These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.​*Step 3:*
*Improve Your Computer's Security*

*MalwareBytes' AntiMalware*
It is worth keeping *MalwareBytes' AntiMalware* on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

*Below are additional (free) programs that can help improve your computer's security.*
Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try.  *WinPatrol*
Download it from Copyright © BillP Studios.
Information about how WinPatrol works, is available *here*.
(The free version of WinPatrol provides limited real-time protection.)

*SpywareBlaster*
Download and install Javacool's SpywareBlaster from *Here*.
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

*MVPS Hosts*
For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided *here*.
Install *MVPS Hosts File* from *here*.
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can read the Tutorial* *here*.

*Panda USB Vaccine*
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from *Here*.​*Step 4:*
*Further Guidelines*

Please follow these simple guidelines in order to help keep your computer more secure:*Update your Anti-virus program and other programs regularly.*
Online Secunia Software Inspector - © Secunia. 
FileHippo.com Update Checker - © FileHippo.com
F-secure Health Check - © F-Secure Corporation.

*Visit Microsoft often*
Keep on top of critical updates, as well as other updates for your computer.
Using Windows Update in Windows 7
What is Windows Update?
Microsoft Update Home

* Read, stay informed.*
To help minimize the chances of becoming re-infected, please read:
*Computer Security - a short guide to staying safer online*

If your computer is running slowly after your clean up, please read:
*What to do if your Computer is running slowly*​*Please confirm that you have completed the cleanup steps and reviewed the rest of the post.*
Once your reply has been received, unless there are other malware questions or concerns, this topic will be closed as resolved.

Stay Safe! 
*Scolabar*


----------



## CamiKitti (Aug 29, 2011)

Done!


----------



## Scolabar (Apr 15, 2011)

Hi CamiKitti,

Thank you for the confirmation. 

As your malware issues now appear to be resolved, I will now mark this thread as *Solved*.

*Scolabar*


----------

