Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sick with xp total security... qcla.exe. Need help!


  • This topic is locked This topic is locked
45 replies to this topic

#1 kiki68

kiki68

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 19 May 2011 - 02:35 AM

Hello, appreciate your help in advance!... And sorry if I'm giving you too much information. On 5/15/2011 at 6.20 pm my

husband clicked on a Flash Gordon image in Google image search, and it loaded XP Total Security. This is a hand-me-down

machine that we got after my father-in-law passed away last month. I've not had the time to really check out or tweak the

system with my limited knowledge.

After the XP Total Security crap started loading, I unplugged the machine & rebooted into safe mode... too late. Followed some

guides & ran rkill in safe mode & it stopped one process. Then tried to reboot (not in safe mode) and the XP Total Security

windows came up immediately (layers of windows). Could not even get to a start menu or task manager... just a bunch of

pop-ups from the malware. Unplugged & went back to safe mode (under administrator)... loaded new definitions for

Malwarebytes via flashdrive. It found several items with a quick & full scan. I deleted them per instructions & restarted. Still the

same problem.

Also, *still can not get online with that machine... transferring everything now via flash drive*.

Ran Avira in safe mode under administrator.. the definitions were just updated on 5-14 on that machine... ran a full scan & it

found nothing.

Created a new user account for Windows while in safe mode with administrator priv... when I boot up regular to that user... the

XP security stuff doesn't run up a bunch of windows, but *still can not get online.*... and some applications such as "search"

are unavailable... Also... nothing shows up on the desktop. Start menu > just shows OpenOffice.org 3.2 (that is all). I checked

for a System Restore point & it was turned off (can't imagine that my father-in-law would do that). So, I created a restore point

today... but does me no good now. Ran erunt for a backup of the registry also (but it is a bad one with all the crap on it). :(

I did a search in safe mode for .exe files created on 5/15 & found:

8 files created at about 6.20 pm in C:\Windows\Prefetch (wrote them down if needed)
1 file created at 6.20pm... YgslssmSaaRn.exe in: C:\DocumentsandSettings\AllUsers\AplicationData ... checked properties on

this one:

Description: Cluster analysis
Company: QNP
File Version: 1.3.1.1
Date Created: 5/15/2011 6:20 PM
Copyright: 37 CFR 1.53 ©
Internal Name: QCLA
Original File Name: QCLA.EXE
Peoduct Name: CLAnalysis
Product Version 1.3.1.1

Then did a search for all files created on 5/15 & found 450 files.. eek! I can see several temp files that all of the shortcuts for

the desktop & start menu and have been transfered to!... and who knows what else, stuff I don't understand... know for sure

automatic updates have been turned off.

***I renamed the YgslssmSaaRn.exe file to YgslssmSaaRn.exx and rebooted to see if it would stop it from running & it did not.

Still at square one. :(

No idea what to do now & scared to do anything more without assistance.

Steps since then, per instructions on the forum:

1. Disabled CD Emulation... ran DeFogger. (none found)
2. Including both DDS. reports (sorry, could not zip the last one... just had to copy & paste)
3. Including GMER Log (checked appropriate boxes as per instructions & it took hours to run)

Logs included below & patiently awaiting your kind reply before doing anything else. Thank you!

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:07 on 18/05/2011 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Administrator at 23:14:11.20 on Wed 05/18/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.321 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program

files\java\jre6\bin\npjpi160_20.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ojxkbcfu.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2004-8-14 71961]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-21 11608]
S1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.SYS [2005-2-13 53952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-21 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-21 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-21 61960]
S2 DataWorxPLC;DataWorx PLC;c:\program files\automationdirect\dataworx plc\DataWorxPLCServer.exe [2005-6-22

397312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-10-31 72672]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2004-8-14 16194]
S3 Digital Music Software: Audio Transcoder update permissions manager. 1543.;Digital Music Software: Audio Transcoder

update permissions manager. 1543.;c:\program files\audiotranscoder\updtr.exe -permissionmanagerrun --> c:\program

files\audiotranscoder\updtr.exe -PermissionManagerRun [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-9-11 13312]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys -->

c:\windows\system32\drivers\rcblan.sys [?]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-9-1 52824]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony

shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio

entertainment\vcsw\VCSW.exe -RunBySCM [?]
S4 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2004-12-26 583670]
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony

shared\vaio entertainment\vzcdb\VzFw.exe [2004-10-18 118877]
.
=============== Created Last 30 ================
.
2011-05-19 01:00:21 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira
2011-05-17 22:46:41 -------- d-----w- c:\program files\New Folder
2011-05-17 00:13:19 -------- d--h--w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2011-05-16 05:38:02 -------- d--h--w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-05-15 22:22:01 0 ---ha-w- c:\windows\Kqalo.bin
2011-05-15 22:20:25 434176 ---ha-w- c:\docume~1\alluse~1\applic~1\YgslssmSaaRn.exx
2011-05-10 03:05:56 781272 ---ha-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-10 03:05:55 89048 ---ha-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-10 03:05:55 465880 ---ha-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-10 03:05:55 1874904 ---ha-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-10 03:05:55 15832 ---ha-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-10 03:05:54 1892184 ---ha-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-10 03:05:54 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-10 03:05:53 1974616 ---ha-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
2004-10-01 19:00:16 40960 ---ha-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 23:14:27.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2004 9:37:39 AM
System Uptime: 5/18/2011 9:53:09 PM (2 hours ago)
Processor: Intel® Pentium® M processor 1.70GHz | N/A | 1696/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 13.477 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/18/2011 4:20:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
WILLPower
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.2 (remove only)
7-Zip 4.65
ACCEL-VIEW
Acrobat.com
Add-ons
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Advanced Network Diagramming
Advanced Network Diagramming Help
Advanced Network Diagramming Samples
Alibre Design
Alibre Design Help
All Media Fixer 9.11
Annotations
Annotations Help
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audio Transcoder
AutoCAD 2007 - English
Autodesk DWF Viewer
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Block Diagrams
Block Diagrams Help
Block Diagrams Samples
Borders and Backgrounds
Borders and Backgrounds Help
Building Architecture
Building Architecture Help
Building Services
Building Services Help
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Display
CAD Drawing Display Samples
Callouts and Connectors
Callouts and Connectors Help
CCleaner
Clip Art and Symbols
Clip Art and Symbols Help
Critical Update for Windows Media Player 11 (KB959772)
Custom Patterns
Custom Properties Editor
DAQFactory
Database Design
Database Design Help
Database Design Samples
Database Wizard
Database Wizard Samples
DataWorx PLC
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Ogg Vorbis Codec
dBpoweramp Windows Media Audio 10 Codec
DesignPro 5.4 Limited Edition
Developing Visio Solutions
Developing Visio Solutions Help
Digital Court Player 6.2 (build 339)
Directory Services
Directory Services Help
Directory Services Samples
DirectSOFT 5 - Programming
DivX
DivX Player
DivX Web Player
DocProc
DocProcQFolder
DVD Solution
DVgate Plus
DWG TrueView
Electrical Engineering
Electrical Engineering Help
Equipment Selector
Equipment Selector Furniture Database
Equipment Selector Help
Express Burn
Express Scribe
ExpressPCB
EZPLC Editor 1.6.11
EZTouch Programming Software
Facilities Management
Facilities Management Help
Flowcharts
Flowcharts Help
Flowcharts Samples
Fluid Power
Fluid Power Help
Forms and Charts
Forms and Charts Help
Forms and Charts Samples
Foundation technical
Google Earth
Google SketchUp 6
Google SketchUp 7
Google Update Helper
Graphics Filters
Help for Visio 2000 (HTML Help)
Help_Technical
Home and Business Attorney
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HPPhotoSmartExpress
InCD
InstaCal
Intel® PRO Network Adapters and Drivers
Intel® PROSet/Wireless Software
Internet Diagrams
Internet Diagrams Help
Internet Diagrams Samples
InterVideo WinDVD 5 for VAIO
iPod for Windows 2006-01-10
iTunes
Java Auto Updater
Java™ 6 Update 20
LAN-Express AS IEEE 802.11 Wireless LAN
LightScribe 1.4.74.1
Logitech Harmony Remote Software 7
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Maps
Maps Help
Maps Samples
mCore
mDriver
Mechanical Engineering
Mechanical Engineering Help
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Integration
Microsoft Repository
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Visual Studio Service Pack 3
Microsoft Web Publishing Wizard 1.53
Microsoft WinUsb 1.0
Microsoft Works
mMHouse
MoodLogic
Mozilla Firefox (3.6.6)
mPfMgr
mProSafe
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
mWlsSafe
mXML
Nero OEM
Network Diagrams
Network Diagrams Help
Network Diagrams Samples
OCR Software by I.R.I.S. 12.0
Office Layout
Office Layout Help
Office Layout Samples
Online Documentation
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Secure Module 4.0.00
OpenOffice.org 3.2
Opera 11.10
Organization Charts
Organization Charts Help
Organization Charts Samples
Page Layout Wizard
PDF-XChange PDF Viewer
PowerDVD
Print ShapeSheet
Process Engineering
Process Engineering Help
Program Files
Program Files Help
Program Files Professional
Program Files Professional Help
Program Files Technical
Project Schedules
Project Schedules Help
Project Schedules Samples
Property Reporting Wizard
Quicken 2005
QuickTime
RealPlayer
Release Notes Professional
Release Notes Technical
Sample Drawings
Save as HTML
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shape Explorer
Shape Explorer Help
SIMATIC STEP 7-Micro/WIN 32 V3.2.0.105
Smart Defrag 1.20
SmartShape Wizard
SoftV92 Data Fax Modem
Software Design
Software Design Help
Software Design Samples
Solutions
SonicStage 2.1.00
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Sony XBRITE Screen Saver
SoundMAX
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
Stencil Report Wizard
Switch Sound File Converter
TatukGIS Viewer 1.6.0.275
Toolbox
TurboCAD Deluxe v12
TurboCAD Symbols
UML Specification
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update service
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Power Management
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Update 2
VAIO Wireless Utility
VBA
Viewpoint Media Player
Visio
Visio Core Files
Visio Technical Core Files
WavePad Sound Editor
WebFldrs XP
Welcome to VAIO life
Windows Essentials Media Codec Pack 3.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Switch Setting Utility
WModem Driver Installer
WordPerfect Office X3
.
==== Event Viewer Messages From Past Week ========
.
5/17/2011 12:47:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/17/2011 12:46:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: AFD avgio avipbb CBUL32 DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Tcpip6
5/17/2011 12:46:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD

