Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Infostealer Snifula.B Activity detected


  • This topic is locked This topic is locked
10 replies to this topic

#1 WaterstonJ

WaterstonJ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 08 May 2010 - 05:51 PM

Recently my Symantec antivirus found several Trojans (including Trojan.FakeAV, Trojan.Gen, and several others; I can post the log if needed), most of which it was able to clean, but Symantec security logs show that there is HTTP Infostealer Snifula.B Activity detected every minute.

This is the description on the log:
[SID: 22172] HTTP Infostealer Snifula.B Activity detected. Traffic has been blocked from this application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Also, upon startup, Windows alerts me that AML.exe and autolaunchwlasu.exe has stopped working. I’ve scanned my computer using Symantec, Malwarebytes Anti-Malware, Super AntiSpyware, but can’t seem to figure out how to remove it completely. Thank you very much!


-----------------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by Tiff at 15:11:06.89 on Sat 05/08/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3934.2364 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\nwtray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Tiff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files (x86)\pdfforge toolbar\WidgiToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\pdfforge toolbar\SearchSettings.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files (x86)\pdfforge toolbar\WidgiToolbarIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Nero DriveSpeed] "c:\progra~2\nero\nero7~1\neroto~1\DRIVES~1.EXE"
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [Intuit SyncManager] c:\program files (x86)\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "c:\program files (x86)\sony\vaio survey\VAIO Sat Survey.exe"
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [ISBMgr.exe] "c:\program files (x86)\sony\isb utility\ISBMgr.exe"
mRun: [AML] "c:\program files (x86)\sony\vaio launcher\AML.exe" InitApp
mRun: [NWEReboot]
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [SearchSettings] c:\program files (x86)\pdfforge toolbar\SearchSettings.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files (x86)\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - c:\windows\syswow64\NalExpEx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 ncv1_0
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Apoint] c:\program files\apoint\Apoint.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [NWTRAY] NWTRAY.EXE
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\tiff\appdata\roaming\mozilla\firefox\profiles\urxxllna.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\tiff\appdata\roaming\mozilla\firefox\profiles\urxxllna.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\drivers\ncfilter.sys [2009-12-27 113176]
R0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\drivers\ncrecognizer.sys [2009-12-27 119320]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\drivers\ncuncfilter.sys [2009-12-27 26136]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-11-21 55024]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2009-12-27 96792]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2009-12-27 83480]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-16 14112]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-30 134656]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-6 2477304]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-21 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-30 407392]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2009-12-27 21016]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-21 19968]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-10-30 300032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 132656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-30 126976]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-30 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-10-30 391680]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-10-30 36392]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-10 93184]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-3-4 26672]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-28 19544]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-4-12 167424]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files (x86)\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files (x86)\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\sony\vaio media plus\SOHCImp.exe [2008-11-21 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\sony\vaio media plus\SOHDms.exe [2008-11-21 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\sony\vaio media plus\SOHDs.exe [2008-11-21 62752]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-21 369952]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2008-11-21 108832]

=============== Created Last 30 ================

2010-05-08 18:07:26 0 d-----w- C:\Games
2010-05-08 18:02:27 0 d-----w- C:\TBRASetup
2010-05-06 13:42:24 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-06 13:41:04 0 d-----w- c:\users\tiff\appdata\roaming\SUPERAntiSpyware.com
2010-05-06 13:41:04 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-05-06 13:40:05 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-05-06 12:45:35 19016 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-06 12:45:30 0 d-----w- c:\programdata\Hitman Pro
2010-05-06 12:45:28 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-06 12:44:20 0 d-----w- c:\program files (x86)\Hitman Pro 3.5
2010-05-06 04:56:20 40960 ------w- c:\windows\syswow64\MRINnet.dll
2010-05-06 04:56:18 12 ----a-w- c:\users\tiff\appdata\roaming\jmkneq.dat
2010-05-02 17:25:06 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-04-14 08:33:01 1420688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:33:00 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:33:00 224256 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 08:32:46 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:32:46 135168 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:32:46 105472 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:32:38 4678032 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:32:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:32:09 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 08:31:59 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 08:31:59 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-04-14 08:25:46 218112 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 08:25:45 171520 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 08:25:42 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 08:25:42 104960 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-02 17:25:39 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-02 17:25:39 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-02 17:25:38 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-28 10:00:59 94812 ----a-w- c:\windows\fonts\cordiauz.ttf
2010-03-09 16:54:17 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:28:40 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 16:28:27 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 16:27:21 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-03-09 16:26:20 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-03-09 16:26:11 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 16:26:11 3586048 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 16:26:10 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-03-09 16:25:38 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-03-09 16:25:24 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-03-09 16:25:24 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 16:25:23 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:25:21 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-03-09 16:25:21 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-03-09 16:25:21 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-03-09 14:28:42 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 14:01:47 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-02-20 23:44:53 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:42:16 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:39:35 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2008-10-31 02:49:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-30 08:30:17 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-11-30 08:30:17 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-11-30 08:30:17 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-01-22 11:26:18 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat

