Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

ParetoLogic and FileCure

(In Progress)
(!)

raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
07-Aug-2011, 06:05 PM #1
ParetoLogic and FileCure
Greetings:

I can no longer access .exe programs. If I attempt to do so, I get a dialog box that states:

FileCure - Manage File Extension
You are trying to open this file:
File name: firefox.exe

To open this file, Windows needs to know what program to use.

What do you want to do?

Use FileCure to manage this type of file
Use Windows to manage this type of file

OK or Cancel

There are radio buttons to select. I have only selected Windows, never FileCure. When I click OK, I get the following dialog box:

rundll32.exe

(there is a white X on a red background)

This file does not have a program associated with it for perfoming this action. Create an association in the Folder Options control panel. OK.

When I click OK, all dialog boxes go away. If I go to Folder Options in control panel, there are 3 tabs: General, View and File Types. If I click on File Types, I can't understand the resulting box or boxes. If I click on Add/Remove Programs, I get a dialog box almost identical as the FileCure box mentioned above. The difference is File name is now rundll32.exe. It offers the exact same options and results.

A long time ago, I downloaded ParetLogic because it was stated that it would help run files that did not have associations. As far as I know, it never caused any issues. However, it seems that FileCure is associated with ParetLogic.

I have tried accessing Malwarebytes on my computer, but FileCure prevents that with its familiar screen. About the only thing I can get is I.E.

My best recollection of how this started (about 2.5 days ago), was I ran a routine run of SuperAntiSpyware (SAS) and it found the following: System.BrokenFileAssociation. I quarantined/removed it and that's when the issue began.

Access to most programs is gone. I have not tried to access ParetoLogic as I thought it might make things worse. All control panel icons are prevented by FileCure.

Now, to your instructions: I downloaded HJT and of course, FileCure prevents access. So it is not presented here.

DDS did work and I will attempt to include them with this post.

GMER worked in a fashion, as follows:

Immediately after clicking on the desktop icon, I receive the following dialog box:

GMER

WARNING!!! (with a black exclamation point against a yellow background)
GMER has found system modification caused by ROOTKIT activity
OK

I cannot progress or do anything at that point. GMER is frozen. The only thing I can do is go back to the instruction screen. Behind the warning box, is another box indicating ROOTKIT ACTIVITY.

It has the following information highlighted in red:

Module \systemroot\system32\UACd.sys(***hidden***) (under the Value term, the following A9B74000-A9B85000(69632bytes)

Library D:\WINDOWS\system32\dll.dll(***hidden***)@D:\WINDOWS\System32\msiexec.exe(1 660) (under Value, the following0x10000000

Service D:\WINDOWS\system32\drivers\UACmdivrtnq.sys(***hidden***) (under Value, the following:[SYSTEM]UACd.sys

File D:\WINDOWS\system32\UACmdivrtnq.sys (under Value, the following: 57344bytes executable

I hope all this reads OK for you. I don't have the knowledge of how to "grab" the screen shots and send them along.

I will now attempt to include the DDS.txt and the attach.txt:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Larry at 16:22:29 on 2011-08-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.835 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [V0420Mon.exe] c:\windows\V0420Mon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remoco~1.lnk - c:\program files\sony\usbsircs\usbsircs.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139160906640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194633407906
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{96F91524-E35E-449A-81EE-8572C2C830F9} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{F08724B3-DA78-4F13-A2F7-B576B7F01137} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 192.168.1.102 HP001E0B9C97B3
Hosts: 192.168.1.109 HP001F29701C62
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserre cordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\extensions\devicedetection@l ogitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefrag Driver.sys [2011-4-12 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 123264]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-16 353168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2009-6-15 7372]
R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\sony\vaio media integrated server\GPDBWatcher.exe [2009-6-15 790528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\athfmwdl.sys --> c:\windows\system32\drivers\ATHFMWDL.sys [?]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2004-11-1 78720]
S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2005-2-7 9376]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ip_fw;ipfw kernel-mode driver;\??\c:\windows\system32\drivers\ip_fw.sys --> c:\windows\system32\drivers\ip_fw.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-3-31 14336]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2010-6-27 99648]
S3 WLI2USB2G54;BUFFALO WLI2-USB2-G54 Wireless LAN Driver;c:\windows\system32\drivers\PRISMA02.sys [2006-3-14 347424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-24 1247600]
.
=============== Created Last 30 ================
.
2011-08-04 21:07:21 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-07-15 02:48:13 -------- d-----w- c:\program files\common files\xing shared
2011-07-15 02:44:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-15 02:47:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 02:47:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-10 22:23:06 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 18:53:36 1409 ----a-w- c:\windows\QTFont.for
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2007-07-05 16:34:44 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-07-05 16:34:12 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 16:24:35.68 ===============