service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2011 12:46:53 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft

IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not

functioning.
5/17/2011 12:46:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver

service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2011 12:46:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol

Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2011 12:46:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over

Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2011 8:18:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: avgio avipbb CBUL32 DMICall Fips intelppm ohci1394 ssmdrv
5/16/2011 7:06:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with

arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/15/2011 9:47:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments

"" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/15/2011 9:45:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with

arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/15/2011 9:39:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: avgio avipbb CBUL32 DMICall Fips intelppm ssmdrv
5/15/2011 6:39:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI

CD-Burning COM Service service to connect.
5/15/2011 6:39:34 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start

due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 03:14:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA200A
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the

file specified. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\080046ea5ded
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\080046ea5ded (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{1305A212-E013-429B-BFCF-4B2288C95E82}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{1305A212-E013-429B-BFCF-4B2288C95E82}\Ole1Class@ MPlayer
Reg HKLM\SOFTWARE\Classes\CLSID\{1305A212-E013-429B-BFCF-4B2288C95E82}\ProgID@ MPlayer
Reg HKLM\SOFTWARE\Classes\CLSID\{1305A212-E013-429B-BFCF-4B2288C95E82}\TreatAs@

{00022601-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@

%ProgramFiles%\Outlook Express\oeimport.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Verb@
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Verb\1@

&Open,0,2

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 19 May 2011 - 06:54 AM

:welcome: to BC!


Something I should point out, regarding CCleaner ,Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of my colleagues, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.


I need you to use another set of tools.

Step 1.
Flashdrive disinfector:


Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Use the disinfected flashdrive to transfer the files between the computers.

Step 1.
RogueKiller:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
Things I would like to see in your reply:

  • The content of RKreport.txt from step 1.
  • The content of OTL.txt and Extras.txt from step 2.

Edited by heir, 19 May 2011 - 07:05 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 19 May 2011 - 02:21 PM

Hi heir, thank you so much for your help! I appreciate the info about CCleaner and will remove that program. Installed and ran the flashdrive disinfector. Here is the content of RKreport.txt, OTL.txt, and Extras.txt:

RogueKiller V5.1.4 [05/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Scan -- Date : 05/19/2011 13:20:41

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt



OTL logfile created on: 5/19/2011 1:38:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.87 Gb Total Space | 13.48 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.79 Gb Free Space | 95.91% Space Free | Partition Type: FAT

Computer Name: SONY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 13:30:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 13:30:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 22:00:53 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 10:50:08 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/11/15 03:57:02 | 000,218,624 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\AudioTranscoder\updtr.exe -- (Digital Music Software: Audio Transcoder update permissions manager. 1543.)
SRV - [2006/09/26 22:21:05 | 000,077,944 | -H-- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/01/09 13:56:04 | 000,049,152 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2005/07/08 16:24:46 | 000,871,424 | -H-- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/06/22 09:16:30 | 000,397,312 | -H-- | M] (Inteworx.net) [Auto | Stopped] -- C:\Program Files\AutomationDirect\DataWorx PLC\DataWorxPLCServer.exe -- (DataWorxPLC)
SRV - [2004/07/09 20:28:14 | 001,826,816 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/09 00:27:20 | 000,118,784 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/09 00:26:54 | 000,118,877 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/09 00:19:04 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/09 00:17:54 | 000,278,528 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/22 14:58:14 | 000,733,184 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 14:58:14 | 000,733,184 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 06:42:34 | 000,057,344 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 06:42:34 | 000,057,344 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 06:41:06 | 000,188,416 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 15:48:10 | 001,286,144 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2002/09/20 18:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 10:50:15 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 14:26:14 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/02 17:49:06 | 000,013,312 | -H-- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/09/01 09:55:20 | 000,052,824 | -H-- | M] (NCH Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/11 11:49:19 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 12:17:40 | 000,072,520 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/27 02:05:52 | 000,053,184 | RH-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/12/14 09:37:40 | 000,072,672 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/02 07:00:08 | 000,039,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/16 04:00:08 | 000,028,672 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/07/23 00:02:44 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 22:14:02 | 003,289,088 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/07/08 16:17:54 | 000,099,584 | -H-- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 16:17:36 | 000,029,696 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/12/01 06:55:00 | 000,053,952 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CBUL32.SYS -- (CBUL32)
DRV - [2004/10/21 13:17:48 | 000,583,670 | -H-- | M] (Digital Camera) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2004/08/04 08:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/07 18:12:02 | 000,391,616 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2004/05/21 16:46:50 | 000,065,024 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/26 01:54:24 | 000,680,960 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 20:08:22 | 000,197,120 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 20:05:48 | 000,679,808 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 20:04:16 | 001,043,072 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/29 13:31:38 | 000,094,601 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/08/20 15:59:32 | 000,071,961 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2002/07/24 22:19:48 | 000,010,986 | -H-- | M] (USB BULK) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2002/05/03 12:40:00 | 000,123,904 | -H-- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oppilx.sys -- (S7oppilx)
DRV - [2002/04/11 20:43:44 | 000,016,194 | -H-- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/12/05 14:08:12 | 000,478,720 | -H-- | M] (SIEMENS AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\S7otranx.sys -- (s7otranx)
DRV - [2001/12/05 14:03:10 | 000,073,216 | -H-- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\S7oppitx.sys -- (s7oppitx)
DRV - [2000/12/05 19:18:02 | 000,003,952 | RH-- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{BB8B63F4-8C4E-4176-A949-D211DBC19E81}: C:\Documents and Settings\daryl\Local Settings\Application Data\{BB8B63F4-8C4E-4176-A949-D211DBC19E81} [2011/05/15 18:22:00 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:06:02 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:06:02 | 000,000,000 | -H-D | M]