============= FINISH: 15:11:32.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 10 May 2010 - 04:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 WaterstonJ

WaterstonJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 10 May 2010 - 08:11 PM

Thanks for the reply! I have posted the logs below...

OTL Extras logfile created on: 5/10/2010 5:55:38 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Tiff\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.59 Gb Total Space | 64.67 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Tiff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1416513148-698605474-899183090-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{166F4C71-519F-47D4-B19C-BDEE1402648B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6DCD92-7B5D-403B-8FE7-D432393E53E8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{0E8744AC-0663-4005-9D4D-3FAFDDCF6BBD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{16670079-D088-4FE0-A06D-E6D0E5A8BC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{36ABE0C1-D856-46A5-9A77-C9EDB1C425B2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{575EAED3-A785-4252-AD3E-794426ADD70A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{576C8A16-90A7-4386-B754-31F56230F7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{5DE62542-F04F-496E-963A-B6B73D78E670}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6022BB02-2CBE-4CD6-A9EE-AC10E5718659}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6A2D8A9B-5B5A-4673-BCC3-1894803974A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BA83995-5CCC-4A65-A570-1762FEED03FE}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{99D68058-C0F6-4138-9A3B-F8E55F72B508}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B419D238-8A6B-4D96-A648-5F774F76E91D}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{BABDD066-BC4E-4548-B79B-0C1080564617}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DC3D2B4A-1F6B-4D0A-812B-14167C2B67EB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E43B4EB0-DDCA-4B79-A789-30A66801311A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E8777A75-9C3C-467E-AB3B-33A7E8CC998A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{1D19B322-9077-4D8A-918B-967AB3CE201A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{30CAA5F6-A4C5-4759-B587-CB672EFBAC41}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{D8ACAC20-F8BF-4857-A0FF-16D5BDADD319}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{5C41ACF1-59A7-4B05-AD14-6FA467B707C9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9B8CF6F4-0A27-48A6-B486-0ECD7DBC7CEE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{BE01F2F5-EA4E-4E2A-B195-AD6990716E1F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{22859902-78CE-40B0-9429-6FE7A00BBF85}" = NMAS Client
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{54031C8D-F80D-47BB-B3CA-5E9BD7750C27}" = NMAS Challenge Response Method
"{559D2B32-5066-4762-A2F2-52831AC6F67B}" = NICI (64 bit)
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Novell Client for Windows" = Novell Client for Windows
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E3C2706-59A3-426E-A0EA-65BFF05048C7}" = VAIO Content Metadata Intelligent Analyzing Manager
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{223A0070-C924-48E3-AEB6-2E06CC835CC0}" = VAIO Care
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36557787-E9BE-40E0-8627-C6C3486FF1CF}" = VAIO Content Metadata Intelligent Analyzing Manager
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45DA6A07-9EF6-4671-8869-2010819E557F}" = VAIO Content Metadata Manager Setting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55AF809F-BD6D-45AF-A2C2-833308FA432A}" = VAIO Content Metadata XML Interface Library
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58BAD068-F0A0-4831-866F-5DFA6B24B724}" = VAIO Content Metadata XML Interface Library
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E04640B2-70EE-4A6E-8FD6-0A93A3D48CBC}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECB5774A-A39B-4419-A7D3-92F49C0FCAB3}" = VAIO Content Metadata Intelligent Analyzing Manager
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"am-supertexttwist" = Super TextTwist
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"GameHouse" = GameHouse
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"ScanSoft PaperPort Viewer 7.0" = ScanSoft PaperPort Viewer 7.0
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1416513148-698605474-899183090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2010 11:01:47 PM | Computer Name = PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 4/12/2010 11:02:42 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:42 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:42 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:42 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:42 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:43 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/12/2010 11:02:43 PM | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/14/2010 6:26:23 AM | Computer Name = PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 4/14/2010 6:26:24 AM | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 5/3/2010 12:41:11 AM | Computer Name = PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/3/2010 12:41:11 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 5/3/2010 12:41:12 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