And now the Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2004 11:38:17 AM
System Uptime: 8/7/2011 12:05:51 PM (4 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 227 GiB total, 171.22 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1488: 4/27/2011 9:59:06 AM - System Checkpoint
RP1489: 4/28/2011 6:27:28 PM - Software Distribution Service 3.0
RP1490: 4/29/2011 11:46:16 PM - System Checkpoint
RP1491: 5/1/2011 5:26:39 PM - System Checkpoint
RP1492: 5/2/2011 5:43:32 PM - System Checkpoint
RP1493: 5/3/2011 7:31:11 PM - System Checkpoint
RP1494: 5/5/2011 7:12:15 PM - System Checkpoint
RP1495: 5/6/2011 11:53:59 PM - System Checkpoint
RP1496: 5/7/2011 12:42:06 PM - Removed Adobe Reader 9.4.4.
RP1497: 5/7/2011 12:54:47 PM - Installed Adobe Reader X (10.0.1).
RP1498: 5/8/2011 2:32:16 PM - System Checkpoint
RP1499: 5/9/2011 8:31:16 PM - System Checkpoint
RP1500: 5/11/2011 9:31:17 AM - System Checkpoint
RP1501: 5/11/2011 2:54:06 PM - Software Distribution Service 3.0
RP1502: 5/13/2011 9:16:22 AM - System Checkpoint
RP1503: 5/16/2011 9:40:01 AM - System Checkpoint
RP1504: 5/17/2011 10:18:07 AM - System Checkpoint
RP1505: 5/18/2011 11:04:20 AM - System Checkpoint
RP1506: 5/20/2011 4:33:19 PM - System Checkpoint
RP1507: 5/23/2011 9:09:41 AM - System Checkpoint
RP1508: 5/23/2011 8:21:52 PM - Installed Logitech Harmony Remote Software
RP1509: 5/25/2011 9:19:34 AM - System Checkpoint
RP1510: 5/28/2011 2:06:05 PM - System Checkpoint
RP1511: 5/30/2011 9:16:17 AM - System Checkpoint
RP1512: 5/31/2011 2:45:12 PM - System Checkpoint
RP1513: 6/2/2011 1:53:34 PM - System Checkpoint
RP1514: 6/5/2011 1:42:20 PM - System Checkpoint
RP1515: 6/6/2011 1:53:22 PM - System Checkpoint
RP1516: 6/7/2011 6:13:33 PM - System Checkpoint
RP1517: 6/10/2011 9:16:18 AM - System Checkpoint
RP1518: 6/11/2011 2:52:14 PM - Installed QuickTime
RP1519: 6/13/2011 2:02:32 PM - Removed Apple Application Support
RP1520: 6/13/2011 2:04:02 PM - Removed Apple Software Update
RP1521: 6/16/2011 10:26:38 AM - System Checkpoint
RP1522: 6/17/2011 9:20:51 PM - System Checkpoint
RP1523: 6/19/2011 10:55:47 PM - System Checkpoint
RP1524: 6/21/2011 12:48:09 PM - Software Distribution Service 3.0
RP1525: 6/21/2011 1:18:01 PM - Software Distribution Service 3.0
RP1526: 6/22/2011 6:00:09 PM - System Checkpoint
RP1527: 6/25/2011 6:38:46 PM - System Checkpoint
RP1528: 6/27/2011 9:22:49 AM - System Checkpoint
RP1529: 6/29/2011 1:34:31 PM - System Checkpoint
RP1530: 6/30/2011 11:09:04 AM - Software Distribution Service 3.0
RP1531: 7/5/2011 2:33:00 PM - System Checkpoint
RP1532: 7/10/2011 5:59:53 PM - System Checkpoint
RP1533: 7/13/2011 9:16:22 AM - System Checkpoint
RP1534: 7/14/2011 9:46:45 AM - System Checkpoint
RP1535: 7/14/2011 10:20:27 PM - Software Distribution Service 3.0
RP1536: 7/16/2011 2:29:04 PM - System Checkpoint
RP1537: 7/17/2011 7:41:51 PM - System Checkpoint
RP1538: 7/18/2011 7:43:04 PM - System Checkpoint
RP1539: 7/20/2011 9:27:53 AM - System Checkpoint
RP1540: 7/22/2011 9:30:39 PM - System Checkpoint
RP1541: 7/24/2011 12:38:43 PM - System Checkpoint
RP1542: 7/25/2011 1:34:21 PM - System Checkpoint
RP1543: 7/27/2011 9:19:49 AM - System Checkpoint
RP1544: 8/1/2011 9:15:18 AM - System Checkpoint
RP1545: 8/4/2011 5:40:38 PM - System Checkpoint
RP1546: 8/6/2011 8:04:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7500_7600_7700_Help1
Acrobat.com
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.0)
Advanced SystemCare 4
Agere Systems AC'97 Modem
ArcSoft PhotoImpression 5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2011
BounceBack Express
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BreezeBrowser Pro
Broderbund Home and Business Lawyer
Browser MOUSE
BUFFALO Client Manager