[2011/05/16 20:13:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/09 23:01:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 21:26:30 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/15 18:22:00 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\DARYL\LOCAL SETTINGS\APPLICATION DATA\{BB8B63F4-8C4E-4176-A949-D211DBC19E81}
[2010/05/03 21:25:56 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 22:13:54 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/09 23:05:54 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/05/03 21:25:53 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 23:05:57 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/05/02 18:42:37 | 000,307,114 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10573 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/14 16:24:37 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/26 11:46:20 | 000,000,000 | -H-D | M] - C:\Automotion -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {362DC266-7858-86E6-DE76-795786FB6476} - Themes Setup
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C8C956B-5476-181E-6804-295A5ED92F25} - Microsoft Windows Media Player
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FCD0BFCF-39E2-91EF-1CB3-9301BE1BF559} - Outlook Express
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.speex32 - C:\WINDOWS\System32\speex32.acm (Independent Codec Group / www.openacm.org)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.DX50 - C:\WINDOWS\System32\DivXVfWCodec.dll ()
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.SEDG - C:\WINDOWS\System32\SamsungVfWCodec.dll ()
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 13:32:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/05/19 13:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/05/18 21:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/05/18 20:27:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/17 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\erunt
[2011/05/17 18:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/05/16 20:13:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/05/16 01:38:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/16 01:18:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/15 21:45:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/15 21:45:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/15 21:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MoodLogic
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/05/15 21:45:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/05/15 21:45:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/05/15 21:45:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/15 21:45:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/05/15 18:20:25 | 000,434,176 | -H-- | C] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
[2011/05/04 16:27:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Opera

========== Files - Modified Within 30 Days ==========

[2011/05/19 13:30:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/05/19 13:11:56 | 000,473,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/05/18 23:06:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/05/18 21:53:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 21:36:34 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/05/18 21:21:02 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 21:09:42 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 21:07:17 | 000,010,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/16 22:02:04 | 000,010,960 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/16 21:32:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Kqalo.bin
[2011/05/16 01:29:53 | 001,006,778 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/05/16 01:24:59 | 001,006,778 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe
[2011/05/15 23:05:31 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/15 18:32:55 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940r
[2011/05/15 18:32:55 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940
[2011/05/15 18:28:02 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\15195940
[2011/05/15 18:22:01 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Jlotanu.dat
[2011/05/15 18:20:24 | 000,434,176 | -H-- | M] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
[2011/05/14 04:29:24 | 000,070,364 | -H-- | M] () -- C:\easter-eggs.jpg
[2011/05/12 22:15:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/07 02:56:55 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/06 23:14:40 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 21:59:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/04/23 12:49:36 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/04/23 12:49:35 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job

========== Files Created - No Company Name ==========

[2011/05/19 13:20:11 | 000,473,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/05/18 23:06:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/05/16 22:01:36 | 000,010,960 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/16 01:29:53 | 001,006,778 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/05/16 01:24:58 | 001,006,778 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe
[2011/05/15 23:05:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/15 21:45:06 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/05/15 21:45:06 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/15 21:45:06 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/05/15 18:32:55 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~15195940r
[2011/05/15 18:32:55 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~15195940
[2011/05/15 18:28:02 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\15195940
[2011/05/15 18:22:01 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Jlotanu.dat
[2011/05/15 18:22:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Kqalo.bin
[2011/05/15 18:19:55 | 000,010,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/14 04:29:19 | 000,070,364 | -H-- | C] () -- C:\easter-eggs.jpg
[2011/04/23 12:49:35 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/04/23 12:49:34 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2011/03/08 17:05:39 | 000,002,979 | -H-- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/02/22 09:34:00 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/06 18:41:13 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\qwimp.ini
[2009/10/06 18:41:12 | 000,000,368 | -H-- | C] () -- C:\WINDOWS\intuprof.ini
[2009/09/09 19:27:10 | 000,000,281 | -H-- | C] () -- C:\WINDOWS\Microwin.ini
[2009/09/09 19:24:31 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\cp551inf.dll
[2009/08/02 11:13:50 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/22 17:43:48 | 000,001,004 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/22 03:17:44 | 000,003,625 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/12/22 03:09:24 | 000,003,400 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2008/12/22 02:57:59 | 000,003,065 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2008/12/22 02:49:18 | 000,002,987 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2008/12/22 02:37:37 | 001,073,528 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/12/22 00:59:26 | 000,025,312 | -H-- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | -H-- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | -H-- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/06/08 13:25:38 | 000,000,158 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/08 13:24:14 | 000,000,806 | -H-- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/10/31 18:14:52 | 000,072,672 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/10/31 18:14:52 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2006/11/28 21:51:52 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/20 04:25:44 | 000,012,416 | -H-- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/08/24 17:00:45 | 000,040,960 | -H-- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/07/22 16:38:59 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\xpress.ini
[2006/07/22 16:38:39 | 000,000,679 | -H-- | C] () -- C:\WINDOWS\thousand.ini
[2006/07/06 21:09:28 | 000,000,275 | -H-- | C] () -- C:\WINDOWS\ddespy.ini
[2006/07/06 20:29:13 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2006/06/21 19:35:43 | 000,015,840 | -H-- | C] () -- C:\WINDOWS\System32\machnm1.exe
[2006/05/31 20:21:11 | 000,003,147 | -H-- | C] () -- C:\WINDOWS\DS500.INI
[2006/05/23 17:25:52 | 000,414,208 | -H-- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/05/17 11:23:38 | 001,481,728 | -H-- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2006/04/18 18:30:56 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/18 18:30:13 | 000,536,576 | -H-- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/03/21 20:38:42 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/11 20:23:06 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/02 20:59:22 | 000,027,872 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/12 19:21:17 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/12 19:06:19 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/07 22:06:32 | 000,684,032 | -H-- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/07 22:06:32 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/02/13 10:33:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\inscal32.INI
[2005/02/13 10:32:23 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\System32\MccCoIns.dll
[2005/02/13 10:32:23 | 000,151,552 | -H-- | C] () -- C:\WINDOWS\System32\MccInst.dll
[2005/02/13 10:32:22 | 000,053,952 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.SYS
[2005/02/13 10:32:22 | 000,053,312 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CBULWDM.SYS
[2005/02/05 22:04:40 | 000,099,965 | -H-- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/01/02 12:48:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\esmain.INI
[2005/01/02 12:04:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\csmain.INI
[2004/12/30 23:10:50 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/30 23:10:22 | 000,098,512 | -H-- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/12/16 23:33:34 | 000,004,599 | -H-- | C] () -- C:\WINDOWS\DS400.INI
[2004/12/16 21:06:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2004/12/16 15:43:27 | 000,020,992 | -H-- | C] () -- C:\WINDOWS\jestertb.dll
[2004/10/18 03:16:00 | 000,020,444 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2004/10/18 03:15:08 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\System32\Sony XBRITE.ini
[2004/10/18 03:14:45 | 000,000,996 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/18 03:05:32 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/10/18 03:02:44 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/18 03:02:44 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/18 03:02:44 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/18 03:02:44 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/18 03:02:44 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/18 03:02:44 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/16 17:54:13 | 000,000,800 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/14 20:25:29 | 000,606,208 | -H-- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/08/14 20:07:53 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/14 19:31:01 | 000,001,454 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2004/08/14 19:04:17 | 000,289,128 | RH-- | C] () -- C:\WINDOWS\q329390_wxp_sp2_x86_enu.exe
[2004/08/14 19:04:04 | 000,381,288 | RH-- | C] () -- C:\WINDOWS\q329048_wxp_sp2_x86_enu.exe
[2004/08/14 19:03:32 | 000,111,552 | -H-- | C] () -- C:\WINDOWS\setup.exe
[2004/08/14 18:51:33 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/08/14 18:47:11 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2004/08/14 16:26:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/14 16:22:24 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/14 16:09:55 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/14 16:09:51 | 000,397,312 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/08/14 16:09:51 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/08/14 16:09:38 | 000,000,724 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/14 16:09:24 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/14 16:09:23 | 000,472,932 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/14 16:09:23 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/14 16:09:23 | 000,084,576 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/14 16:09:23 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/14 16:09:21 | 000,004,530 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/14 16:09:20 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/14 16:09:19 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/14 16:09:17 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/14 16:09:17 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/14 16:09:16 | 000,013,576 | -H-- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2004/08/14 16:09:13 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/14 16:09:09 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/14 09:16:27 | 000,004,346 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/14 09:15:30 | 000,540,032 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/29 14:18:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\HEIIWX_PAS.dll
[2003/07/23 11:53:30 | 000,373,967 | -H-- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/03/10 09:18:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\HEI_PAS.DLL
[2002/08/06 14:55:37 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/04/03 14:49:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\ss35pp.dll
[2002/04/02 20:08:34 | 000,311,108 | -H-- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 20:08:32 | 000,036,868 | -H-- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2001/10/24 19:00:40 | 000,524,288 | -H-- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/06 17:56:04 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998/07/15 14:53:56 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\HEI16_2.DLL
[1998/06/10 23:08:40 | 000,015,120 | -H-- | C] () -- C:\WINDOWS\System32\Reputil.dll
[1998/05/18 01:00:00 | 000,014,017 | -H-- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 01:00:00 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\FRONTPG.INI
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2006/09/24 17:20:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alibre Design
[2006/09/26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/05 19:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/22 17:37:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/09/01 15:56:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalCourtPlayer
[2010/02/10 00:17:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2007/05/31 21:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2008/12/21 20:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/08/19 19:52:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2004/12/23 21:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/12/16 10:37:27 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2004/12/16 10:37:29 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2010/02/09 17:08:28 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\Tasks\scribeSevenDaysInit.job
[2011/03/18 19:47:28 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job
[2011/05/04 21:59:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/09/01 10:01:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2011/04/23 12:49:35 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/04/23 12:49:36 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
[2011/05/18 21:36:34 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/02/03 10:32:28 | 003,550,592 | -H-- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/10/11 10:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/09/24 17:20:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alibre Design
[2006/02/05 11:45:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/09/26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/05 19:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/21 12:39:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/22 17:37:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/07/23 10:32:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/09/10 08:23:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/09/01 15:56:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalCourtPlayer
[2010/02/10 00:17:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/07/13 20:50:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/25 13:41:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/04/13 21:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2007/05/31 21:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2006/05/31 20:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/11/20 10:34:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2004/08/14 19:30:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/10 21:33:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/17 15:36:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/08/19 18:54:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/09 16:52:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/12/21 20:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/16 17:56:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/08/19 19:52:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/07/13 19:31:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/09/30 18:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/03 21:27:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/09/30 18:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2005/11/07 21:31:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/10/18 03:07:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
[2004/12/23 21:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/25 14:10:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2006/05/30 21:24:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2006/03/04 12:22:14 | 019,120,993 | -H-- | M] (Alibre, Inc.) -- C:\Documents and Settings\All Users\Application Data\Alibre Design\Tutorials\QuickStartVideo.exe
[2011/01/26 20:17:45 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2011/05/16 01:18:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/18 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2004/08/14 16:24:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2004/08/14 19:30:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2009/12/21 08:51:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/16 01:38:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2004/10/18 03:07:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/16 20:13:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2004/08/14 19:11:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2004/08/14 19:08:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2004/08/14 19:39:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Symantec