Error - 5/6/2010 9:02:51 AM | Computer Name = PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/6/2010 9:02:52 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 5/6/2010 10:45:15 AM | Computer Name = PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/6/2010 10:45:15 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 5/7/2010 12:58:43 AM | Computer Name = PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/7/2010 12:58:43 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 5/7/2010 12:58:43 AM | Computer Name = PC | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



[ System Events ]
Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/11/2009 1:07:05 AM | Computer Name = PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/11/2009 1:12:48 AM | Computer Name = PC | Source = DCOM | ID = 10010
Description =

Error - 3/11/2009 1:12:59 AM | Computer Name = PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2009 1:15:02 AM | Computer Name = PC | Source = Service Control Manager | ID = 7003
Description =

Error - 3/11/2009 1:15:03 AM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 5/10/2010 5:55:38 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Tiff\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.59 Gb Total Space | 64.67 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Tiff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/10 17:54:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/06 18:09:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/06 18:09:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/06 18:09:07 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/06 18:09:06 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2008/10/17 19:22:04 | 000,203,616 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/10/17 19:19:26 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/08 10:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 10:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/03 18:36:04 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/04/03 21:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/22 15:52:14 | 001,447,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/10 17:54:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
MOD - [2008/01/20 19:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/27 19:40:44 | 000,021,016 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV:64bit: - [2009/09/16 23:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/10/01 19:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/09/19 11:06:24 | 000,108,832 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/05 12:00:06 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/08/20 18:16:10 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/08/20 17:39:28 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/27 17:00:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/04/16 19:36:45 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/06 18:09:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/06 18:09:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/06 18:09:09 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/06 18:09:07 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/06 18:09:07 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/21 11:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 11:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 11:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 19:22:04 | 000,203,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 03:34:36 | 000,134,656 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/08 10:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 10:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 10:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 18:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/01 15:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/20 02:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 02:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 02:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 19:48:06 | 000,220,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2009/12/27 19:40:42 | 000,083,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV:64bit: - [2009/12/27 19:40:42 | 000,031,256 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV:64bit: - [2009/12/27 19:40:40 | 000,119,320 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV:64bit: - [2009/12/27 19:40:40 | 000,113,176 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NCFilter.sys -- (NCFilter)
DRV:64bit: - [2009/12/27 19:40:40 | 000,096,792 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV:64bit: - [2009/12/27 19:40:40 | 000,026,136 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV:64bit: - [2009/10/09 07:50:48 | 000,024,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/10/06 18:12:19 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/10/06 18:09:23 | 000,052,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/10/06 18:09:21 | 000,481,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/10/06 18:09:21 | 000,443,952 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/10/06 18:09:21 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/10/06 18:09:11 | 000,062,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/18 11:28:36 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/03/04 22:32:04 | 000,026,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/10/23 17:07:04 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/10/22 17:02:17 | 000,085,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 17:02:08 | 000,076,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/10/20 18:18:01 | 000,021,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/10/20 18:17:59 | 000,133,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/10/20 18:17:59 | 000,095,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/10/20 18:17:31 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/10/16 19:16:52 | 000,406,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/09/25 17:02:12 | 004,598,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/16 17:02:51 | 000,126,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/16 17:02:26 | 007,907,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/29 00:57:24 | 004,745,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/21 17:06:22 | 000,011,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/07/17 17:05:52 | 000,193,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/28 03:23:40 | 000,154,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/27 17:00:52 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/04/27 17:00:38 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/27 17:00:35 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/27 17:00:35 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/27 17:00:33 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/27 17:00:33 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/04/24 15:06:42 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/04/16 19:36:57 | 000,694,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/04/16 19:36:51 | 000,178,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2008/04/16 19:36:49 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/04/16 19:36:47 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 19:47:02 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/04/16 21:51:50 | 000,014,112 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 00:10:42 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.002\EX64.SYS -- (NAVEX15)
DRV - [2010/02/11 00:10:37 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.002\ENG64.SYS -- (NAVENG)
DRV - [2009/10/06 18:09:21 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/10/06 18:09:21 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/10/06 18:09:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/27 01:00:47 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/27 01:00:47 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/03/04 22:32:04 | 000,000,841 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2008/08/22 16:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/27 17:00:35 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1416513148-698605474-899183090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\S-1-5-21-1416513148-698605474-899183090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKU\S-1-5-21-1416513148-698605474-899183090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1416513148-698605474-899183090-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKU\S-1-5-21-1416513148-698605474-899183090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.ucla.edu/cgi/proxy"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/06 06:16:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/06 06:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/03 14:02:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/11/17 04:10:35 | 000,000,000 | ---D | M]