BurnAware Free 3.0.5
C4700
C6300
Cache Cleaner 4.2.0
Check Identical Files version 2.20
ClearType Tuning Control Panel Applet
Click to DVD 2.0 Menu Data
Click to DVD 2.4.12
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CPC Lite Plugin
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam User's Guide
Creative Live! Cam Vista IM Driver (1.00.03.0000)
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Destinations
DeviceDiscovery
DeviceManagementQFolder
DigitalCAM
DocProc
Drag'n Drop CD+DVD
dvdSanta 4.50
Easy DV to DVD
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R260 User's Guide
Express Burn
Family Matters
Fax
Film Factory
Flickr Uploadr 2.5.0.15
FLV Player
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Glary Utilities 2.33.0.1158
Google Earth
Google Earth Plug-in
Google Update Helper
HamsterFreeVideoConverter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP OfficeJet L7300/L7500/7600/7700
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPSSupply
Intel(R) PRO Network Adapters and Drivers
Internet Explorer (Enable DEP)
InterVideo WinDVD 5 for VAIO
Iomega ZipCD Support Files
iTunes
Java Auto Updater
Java(TM) 6 Update 20
JPEG Lossless Rotator 5.0
Kodak DIGITAL GEM Airbrush Professional Plug-In
L7600
Labtec Desktop V5.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Mavis Beacon Teaches Microsoft Word
Mavis Beacon Teaches Typing Platinum 20
McAfee Security Scan Plus
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Easy Assist
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Movie DVD Maker 3.01
Mozilla Firefox (3.6.18)
MPM
MSN Music Assistant
MSN Toolbar
MSN Toolbar Platform
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muveeNow 2.0 - Creative
My Sam's Club Digital Photo Center
Network
OCR Software by I.R.I.S. 14.0
OpenMG Limited Patch 4.0-04-11-01-01
OpenMG Secure Module 4.0.05
ParetoLogic FileCure
Picasa 2
PolderbitS Sound Recorder and Editor
ProductContext
PS_AIO_04_C6300_Software_Min
PS_AIO_06_C4700_SW_Min
QFolder
QuickTime
QuickTransfer
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Remote Control USB Driver
Replay Converter 2.8
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Shop for HP Supplies
Shutterfly Plugin
Shutterfly Studio
SightSpeed
Skype Toolbars
Skype™ 4.2
Smart Defrag 2
SmartWebPrinting
SolutionCenter
SonicStage 2.0.02
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony Picture Utility
Sony USB Driver
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
SUPERAntiSpyware
SureThing CD Labeler - Stomper Edition 32 bit
Toolbox
TrayApp
Tweak UI
Ulead Photo Explorer 8.0 SE Basic
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB971029)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 4.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Registration
VAIO Remote Commander Utility 6.2
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO Update 2
Viewpoint Media Player (Remove Only)
Wal-Mart Digital Photo Manager
WavePad Uninstall
WebFldrs XP
Welcome to VAIO life
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
.
==== Event Viewer Messages From Past Week ========
.
8/4/2011 9:38:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 BUFADPT DMICall Fips intelppm SASDIFSV SASKUTIL
8/4/2011 9:38:08 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2011 9:36:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2011 5:06:20 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
8/4/2011 3:03:12 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 3:03:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
.
==== End Of File ===========================
Sorry, I forgot to include TSG SysInfo. Will do that now as follows: Sorry, FileCure will not allow!