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/14 09:14:45 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/14 09:14:45 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/14 09:14:45 | 000,888,832 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/03/17 10:50:15 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

< End of report >


OTL Extras logfile created on: 5/19/2011 1:38:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.87 Gb Total Space | 13.48 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.79 Gb Free Space | 95.91% Space Free | Partition Type: FAT

Computer Name: SONY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" WILLPower" = WILLPower
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples
"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless Utility
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AC30EF0-7CC5-45BC-9C1E-2468EBC7BBB0}" = Update Service
"{1ACA72C1-8BF5-11D3-8831-00500457F9ED}" = Advanced Network Diagramming Samples
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1B1997F3-46CA-11D3-8660-00C04F8DBAD9}" = Microsoft Office Integration
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2902BA57-1BB3-4EC6-91FB-8480F47FDA81}" = TurboCAD Deluxe v12
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3146FF62-439A-11D3-B0BC-00C04FC2B1B9}" = Help_Technical
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{34FD6745-5C18-11D5-ADDD-00C04F1DC4B4}" = SIMATIC STEP 7-Micro/WIN 32 V3.2.0.105
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{40B62162-ADF5-485F-B81F-6344CB0E321B}" = TurboCAD Symbols
"{41275169-3008-11D3-A309-00C04FC2B1B9}" = Equipment Selector Help
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47F21113-0D9A-11D5-8132-00C04FA0998D}" = Alibre Design
"{480ED9C7-F322-4607-AAAC-D929083956F3}" = Digital Court Player 6.2 (build 339)
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA4CDD1-F48F-4FE2-B9FE-07925BEB3DEC}" = DataWorx PLC
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples
"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples
"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples
"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples
"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples
"{5430FF1E-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Samples
"{5430FF1F-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Samples
"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{58F93AE6-2E4A-11D3-A309-00C04FC2B1B9}" = Annotations
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA173-1854-11D3-8F5D-00C04F8DD7E3}" = Stencil Report Wizard
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA175-1854-11D3-8F5D-00C04F8DD7E3}" = Print ShapeSheet
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA178-1854-11D3-8F5D-00C04F8DD7E3}" = SmartShape Wizard
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{82608142-51C2-11D3-B0C4-00C04FC2B1B9}" = CAD Drawing Converter Help
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{8548BB1A-6F46-4A8B-A63F-3618200258DB}" = DirectSOFT 5 - Programming
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E6A7693-60C1-11d3-B386-0060089BB0A2}" = Visio Technical Core Files
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes Technical
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{936FADC9-C609-471A-B6F2-A33E2E660D1A}" = Sony Notebook Setup
"{93864EDB-C183-4570-A0D3-ED6F4E01398F}" = Update service
"{97011082-5CC2-11D3-B0C6-00C04FC2B1B9}" = Equipment Selector Furniture Database
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A56D588-2F4A-11D3-A309-00C04FC2B1B9}" = Fluid Power Help
"{9A56D589-2F4A-11D3-A309-00C04FC2B1B9}" = Mechanical Engineering Help
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0ED0B30-54E3-11d3-9F6A-006008A88EC8}" = Microsoft Repository
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD504087-2F2F-11D3-A309-00C04FC2B1B9}" = Facilities Management Help
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B2F6853E-33F9-11D3-A309-00C04FC2B1B9}" = Annotations Help
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BD5D417E-2E47-11D3-A309-00C04FC2B1B9}" = Custom Patterns
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification
"{C1CE2ED0-238B-11D3-8F70-00C04F8DD7E3}" = Developing Visio Solutions
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples
"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples
"{C5E69314-4354-11D3-B0BC-00C04FC2B1B9}" = Program Files Technical
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Microsoft Visio 2000
"{DDF6C384-107F-11D4-AAD1-00C04F37F68C}" = Alibre Design Help
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{EAB076E0-275E-11D3-A308-00C04FC2B1B9}" = Building Architecture
"{EAB076E1-275E-11D3-A308-00C04FC2B1B9}" = Building Services
"{EAB076E2-275E-11D3-A308-00C04FC2B1B9}" = Process Engineering
"{EAB076E3-275E-11D3-A308-00C04FC2B1B9}" = Facilities Management
"{EAB076E4-275E-11D3-A308-00C04FC2B1B9}" = Fluid Power
"{EAB076E5-275E-11D3-A308-00C04FC2B1B9}" = Electrical Engineering
"{EAB076E6-275E-11D3-A308-00C04FC2B1B9}" = Mechanical Engineering
"{EAB076E8-275E-11D3-A308-00C04FC2B1B9}" = CAD Drawing Converter
"{EAB076E9-275E-11D3-A308-00C04FC2B1B9}" = Foundation technical
"{EAB0F3F3-65EE-4206-BE86-905213D19E3F}" = DAQFactory
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1591AE0-27F2-11D3-A308-00C04FC2B1B9}" = Equipment Selector
"{F20D354B-2FFB-11D3-A309-00C04FC2B1B9}" = Process Engineering Help
"{F20D354D-2FFB-11D3-A309-00C04FC2B1B9}" = Electrical Engineering Help
"{F20D354E-2FFB-11D3-A309-00C04FC2B1B9}" = Building Architecture Help
"{F20D354F-2FFB-11D3-A309-00C04FC2B1B9}" = Building Services Help
"{F4455371-251E-11D3-8F71-00C04F8DD7E3}" = Online Documentation
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only)
"7-Zip" = 7-Zip 4.65
"ACCEL-VIEW" = ACCEL-VIEW
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"All Media Fixer_is1" = All Media Fixer 9.11
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D" = SoftV92 Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ExpressBurn" = Express Burn
"EZPLC Editor" = EZPLC Editor 1.6.11
"EZTouch" = EZTouch Programming Software
"Home and Business Attorney" = Home and Business Attorney
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HTC_WModemDriver" = WModem Driver Installer
"ICalDeinstKey" = InstaCal
"InCD!UninstallKey" = InCD
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero OEM
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"Opera 11.10.2092" = Opera 11.10
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Scribe" = Express Scribe
"ShockwaveFlash" = Macromedia Flash Player 8
"Smart Defrag_is1" = Smart Defrag 1.20
"Sony XBRITE Screen Saver" = Sony XBRITE Screen Saver
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"ttkVWR_is1" = TatukGIS Viewer 1.6.0.275
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2011 12:05:40 AM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application qw.exe, version 18.1.6.25, faulting module kernel32.dll,
version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/17/2011 11:25:18 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 4/29/2011 6:14:21 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/5/2011 10:30:41 AM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/15/2011 6:20:05 PM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application mmc215.exe, version 0.0.0.0, faulting module
mmc215.exe, version 0.0.0.0, fault address 0x00001c0e.