[2009/11/26 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Extensions
[2009/11/26 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/05/08 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions
[2009/07/19 20:12:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 20:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/28 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\moveplayer@movenetworks.com
[2010/05/08 22:45:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/04/26 20:51:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com
[2009/09/08 19:19:28 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1416513148-698605474-899183090-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1416513148-698605474-899183090-1000..\Run: [Nero DriveSpeed] C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG)
O4 - HKU\S-1-5-21-1416513148-698605474-899183090-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1416513148-698605474-899183090-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B4870B70-F390-11d2-9FB9-F4ED725EA20D} - C:\Windows\SysWOW64\NALEXPEX.DLL (Novell, Inc)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1996/11/07 10:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 11:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 19:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 07:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a01c8a11-fce0-11de-b7d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a01c8a11-fce0-11de-b7d0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [1999/02/02 19:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: MagnPING - (C:\Windows\system32\MRINnet.dll) - C:\Windows\SysWOW64\MRINnet.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll ()
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm ()
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm ()
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll ()
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll ()
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files (x86)\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 20:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 17:54:38 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
[2010/05/08 11:07:26 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/08 11:02:27 | 000,000,000 | ---D | C] -- C:\TBRASetup
[2010/05/06 06:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/06 06:41:04 | 000,000,000 | ---D | C] -- C:\Users\Tiff\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/06 06:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/05/06 06:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/06 06:37:31 | 000,000,000 | ---D | C] -- C:\Users\Tiff\Desktop\gmer
[2010/05/06 06:18:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tiff\Desktop\HiJackThis.exe
[2010/05/06 05:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/05/06 05:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/06 05:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/04/24 06:25:17 | 000,000,000 | ---D | C] -- C:\Users\Tiff\Desktop\Taxes
[2010/04/14 01:32:09 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 01:31:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 01:25:45 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 01:25:42 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tiff\Documents\*.tmp files -> C:\Users\Tiff\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 17:57:57 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/10 17:57:57 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/10 17:57:57 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/10 17:56:50 | 003,145,728 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT
[2010/05/10 17:54:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
[2010/05/10 17:51:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 17:51:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/10 17:51:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 17:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 17:51:06 | 4126,179,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 08:11:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/10 08:11:05 | 000,524,288 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT{742000b7-95db-11de-845e-001dbab29c4b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 08:11:05 | 000,065,536 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT{742000b7-95db-11de-845e-001dbab29c4b}.TM.blf
[2010/05/10 08:10:23 | 002,460,316 | -H-- | M] () -- C:\Users\Tiff\AppData\Local\IconCache.db
[2010/05/09 09:08:37 | 000,105,984 | ---- | M] () -- C:\Users\Tiff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 16:18:37 | 000,022,528 | ---- | M] () -- C:\Users\Tiff\Documents\HTTP Infostealer Snifula.doc
[2010/05/08 15:40:18 | 000,006,915 | ---- | M] () -- C:\Users\Tiff\Desktop\risk log.csv
[2010/05/08 14:38:59 | 000,002,651 | ---- | M] () -- C:\Users\Tiff\Desktop\Microsoft Office Word 2007.lnk
[2010/05/06 06:36:17 | 000,284,915 | ---- | M] () -- C:\Users\Tiff\Desktop\gmer.zip
[2010/05/06 06:33:09 | 000,525,824 | ---- | M] () -- C:\Users\Tiff\Desktop\dds.scr
[2010/05/06 06:18:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tiff\Desktop\HiJackThis.exe
[2010/05/06 06:16:42 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/06 05:45:35 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/05/05 21:56:20 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\MRINnet.dll
[2010/05/05 21:56:18 | 000,000,012 | ---- | M] () -- C:\Users\Tiff\AppData\Roaming\jmkneq.dat
[2010/05/05 12:02:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/05 09:10:38 | 000,035,328 | ---- | M] () -- C:\Users\Tiff\Documents\Movies.doc
[2010/04/30 22:15:17 | 000,427,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/27 08:29:37 | 000,025,088 | ---- | M] () -- C:\Users\Tiff\Desktop\Cover Letter - UCLA - 14486.doc
[2010/04/26 19:32:29 | 000,060,324 | ---- | M] () -- C:\Users\Tiff\Desktop\14486 - Canon.pdf
[2010/04/25 14:17:21 | 000,000,162 | -H-- | M] () -- C:\Users\Tiff\Documents\~$Movies.doc
[2010/04/20 23:12:58 | 000,026,624 | ---- | M] () -- C:\Users\Tiff\Documents\Posts.doc
[2010/04/20 22:22:20 | 000,089,235 | ---- | M] () -- C:\Users\Tiff\Documents\ORDER.pdf
[2010/04/16 21:43:12 | 000,104,513 | ---- | M] () -- C:\Users\Tiff\Documents\Thank you - Glasses On Web.pdf
[2010/04/14 21:40:25 | 000,168,578 | ---- | M] () -- C:\Users\Tiff\Documents\Methods_deat.pdf
[2010/04/11 17:10:34 | 000,046,592 | ---- | M] () -- C:\Users\Tiff\Desktop\Paralegal Resume_20100411.doc
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tiff\Documents\*.tmp files -> C:\Users\Tiff\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 15:40:18 | 000,006,915 | ---- | C] () -- C:\Users\Tiff\Desktop\risk log.csv
[2010/05/08 15:09:32 | 000,022,528 | ---- | C] () -- C:\Users\Tiff\Documents\HTTP Infostealer Snifula.doc
[2010/05/06 06:36:16 | 000,284,915 | ---- | C] () -- C:\Users\Tiff\Desktop\gmer.zip
[2010/05/06 06:33:07 | 000,525,824 | ---- | C] () -- C:\Users\Tiff\Desktop\dds.scr
[2010/05/06 06:09:55 | 4126,179,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/06 05:45:35 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/05/05 21:56:20 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\MRINnet.dll
[2010/05/05 21:56:18 | 000,000,012 | ---- | C] () -- C:\Users\Tiff\AppData\Roaming\jmkneq.dat
[2010/05/02 10:25:06 | 000,255,552 | ---- | C] () -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/04/26 19:38:48 | 000,025,088 | ---- | C] () -- C:\Users\Tiff\Desktop\Cover Letter - UCLA - 14486.doc
[2010/04/26 19:32:28 | 000,060,324 | ---- | C] () -- C:\Users\Tiff\Desktop\14486 - Canon.pdf
[2010/04/25 14:17:21 | 000,000,162 | -H-- | C] () -- C:\Users\Tiff\Documents\~$Movies.doc
[2010/04/20 23:12:57 | 000,026,624 | ---- | C] () -- C:\Users\Tiff\Documents\Posts.doc
[2010/04/20 22:22:18 | 000,089,235 | ---- | C] () -- C:\Users\Tiff\Documents\ORDER.pdf
[2010/04/16 21:43:11 | 000,104,513 | ---- | C] () -- C:\Users\Tiff\Documents\Thank you - Glasses On Web.pdf
[2010/04/14 21:40:23 | 000,168,578 | ---- | C] () -- C:\Users\Tiff\Documents\Methods_deat.pdf
[2010/04/14 01:33:01 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/14 01:33:00 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/14 01:33:00 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/14 01:32:46 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/14 01:32:46 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/14 01:32:46 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/14 01:32:38 | 004,678,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 01:32:09 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 01:31:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/14 01:25:46 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 01:25:42 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/11 16:31:04 | 000,046,592 | ---- | C] () -- C:\Users\Tiff\Desktop\Paralegal Resume_20100411.doc
[2010/04/08 08:26:14 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\NALNRD95.DLL
[2010/04/08 08:26:13 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\NALNRD32.DLL
[2010/04/08 08:26:11 | 000,288,768 | ---- | C] () -- C:\Windows\SysWow64\DBLGEN6.DLL
[2010/04/08 08:26:10 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\DBPORT6.DLL
[2010/04/08 08:26:08 | 000,409,088 | ---- | C] () -- C:\Windows\SysWow64\DBODBC6.DLL
[2010/04/08 08:26:07 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\NLSAPI32.DLL
[2010/04/08 08:26:06 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\NLS32.DLL
[2009/12/27 19:40:44 | 000,915,992 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll
[2009/12/27 19:40:44 | 000,662,040 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll
[2009/12/27 19:40:44 | 000,367,128 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll
[2009/12/27 19:40:44 | 000,240,152 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll
[2009/12/27 19:40:44 | 000,191,000 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll
[2009/12/27 19:40:44 | 000,166,424 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll
[2009/12/27 19:40:44 | 000,113,176 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll
[2009/07/01 01:20:45 | 000,000,000 | ---- | C] () -- C:\Windows\PPViewer.INI
[2009/05/03 12:00:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/29 10:23:36 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/11 18:54:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/11/21 04:32:15 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/11/21 04:04:43 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/10/16 19:16:52 | 000,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 19:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4
< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 10 May 2010 - 11:11 PM