Error - 5/16/2011 1:26:57 AM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 5/17/2011 11:45:21 PM | Computer Name = SONY | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 5/18/2011 9:23:45 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/18/2011 9:24:14 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/18/2011 9:25:18 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 5/19/2011 3:13:43 AM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 3:15:04 AM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:14:12 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:14:24 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:18:06 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:19:27 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:20:42 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:20:44 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:22:36 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:32:00 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 19 May 2011 - 02:50 PM

Why did you run those tools in safemode?

Please run tools in normal mode unless told otherwise.

Please redo the steps in normal mode.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 19 May 2011 - 03:48 PM

Sorry, here are the new scans:




RogueKiller V5.1.4 [05/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: fingcomputer [Admin rights]
Mode: Scan -- Date : 05/19/2011 16:16:08

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




OTL logfile created on: 5/19/2011 4:23:03 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.87 Gb Total Space | 12.97 Gb Free Space | 25.50% Space Free | Partition Type: NTFS

Computer Name: SONY | User Name: fingcomputer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 13:30:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2011/04/27 22:00:53 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/17 10:50:08 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/06 09:52:51 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/09 13:56:04 | 000,049,152 | -H-- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2005/07/08 16:24:46 | 000,871,424 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/06/22 09:16:30 | 000,397,312 | -H-- | M] (Inteworx.net) -- C:\Program Files\AutomationDirect\DataWorx PLC\DataWorxPLCServer.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 13:30:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 22:00:53 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 10:50:08 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/11/15 03:57:02 | 000,218,624 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\AudioTranscoder\updtr.exe -- (Digital Music Software: Audio Transcoder update permissions manager. 1543.)
SRV - [2006/09/26 22:21:05 | 000,077,944 | -H-- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/01/09 13:56:04 | 000,049,152 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2005/07/08 16:24:46 | 000,871,424 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/06/22 09:16:30 | 000,397,312 | -H-- | M] (Inteworx.net) [Auto | Running] -- C:\Program Files\AutomationDirect\DataWorx PLC\DataWorxPLCServer.exe -- (DataWorxPLC)
SRV - [2004/07/09 20:28:14 | 001,826,816 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/09 00:27:20 | 000,118,784 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/09 00:26:54 | 000,118,877 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/09 00:19:04 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/09 00:17:54 | 000,278,528 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/22 14:58:14 | 000,733,184 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 14:58:14 | 000,733,184 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 06:42:34 | 000,057,344 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 06:42:34 | 000,057,344 | -H-- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 06:41:06 | 000,188,416 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 15:48:10 | 001,286,144 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2002/09/20 18:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 10:50:15 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 14:26:14 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/02 17:49:06 | 000,013,312 | -H-- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/09/01 09:55:20 | 000,052,824 | -H-- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/11 11:49:19 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 12:17:40 | 000,072,520 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/27 02:05:52 | 000,053,184 | RH-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/12/14 09:37:40 | 000,072,672 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/02 07:00:08 | 000,039,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/16 04:00:08 | 000,028,672 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/07/23 00:02:44 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 22:14:02 | 003,289,088 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/07/08 16:17:54 | 000,099,584 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 16:17:36 | 000,029,696 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/12/01 06:55:00 | 000,053,952 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBUL32.SYS -- (CBUL32)
DRV - [2004/10/21 13:17:48 | 000,583,670 | -H-- | M] (Digital Camera) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2004/08/04 08:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/07 18:12:02 | 000,391,616 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2004/05/21 16:46:50 | 000,065,024 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/26 01:54:24 | 000,680,960 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 20:08:22 | 000,197,120 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 20:05:48 | 000,679,808 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 20:04:16 | 001,043,072 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/29 13:31:38 | 000,094,601 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/08/20 15:59:32 | 000,071,961 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2002/07/24 22:19:48 | 000,010,986 | -H-- | M] (USB BULK) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2002/05/03 12:40:00 | 000,123,904 | -H-- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s7oppilx.sys -- (S7oppilx)
DRV - [2002/04/11 20:43:44 | 000,016,194 | -H-- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/12/05 14:08:12 | 000,478,720 | -H-- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\S7otranx.sys -- (s7otranx)
DRV - [2001/12/05 14:03:10 | 000,073,216 | -H-- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\S7oppitx.sys -- (s7oppitx)
DRV - [2000/12/05 19:18:02 | 000,003,952 | RH-- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{BB8B63F4-8C4E-4176-A949-D211DBC19E81}: C:\Documents and Settings\daryl\Local Settings\Application Data\{BB8B63F4-8C4E-4176-A949-D211DBC19E81} [2011/05/15 18:22:00 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:06:02 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:06:02 | 000,000,000 | -H-D | M]

[2011/05/17 23:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fingcomputer\Application Data\Mozilla\Extensions
[2011/05/09 23:01:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 21:26:30 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/15 18:22:00 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\DARYL\LOCAL SETTINGS\APPLICATION DATA\{BB8B63F4-8C4E-4176-A949-D211DBC19E81}
[2010/05/03 21:25:56 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 22:13:54 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/09 23:05:54 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/05/03 21:25:53 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 23:05:57 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/05/02 18:42:37 | 000,307,114 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10573 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/14 16:24:37 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/26 11:46:20 | 000,000,000 | -H-D | M] - C:\Automotion -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {362DC266-7858-86E6-DE76-795786FB6476} - Themes Setup
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C8C956B-5476-181E-6804-295A5ED92F25} - Microsoft Windows Media Player
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FCD0BFCF-39E2-91EF-1CB3-9301BE1BF559} - Outlook Express
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.speex32 - C:\WINDOWS\System32\speex32.acm (Independent Codec Group / www.openacm.org)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.DX50 - C:\WINDOWS\System32\DivXVfWCodec.dll ()
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.SEDG - C:\WINDOWS\System32\SamsungVfWCodec.dll ()
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 23:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fingcomputer\My Documents\Downloads
[2011/05/17 23:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fingcomputer\Local Settings\Application Data\Mozilla
[2011/05/17 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Avira
[2011/05/17 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\erunt
[2011/05/17 18:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/05/17 00:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Malwarebytes
[2011/05/17 00:52:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fingcomputer\Application Data\Microsoft
[2011/05/17 00:52:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fingcomputer\Cookies
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Startup
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Start Menu
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\SendTo
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Recent
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\My Documents\My Pictures
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\My Documents\My Music
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\My Documents
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Favorites
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Application Data
[2011/05/17 00:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Accessories
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Templates
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Symantec
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Sun
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Sony Corporation
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\PrintHood
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\NetHood
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Mozilla
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\MoodLogic
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Local Settings\Application Data\Microsoft
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Macromedia
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Local Settings
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Intuit
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Application Data\Identities
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Local Settings\Application Data\Google
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Desktop
[2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2011/05/15 18:20:25 | 000,434,176 | -H-- | C] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
[2011/05/13 13:21:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\fingcomputer\Desktop\TDSSKiller.exe
[2011/05/04 16:27:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Opera