Hi,

please run a scan with Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 WaterstonJ

WaterstonJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 May 2010 - 03:09 AM

Hi myrti,

Thanks for the follow-up! Re-installed Malwarebytes and log showed that no infected items were found...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4092

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/12/2010 12:13:54 AM
mbam-log-2010-05-12 (00-13-54).txt

Scan type: Quick scan
Objects scanned: 131146
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 12 May 2010 - 07:57 AM

Hi,
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • pdfforge Toolbar v1.0
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Then please run the following script:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O36 - AppCertDlls: MagnPING - (C:\Windows\system32\MRINnet.dll) - C:\Windows\SysWOW64\MRINnet.dll ()
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 WaterstonJ

WaterstonJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 May 2010 - 10:15 PM

Hi myrti,

Thank you for looking at all these logs! Here are the logs:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\MagnPING:C:\Windows\system32\MRINnet.dll deleted successfully.
C:\Windows\SysWOW64\MRINnet.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tiff
->Temp folder emptied: 1526481832 bytes
->Temporary Internet Files folder emptied: 21361845 bytes
->Java cache emptied: 61825676 bytes
->FireFox cache emptied: 43518011 bytes
->Flash cache emptied: 4229333 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 861184 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33988539 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 12525554963 bytes

Total Files Cleaned = 13,561.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05122010_194528

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET2C8A.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000B1DA61D14639BEB118 not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


-----------------------------------------------------------------------------------------------------

OTL logfile created on: 5/12/2010 8:02:37 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Tiff\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.59 Gb Total Space | 84.96 Gb Free Space | 29.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Tiff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Tiff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Tiff\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (XTSvcMgr) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe (Novell, Inc.)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 06:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\WpsHelper.sys ()
DRV:64bit: - (NCIOCTL) -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys ()
DRV:64bit: - (NICM) -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys (Novell, Inc.)
DRV:64bit: - (NCRecognizer) -- C:\Windows\SysNative\DRIVERS\NCRecognizer.sys ()
DRV:64bit: - (NCFilter) -- C:\Windows\SysNative\DRIVERS\NCFilter.sys ()
DRV:64bit: - (NCFSD) -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys ()
DRV:64bit: - (NCUncFilter) -- C:\Windows\SysNative\DRIVERS\NCUncFilter.sys ()
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\wpsdrvnt.sys ()
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS ()
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\DRIVERS\teefer2.sys ()
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys ()
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys ()
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimssn64.sys ()
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\DRIVERS\risdsn64.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\DRIVERS\SFEP.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\ENG64.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\SysWOW64\drivers\COH_Mon.inf ()
DRV - (DMICall) -- C:\Windows\SysWOW64\drivers\DMICall.sys (Sony Corporation)
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...R&bmod=SNYR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/06 06:16:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/06 06:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/03 14:02:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/11/17 04:10:35 | 000,000,000 | ---D | M]