========== Files - Modified Within 30 Days ==========

[2011/05/19 16:21:11 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 16:06:47 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 16:05:46 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/05/19 16:05:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 16:05:37 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 21:07:17 | 000,010,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/17 23:43:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\fingcomputer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 18:11:16 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\fingcomputer\Desktop\dds.scr
[2011/05/16 21:32:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Kqalo.bin
[2011/05/15 23:05:31 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/15 18:32:55 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940r
[2011/05/15 18:32:55 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940
[2011/05/15 18:28:02 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\15195940
[2011/05/15 18:22:01 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Jlotanu.dat
[2011/05/15 18:20:24 | 000,434,176 | -H-- | M] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
[2011/05/14 04:29:24 | 000,070,364 | -H-- | M] () -- C:\easter-eggs.jpg
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\fingcomputer\Desktop\TDSSKiller.exe
[2011/05/12 22:15:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/07 02:56:55 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/06 23:14:40 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 21:59:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/04/23 12:49:36 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/04/23 12:49:35 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job

========== Files Created - No Company Name ==========

[2011/05/19 16:05:37 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 23:43:24 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Windows Media Player.lnk
[2011/05/17 19:01:45 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\fingcomputer\Desktop\dds.scr
[2011/05/17 00:52:03 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\fingcomputer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 00:52:03 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\fingcomputer\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/17 00:52:00 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Remote Assistance.lnk
[2011/05/17 00:52:00 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Internet Explorer.lnk
[2011/05/17 00:52:00 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\fingcomputer\Start Menu\Programs\Outlook Express.lnk
[2011/05/15 23:05:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/15 18:32:55 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~15195940r
[2011/05/15 18:32:55 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~15195940
[2011/05/15 18:28:02 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\15195940
[2011/05/15 18:22:01 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Jlotanu.dat
[2011/05/15 18:22:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Kqalo.bin
[2011/05/15 18:19:55 | 000,010,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4ea4c00o6uullgqw77l77bk7h0323
[2011/05/14 04:29:19 | 000,070,364 | -H-- | C] () -- C:\easter-eggs.jpg
[2011/04/23 12:49:35 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/04/23 12:49:34 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2011/03/08 17:05:39 | 000,002,979 | -H-- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/02/22 09:34:00 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/06 18:41:13 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\qwimp.ini
[2009/10/06 18:41:12 | 000,000,368 | -H-- | C] () -- C:\WINDOWS\intuprof.ini
[2009/09/09 19:27:10 | 000,000,281 | -H-- | C] () -- C:\WINDOWS\Microwin.ini
[2009/09/09 19:24:31 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\cp551inf.dll
[2009/08/02 11:13:50 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/22 17:43:48 | 000,001,004 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/22 03:17:44 | 000,003,625 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/12/22 03:09:24 | 000,003,400 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2008/12/22 02:57:59 | 000,003,065 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2008/12/22 02:49:18 | 000,002,987 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2008/12/22 02:37:37 | 001,073,528 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/12/22 00:59:26 | 000,025,312 | -H-- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | -H-- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | -H-- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/06/08 13:25:38 | 000,000,158 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/08 13:24:14 | 000,000,806 | -H-- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/10/31 18:14:52 | 000,072,672 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/10/31 18:14:52 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2006/11/28 21:51:52 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/20 04:25:44 | 000,012,416 | -H-- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/08/24 17:00:45 | 000,040,960 | -H-- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/07/22 16:38:59 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\xpress.ini
[2006/07/22 16:38:39 | 000,000,679 | -H-- | C] () -- C:\WINDOWS\thousand.ini
[2006/07/06 21:09:28 | 000,000,275 | -H-- | C] () -- C:\WINDOWS\ddespy.ini
[2006/07/06 20:29:13 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2006/06/21 19:35:43 | 000,015,840 | -H-- | C] () -- C:\WINDOWS\System32\machnm1.exe
[2006/05/31 20:21:11 | 000,003,147 | -H-- | C] () -- C:\WINDOWS\DS500.INI
[2006/05/23 17:25:52 | 000,414,208 | -H-- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/05/17 11:23:38 | 001,481,728 | -H-- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2006/04/18 18:30:56 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/18 18:30:13 | 000,536,576 | -H-- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/03/21 20:38:42 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/11 20:23:06 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/02 20:59:22 | 000,027,872 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/12 19:21:17 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/12 19:06:19 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/07 22:06:32 | 000,684,032 | -H-- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/07 22:06:32 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/02/13 10:33:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\inscal32.INI
[2005/02/13 10:32:23 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\System32\MccCoIns.dll
[2005/02/13 10:32:23 | 000,151,552 | -H-- | C] () -- C:\WINDOWS\System32\MccInst.dll
[2005/02/13 10:32:22 | 000,053,952 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.SYS
[2005/02/13 10:32:22 | 000,053,312 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CBULWDM.SYS
[2005/02/05 22:04:40 | 000,099,965 | -H-- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/01/02 12:48:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\esmain.INI
[2005/01/02 12:04:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\csmain.INI
[2004/12/30 23:10:50 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/30 23:10:22 | 000,098,512 | -H-- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/12/16 23:33:34 | 000,004,599 | -H-- | C] () -- C:\WINDOWS\DS400.INI
[2004/12/16 21:06:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2004/12/16 15:43:27 | 000,020,992 | -H-- | C] () -- C:\WINDOWS\jestertb.dll
[2004/10/18 03:16:00 | 000,020,444 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2004/10/18 03:15:08 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\System32\Sony XBRITE.ini
[2004/10/18 03:14:45 | 000,000,996 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/18 03:05:32 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/10/18 03:02:44 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/18 03:02:44 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/18 03:02:44 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/18 03:02:44 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/18 03:02:44 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/18 03:02:44 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/16 17:54:13 | 000,000,800 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/14 20:25:29 | 000,606,208 | -H-- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/08/14 20:07:53 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/14 19:31:01 | 000,001,454 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2004/08/14 19:04:17 | 000,289,128 | RH-- | C] () -- C:\WINDOWS\q329390_wxp_sp2_x86_enu.exe
[2004/08/14 19:04:04 | 000,381,288 | RH-- | C] () -- C:\WINDOWS\q329048_wxp_sp2_x86_enu.exe
[2004/08/14 19:03:32 | 000,111,552 | -H-- | C] () -- C:\WINDOWS\setup.exe
[2004/08/14 18:51:33 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/08/14 18:47:11 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2004/08/14 16:26:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/14 16:22:24 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/14 16:09:55 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/14 16:09:51 | 000,397,312 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/08/14 16:09:51 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/08/14 16:09:38 | 000,000,724 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/14 16:09:24 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/14 16:09:23 | 000,472,932 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/14 16:09:23 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/14 16:09:23 | 000,084,576 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/14 16:09:23 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/14 16:09:21 | 000,004,530 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/14 16:09:20 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/14 16:09:19 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/14 16:09:17 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/14 16:09:17 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/14 16:09:16 | 000,013,576 | -H-- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2004/08/14 16:09:13 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/14 16:09:09 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/14 09:16:27 | 000,004,346 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/14 09:15:30 | 000,540,032 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/29 14:18:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\HEIIWX_PAS.dll
[2003/07/23 11:53:30 | 000,373,967 | -H-- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/03/10 09:18:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\HEI_PAS.DLL
[2002/08/06 14:55:37 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/04/03 14:49:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\ss35pp.dll
[2002/04/02 20:08:34 | 000,311,108 | -H-- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 20:08:32 | 000,036,868 | -H-- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2001/10/24 19:00:40 | 000,524,288 | -H-- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/06 17:56:04 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998/07/15 14:53:56 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\HEI16_2.DLL
[1998/06/10 23:08:40 | 000,015,120 | -H-- | C] () -- C:\WINDOWS\System32\Reputil.dll
[1998/05/18 01:00:00 | 000,014,017 | -H-- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 01:00:00 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\FRONTPG.INI
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2006/09/24 17:20:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alibre Design
[2006/09/26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/05 19:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/22 17:37:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/09/01 15:56:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalCourtPlayer
[2010/02/10 00:17:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2007/05/31 21:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2008/12/21 20:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/08/19 19:52:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2004/12/23 21:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/12/16 10:37:27 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2004/12/16 10:37:29 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2010/02/09 17:08:28 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\Tasks\scribeSevenDaysInit.job
[2011/03/18 19:47:28 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job
[2011/05/04 21:59:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/09/01 10:01:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2011/04/23 12:49:35 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/04/23 12:49:36 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
[2011/05/19 16:05:46 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/02/03 10:32:28 | 003,550,592 | -H-- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/10/11 10:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/09/24 17:20:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alibre Design
[2006/02/05 11:45:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/09/26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/05 19:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/21 12:39:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/22 17:37:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/07/23 10:32:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/09/10 08:23:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/09/01 15:56:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalCourtPlayer
[2010/02/10 00:17:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/07/13 20:50:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/25 13:41:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/04/13 21:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2007/05/31 21:04:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2006/05/31 20:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/11/20 10:34:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2004/08/14 19:30:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/10 21:33:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/17 15:36:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/08/19 18:54:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/09 16:52:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/12/21 20:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/16 17:56:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/08/19 19:52:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/07/13 19:31:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/09/30 18:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/03 21:27:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/09/30 18:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2005/11/07 21:31:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/10/18 03:07:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
[2004/12/23 21:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/25 14:10:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2006/05/30 21:24:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2006/03/04 12:22:14 | 019,120,993 | -H-- | M] (Alibre, Inc.) -- C:\Documents and Settings\All Users\Application Data\Alibre Design\Tutorials\QuickStartVideo.exe
[2011/01/26 20:17:45 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2011/05/17 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Avira
[2004/08/14 16:24:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Identities
[2004/08/14 19:30:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Intuit
[2009/12/21 08:51:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Macromedia
[2011/05/17 00:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Malwarebytes
[2011/05/17 20:03:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\fingcomputer\Application Data\Microsoft
[2011/05/17 23:49:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Mozilla
[2011/05/17 01:40:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Sony Corporation
[2004/08/14 19:08:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Sun
[2004/08/14 19:39:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\fingcomputer\Application Data\Symantec

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/25 09:13:49 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/14 09:14:45 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/14 09:14:45 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/14 09:14:45 | 000,888,832 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/03/17 10:50:15 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

< End of report >






OTL Extras logfile created on: 5/19/2011 4:23:03 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.87 Gb Total Space | 12.97 Gb Free Space | 25.50% Space Free | Partition Type: NTFS

Computer Name: SONY | User Name: fingcomputer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" WILLPower" = WILLPower
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples
"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless Utility
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AC30EF0-7CC5-45BC-9C1E-2468EBC7BBB0}" = Update Service
"{1ACA72C1-8BF5-11D3-8831-00500457F9ED}" = Advanced Network Diagramming Samples
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1B1997F3-46CA-11D3-8660-00C04F8DBAD9}" = Microsoft Office Integration
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2902BA57-1BB3-4EC6-91FB-8480F47FDA81}" = TurboCAD Deluxe v12
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3146FF62-439A-11D3-B0BC-00C04FC2B1B9}" = Help_Technical
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{34FD6745-5C18-11D5-ADDD-00C04F1DC4B4}" = SIMATIC STEP 7-Micro/WIN 32 V3.2.0.105
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{40B62162-ADF5-485F-B81F-6344CB0E321B}" = TurboCAD Symbols
"{41275169-3008-11D3-A309-00C04FC2B1B9}" = Equipment Selector Help
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47F21113-0D9A-11D5-8132-00C04FA0998D}" = Alibre Design
"{480ED9C7-F322-4607-AAAC-D929083956F3}" = Digital Court Player 6.2 (build 339)
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA4CDD1-F48F-4FE2-B9FE-07925BEB3DEC}" = DataWorx PLC
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples
"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples
"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples
"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples
"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples
"{5430FF1E-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Samples
"{5430FF1F-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Samples
"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{58F93AE6-2E4A-11D3-A309-00C04FC2B1B9}" = Annotations
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA173-1854-11D3-8F5D-00C04F8DD7E3}" = Stencil Report Wizard
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA175-1854-11D3-8F5D-00C04F8DD7E3}" = Print ShapeSheet
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA178-1854-11D3-8F5D-00C04F8DD7E3}" = SmartShape Wizard
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{82608142-51C2-11D3-B0C4-00C04FC2B1B9}" = CAD Drawing Converter Help
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{8548BB1A-6F46-4A8B-A63F-3618200258DB}" = DirectSOFT 5 - Programming
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E6A7693-60C1-11d3-B386-0060089BB0A2}" = Visio Technical Core Files
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes Technical
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{936FADC9-C609-471A-B6F2-A33E2E660D1A}" = Sony Notebook Setup
"{93864EDB-C183-4570-A0D3-ED6F4E01398F}" = Update service
"{97011082-5CC2-11D3-B0C6-00C04FC2B1B9}" = Equipment Selector Furniture Database
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A56D588-2F4A-11D3-A309-00C04FC2B1B9}" = Fluid Power Help
"{9A56D589-2F4A-11D3-A309-00C04FC2B1B9}" = Mechanical Engineering Help
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0ED0B30-54E3-11d3-9F6A-006008A88EC8}" = Microsoft Repository
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD504087-2F2F-11D3-A309-00C04FC2B1B9}" = Facilities Management Help
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B2F6853E-33F9-11D3-A309-00C04FC2B1B9}" = Annotations Help
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BD5D417E-2E47-11D3-A309-00C04FC2B1B9}" = Custom Patterns
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification
"{C1CE2ED0-238B-11D3-8F70-00C04F8DD7E3}" = Developing Visio Solutions
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples
"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples
"{C5E69314-4354-11D3-B0BC-00C04FC2B1B9}" = Program Files Technical
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Microsoft Visio 2000
"{DDF6C384-107F-11D4-AAD1-00C04F37F68C}" = Alibre Design Help
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{EAB076E0-275E-11D3-A308-00C04FC2B1B9}" = Building Architecture
"{EAB076E1-275E-11D3-A308-00C04FC2B1B9}" = Building Services
"{EAB076E2-275E-11D3-A308-00C04FC2B1B9}" = Process Engineering
"{EAB076E3-275E-11D3-A308-00C04FC2B1B9}" = Facilities Management
"{EAB076E4-275E-11D3-A308-00C04FC2B1B9}" = Fluid Power
"{EAB076E5-275E-11D3-A308-00C04FC2B1B9}" = Electrical Engineering
"{EAB076E6-275E-11D3-A308-00C04FC2B1B9}" = Mechanical Engineering
"{EAB076E8-275E-11D3-A308-00C04FC2B1B9}" = CAD Drawing Converter
"{EAB076E9-275E-11D3-A308-00C04FC2B1B9}" = Foundation technical
"{EAB0F3F3-65EE-4206-BE86-905213D19E3F}" = DAQFactory
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1591AE0-27F2-11D3-A308-00C04FC2B1B9}" = Equipment Selector
"{F20D354B-2FFB-11D3-A309-00C04FC2B1B9}" = Process Engineering Help
"{F20D354D-2FFB-11D3-A309-00C04FC2B1B9}" = Electrical Engineering Help
"{F20D354E-2FFB-11D3-A309-00C04FC2B1B9}" = Building Architecture Help
"{F20D354F-2FFB-11D3-A309-00C04FC2B1B9}" = Building Services Help
"{F4455371-251E-11D3-8F71-00C04F8DD7E3}" = Online Documentation
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only)
"7-Zip" = 7-Zip 4.65
"ACCEL-VIEW" = ACCEL-VIEW
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"All Media Fixer_is1" = All Media Fixer 9.11
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D" = SoftV92 Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ExpressBurn" = Express Burn
"EZPLC Editor" = EZPLC Editor 1.6.11
"EZTouch" = EZTouch Programming Software
"Home and Business Attorney" = Home and Business Attorney
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HTC_WModemDriver" = WModem Driver Installer
"ICalDeinstKey" = InstaCal
"InCD!UninstallKey" = InCD
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero OEM
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"Opera 11.10.2092" = Opera 11.10
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Scribe" = Express Scribe
"ShockwaveFlash" = Macromedia Flash Player 8
"Smart Defrag_is1" = Smart Defrag 1.20
"Sony XBRITE Screen Saver" = Sony XBRITE Screen Saver
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"ttkVWR_is1" = TatukGIS Viewer 1.6.0.275
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2011 12:05:40 AM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application qw.exe, version 18.1.6.25, faulting module kernel32.dll,
version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/17/2011 11:25:18 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 4/29/2011 6:14:21 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/5/2011 10:30:41 AM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/15/2011 6:20:05 PM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application mmc215.exe, version 0.0.0.0, faulting module
mmc215.exe, version 0.0.0.0, fault address 0x00001c0e.