[2009/11/26 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Extensions
[2009/03/10 22:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tiff\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/26 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/05/10 23:02:49 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions
[2009/07/19 20:12:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 20:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/28 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Tiff\AppData\Roaming\Mozilla\Firefox\Profiles\urxxllna.default\extensions\moveplayer@movenetworks.com
[2010/05/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/06 06:16:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/12 20:43:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/30 20:18:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/12/17 09:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/01 10:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 10:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/02/24 12:34:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/01 10:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/17 04:10:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/17 04:10:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/17 04:10:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/17 04:10:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/17 04:10:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/17 04:10:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/17 04:10:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/08 19:19:28 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/05/01 14:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/01 08:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 08:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 08:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 08:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 08:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 08:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 08:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Nero DriveSpeed] C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B4870B70-F390-11d2-9FB9-F4ED725EA20D} - C:\Windows\SysWOW64\NALEXPEX.DLL (Novell, Inc)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1996/11/07 10:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 11:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 19:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 07:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a01c8a11-fce0-11de-b7d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a01c8a11-fce0-11de-b7d0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [1999/02/02 19:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 19:45:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/12 00:05:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/12 00:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/10 17:54:38 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
[2010/05/08 11:07:26 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/08 11:02:27 | 000,000,000 | ---D | C] -- C:\TBRASetup
[2010/05/06 06:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/06 06:41:04 | 000,000,000 | ---D | C] -- C:\Users\Tiff\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/06 06:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/05/06 06:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/06 06:37:31 | 000,000,000 | ---D | C] -- C:\Users\Tiff\Desktop\gmer
[2010/05/06 06:18:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tiff\Desktop\HiJackThis.exe
[2010/05/06 05:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/05/06 05:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/06 05:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/04/24 06:25:17 | 000,000,000 | ---D | C] -- C:\Users\Tiff\Desktop\Taxes
[2010/04/14 01:32:09 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 01:31:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 01:25:45 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 01:25:42 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Tiff\Documents\*.tmp files -> C:\Users\Tiff\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 20:02:34 | 003,145,728 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT
[2010/05/12 19:59:40 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/12 19:59:40 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/12 19:59:40 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/12 19:52:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 19:52:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 19:52:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 19:52:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 19:52:14 | 4126,179,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 19:50:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/12 19:50:30 | 000,524,288 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT{742000b7-95db-11de-845e-001dbab29c4b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 19:50:30 | 000,065,536 | -HS- | M] () -- C:\Users\Tiff\NTUSER.DAT{742000b7-95db-11de-845e-001dbab29c4b}.TM.blf
[2010/05/12 19:50:27 | 002,975,798 | -H-- | M] () -- C:\Users\Tiff\AppData\Local\IconCache.db
[2010/05/12 18:56:33 | 000,060,416 | ---- | M] () -- C:\Users\Tiff\Desktop\Curriculum Vitae.doc
[2010/05/10 17:54:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Tiff\Desktop\OTL.exe
[2010/05/09 09:08:37 | 000,105,984 | ---- | M] () -- C:\Users\Tiff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 16:18:37 | 000,022,528 | ---- | M] () -- C:\Users\Tiff\Documents\HTTP Infostealer Snifula.doc
[2010/05/08 15:40:18 | 000,006,915 | ---- | M] () -- C:\Users\Tiff\Desktop\risk log.csv
[2010/05/08 14:38:59 | 000,002,651 | ---- | M] () -- C:\Users\Tiff\Desktop\Microsoft Office Word 2007.lnk
[2010/05/06 06:36:17 | 000,284,915 | ---- | M] () -- C:\Users\Tiff\Desktop\gmer.zip
[2010/05/06 06:33:09 | 000,525,824 | ---- | M] () -- C:\Users\Tiff\Desktop\dds.scr