Error - 5/16/2011 1:26:57 AM | Computer Name = SONY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 5/17/2011 11:45:21 PM | Computer Name = SONY | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 5/18/2011 9:23:45 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/18/2011 9:24:14 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 5/18/2011 9:25:18 PM | Computer Name = SONY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 5/19/2011 1:20:42 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:20:44 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:22:36 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 1:32:00 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 2:03:04 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 2:03:44 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 2:06:55 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 2:41:36 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 2:41:40 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/19/2011 4:04:30 PM | Computer Name = SONY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#6 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 19 May 2011 - 04:45 PM

Step 1.
Uninstall program:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

CCleaner
Viewpoint Media Player


Optional removals
CCleaner <<<--- Registry cleaner as stated before
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/17 00:52:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fingcomputer\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
    [2011/05/15 18:20:25 | 000,434,176 | -H-- | C] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
    [2011/05/18 21:07:17 | 000,010,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4ea4c00o6uullgqw77l77bk7h0323
    [2011/05/15 18:32:55 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940r
    [2011/05/15 18:32:55 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~15195940
    [2011/05/15 18:28:02 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\15195940
    [2011/05/15 18:22:01 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Jlotanu.dat
    [2011/05/15 18:20:24 | 000,434,176 | -H-- | M] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exx
    [2011/05/15 18:22:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Kqalo.bin
    [2004/12/23 21:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = DWORD:0
    "FirewallOverride" = DWORD:0
    :Commands
    :Files
    C:\Program Files\Viewpoint
    type "C:\WINDOWS\Tasks\Windows Codec Update Service.job" /c
    type C:\WINDOWS\Tasks\SmartDefrag.job /c
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 3.
MBAM:

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Step 4.
Things I would like to see in your reply:

  • Which programs were uninstalled in step 1.
  • The content of the fixlog from OTL in step 2.
  • The content of the log from MBAM in step 3.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#7 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 20 May 2011 - 12:47 AM

Hi, Step 1 is complete... CCleaner and View Point Media Player have been uninstalled.

Step 2 produced a problem. Ran OTL.exe, pasted the info provided exactly as instructed into the Custom Scans/Fixes box, then clicked fix. The program ran for only a moment & asked to reboot, clicked okay. Then, Windows got stuck while shutting down. I came back much later (about an hour) & it was still frozen on the 'Windows is shutting down' screen. Unplugged it & restarted. It booted up & when I clicked on my user, there is a blue screen, but notepad was up with OTL.scr. The top of the document reads "This program must be run under Win32"... then it goes through a long list of characters... and there are a few legible lines at the bottom. Including a few photos. I was able to select file & save as & it loaded on the flash drive.

I'll wait until I hear back to do anything. I'm guessing reboot in safe mode & system restore.? :/




Posted Image





Posted Image








Posted Image

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 20 May 2011 - 12:57 AM

If you press CTRL+ALT+DEL keys simultaneously does the task manager open?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 20 May 2011 - 01:11 AM

I did try that earlier (thought about posting it), but didn't know if you would be interested in the result. It is still blocked... here's a photo

Posted Image

#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 20 May 2011 - 01:24 AM

Then there is no other option but to reboot it again.
Let it boot into normal mode and log on again.

Let me know what happens this time.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 20 May 2011 - 01:37 AM

Okay, rebooted again, normal mode & selected the user account 'fingcomputer' that I created the other day... all looks like it has been looking since I created that account, phew. What now? And thank you again for helping me!

#12 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 20 May 2011 - 01:45 AM

Okay, rebooted again, normal mode & selected the user account 'fingcomputer' that I created the other day... all looks like it has been looking since I created that account, phew. What now? And thank you again for helping me!



I need you to log on with the same account you ran OTL-fix with.
Can you log in and get to the normal desktop?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#13 kiki68

kiki68
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 20 May 2011 - 01:53 AM

Yes, I am there now, same user I ran OTL-fix from before (fingcomputer), with a normal desktop, & all is accessible. (the other user is Daryl & that is where I can not do anything due to all the pop-ups).

#14 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 20 May 2011 - 02:21 AM

I'm working on a customscan for OTL. I'll be back shortly.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#15 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 20 May 2011 - 03:58 AM

Sorry it took a while. :wink:
Let's do this then:

Step 0.
change settings:

Show hidden files, system files and known file-extensions:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Files and folders/Hidden files and folders heading
    • SELECT Show hidden files and folders
  • Under the Files and folders heading
    • UNCHECK Hide extensions for known file types.
    • UNCHECK Hide protected operating system files (Recommended).
  • Click OK


These settings can be reversed later.

Step 1.
OTL-scan:

  • Double click on OTL.scr the desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    %userprofile%\..\*.
    %ALLUSERSPROFILE%\Local settings\Temp\smtmp\*.* /S
    C:\Documents and Settings\Administrator\Local settings\Temp\smtmp\*.* /S
    C:\Documents and Settings\fingcomputer\Local settings\Temp\smtmp\*.* /S
    %TEMP%\smtmp\*.* /S
    C:\Documents and Settings\Daryl\Local settings\Temp\smtmp\*.* /S
    C:\Documents and Settings\Default User\Local settings\Temp\smtmp\*.* /S
    %ALLUSERSPROFILE%\Start Menu\*.* /S
    %ALLUSERSPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    %ALLUSERSPROFILE%\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    %ALLUSERSPROFILE%\Desktop\*.* /S
    C:\Documents and Settings\fingcomputer\Start Menu\*.* /S
    C:\Documents and Settings\fingcomputer\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    C:\Documents and Settings\fingcomputer\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    C:\Documents and Settings\fingcomputer\Desktop\*.* /S
    %USERPROFILE%\Start Menu\*.* /S
    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    %USERPROFILE%\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    %USERPROFILE%\Desktop\*.* /S
    C:\Documents and Settings\Daryl\Start Menu\*.* /S
    C:\Documents and Settings\Daryl\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    C:\Documents and Settings\Daryl\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    C:\Documents and Settings\Daryl\Desktop\*.* /S
    C:\Documents and Settings\Administrator\Start Menu\*.* /S
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    C:\Documents and Settings\Administrator\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    C:\Documents and Settings\Administrator\Desktop\*.* /S
    C:\Documents and Settings\Default User\Start Menu\*.* /S
    C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /S
    C:\Documents and Settings\Default User\Application Data\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /S
    C:\Documents and Settings\Default User\Desktop\*.* /S
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTL.Txt that's saved in the same location as OTL ( your Desktop).
  • Please attach that file with your next reply.


Step 2.
Backup:

Could you please zip these folders one at a time and attach each zipped file in your reply.
(If the folder is empty or doesn't exist just let me know and continue with the next one)

C:\Documents and Settings\fingcomputer\Local settings\Temp\smtmp
C:\Documents and Settings\Administrator\Local settings\Temp\smtmp
C:\Documents and Settings\Daryl\Local settings\Temp\smtmp
C:\Documents and Settings\All users\Local settings\Temp\smtmp
C:\Documents and Settings\Default User\Local settings\Temp\smtmp


Step 3.
Things I would like to see in your reply:

  • The file OTL.txt from step 1 attached to your reply.
  • The zipped files from step 2 attached to your reply

Edited by heir, 20 May 2011 - 04:07 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users