[2010/05/06 06:18:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tiff\Desktop\HiJackThis.exe
[2010/05/06 06:16:42 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/06 05:45:35 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/05/05 21:56:18 | 000,000,012 | ---- | M] () -- C:\Users\Tiff\AppData\Roaming\jmkneq.dat
[2010/05/05 12:02:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/05 09:10:38 | 000,035,328 | ---- | M] () -- C:\Users\Tiff\Documents\Movies.doc
[2010/04/30 22:15:17 | 000,427,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 08:29:37 | 000,025,088 | ---- | M] () -- C:\Users\Tiff\Desktop\Cover Letter - UCLA - 14486.doc
[2010/04/26 19:32:29 | 000,060,324 | ---- | M] () -- C:\Users\Tiff\Desktop\14486 - Canon.pdf
[2010/04/25 14:17:21 | 000,000,162 | -H-- | M] () -- C:\Users\Tiff\Documents\~$Movies.doc
[2010/04/20 23:12:58 | 000,026,624 | ---- | M] () -- C:\Users\Tiff\Documents\Posts.doc
[2010/04/20 22:22:20 | 000,089,235 | ---- | M] () -- C:\Users\Tiff\Documents\ORDER.pdf
[2010/04/16 21:43:12 | 000,104,513 | ---- | M] () -- C:\Users\Tiff\Documents\Thank you - Glasses On Web.pdf
[2010/04/14 21:40:25 | 000,168,578 | ---- | M] () -- C:\Users\Tiff\Documents\Methods_deat.pdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Tiff\Documents\*.tmp files -> C:\Users\Tiff\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 18:29:43 | 000,060,416 | ---- | C] () -- C:\Users\Tiff\Desktop\Curriculum Vitae.doc
[2010/05/12 00:06:27 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/08 15:40:18 | 000,006,915 | ---- | C] () -- C:\Users\Tiff\Desktop\risk log.csv
[2010/05/08 15:09:32 | 000,022,528 | ---- | C] () -- C:\Users\Tiff\Documents\HTTP Infostealer Snifula.doc
[2010/05/06 06:36:16 | 000,284,915 | ---- | C] () -- C:\Users\Tiff\Desktop\gmer.zip
[2010/05/06 06:33:07 | 000,525,824 | ---- | C] () -- C:\Users\Tiff\Desktop\dds.scr
[2010/05/06 06:09:55 | 4126,179,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/06 05:45:35 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/05/05 21:56:18 | 000,000,012 | ---- | C] () -- C:\Users\Tiff\AppData\Roaming\jmkneq.dat
[2010/05/02 10:25:06 | 000,255,552 | ---- | C] () -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/04/26 19:38:48 | 000,025,088 | ---- | C] () -- C:\Users\Tiff\Desktop\Cover Letter - UCLA - 14486.doc
[2010/04/26 19:32:28 | 000,060,324 | ---- | C] () -- C:\Users\Tiff\Desktop\14486 - Canon.pdf
[2010/04/25 14:17:21 | 000,000,162 | -H-- | C] () -- C:\Users\Tiff\Documents\~$Movies.doc
[2010/04/20 23:12:57 | 000,026,624 | ---- | C] () -- C:\Users\Tiff\Documents\Posts.doc
[2010/04/20 22:22:18 | 000,089,235 | ---- | C] () -- C:\Users\Tiff\Documents\ORDER.pdf
[2010/04/16 21:43:11 | 000,104,513 | ---- | C] () -- C:\Users\Tiff\Documents\Thank you - Glasses On Web.pdf
[2010/04/14 21:40:23 | 000,168,578 | ---- | C] () -- C:\Users\Tiff\Documents\Methods_deat.pdf
[2010/04/14 01:33:01 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/14 01:33:00 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/14 01:33:00 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/14 01:32:46 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/14 01:32:46 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/14 01:32:46 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/14 01:32:38 | 004,678,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 01:32:09 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 01:31:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/14 01:25:46 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 01:25:42 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/08 08:26:14 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\NALNRD95.DLL
[2010/04/08 08:26:13 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\NALNRD32.DLL
[2010/04/08 08:26:11 | 000,288,768 | ---- | C] () -- C:\Windows\SysWow64\DBLGEN6.DLL
[2010/04/08 08:26:10 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\DBPORT6.DLL
[2010/04/08 08:26:08 | 000,409,088 | ---- | C] () -- C:\Windows\SysWow64\DBODBC6.DLL
[2010/04/08 08:26:07 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\NLSAPI32.DLL
[2010/04/08 08:26:06 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\NLS32.DLL
[2009/12/27 19:40:44 | 000,915,992 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll
[2009/12/27 19:40:44 | 000,662,040 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll
[2009/12/27 19:40:44 | 000,367,128 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll
[2009/12/27 19:40:44 | 000,240,152 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll
[2009/12/27 19:40:44 | 000,191,000 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll
[2009/12/27 19:40:44 | 000,166,424 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll
[2009/12/27 19:40:44 | 000,113,176 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll
[2009/07/01 01:20:45 | 000,000,000 | ---- | C] () -- C:\Windows\PPViewer.INI
[2009/05/03 12:00:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/29 10:23:36 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/11 18:54:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/11/21 04:32:15 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/11/21 04:04:43 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4
< End of report >



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 13 May 2010 - 12:05 PM

Hi,

this is looking good. How is your PC doing, are you still getting detections for Snifula?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 WaterstonJ

WaterstonJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 16 May 2010 - 12:16 AM

Hi myrti,

Everything seems to be running well again, haven't gotten any detections of Snifula. I really appreciate the time you have taken to figure out what is wrong, thank you so much for your help!!!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 17 May 2010 - 07:12 AM

Hi,

happy to hear that. smile.gif Just to be safe I would like you to run a scan with Eset as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 PM

Posted 23 May 2010 - 04:52 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users