My Operating system is Windows XP, SP3

I sincerely hope this info works for you and that this issue can be safely removed.

Thanks, Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
07-Aug-2011, 06:21 PM #2
Proceed as follows :-

Step 1
  • Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix. Vista or Windows 7 user right click and seclect Run as Administartor
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Step 2

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the two logs in next reply please...

Kevin
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
08-Aug-2011, 09:20 PM #3
ParetoLogic and FileCure
Hello Kevin:

Thanks for your time.

Following are the exehelper log and the ComboFix log. Hope they are readable and helpful.

Larry

ComboFix 11-08-08.02 - Larry 08/08/2011 20:56:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1328 [GMT -4:00]
Running from: c:\documents and settings\Larry\Desktop\Gotcha.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files\messenger\msmsgsin.exe
C:\Thumbs.db
c:\windows\iun6002.exe
c:\windows\setup.exe
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4sa(2).dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IPFW
-------\Service_ip_fw
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-04 21:07 . 2011-08-04 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-07-15 02:48 . 2011-07-15 02:48 -------- d-----w- c:\program files\Common Files\xing shared
2011-07-15 02:44 . 2011-07-15 02:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 02:47 . 2005-04-04 22:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-15 02:47 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-10 22:23 . 2006-09-27 21:53 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-07-06 23:52 . 2010-03-22 17:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-22 17:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 18:53 . 2011-06-11 18:53 1409 ----a-w- c:\windows\QTFont.for
2011-06-02 14:02 . 2004-03-31 19:59 1858944 ----a-w- c:\windows\system32\win32k.sys
2007-07-05 16:34 . 2007-07-05 16:34 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-07-05 16:34 . 2007-07-05 16:32 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-04 4599680]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-15 273544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-6-16 229376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk]
backup=c:\windows\pss\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk]
backup=c:\windows\pss\ClientManager2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk]
backup=c:\windows\pss\Harmony Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^BounceBack Launcher.lnk]
backup=c:\windows\pss\BounceBack Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ColdWare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSFox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SageTV
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 06:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-05-23 18:43 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 18:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
2003-06-04 08:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2007-05-14 11:50 958464 ----a-w- c:\program files\Labtec\Desktop\V5.1\MOffice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 07:07 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-09-01 11:42 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 07:19 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-06-14 20:24 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-07-06 16:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2007-05-14 11:50 387584 ----a-w- c:\program files\Labtec\Desktop\V5.1\KBDAP32A.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-15 02:47 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
2005-01-14 20:19 315392 ----a-w- c:\program files\Sony\vaio media integrated server\Platform\VMConsole.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VAIOMediaPlatform-VideoServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-AppServer"=2 (0x2)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPodService"=3 (0x3)
"ipfw"=2 (0x2)
"IDriverT"=3 (0x3)
"hpdj"=2 (0x2)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"aawservice"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Sony\\Giga Pocket\\gps.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Documents and Settings\\Larry\\Desktop\\spybotsd162.exe"=
"c:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe"=
"c:\\Program Files\\Sony\\vaio media integrated server\\Setup\\VMSetup.exe"=
"c:\\Program Files\\Sony\\Giga Pocket\\gvr.exe"=
"c:\\Program Files\\Sony\\Giga Pocket\\ReserveModule.exe"=
"c:\\Program Files\\Sony\\Giga Pocket\\ReserveW.exe"=
"c:\\Program Files\\Sony\\Giga Pocket\\tvsetup.exe"=
"c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"=
"c:\\Program Files\\sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"=
"c:\\Program Files\\sony\\vaio media integrated server\\Platform\\VMConsole.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Creative\\Photo Manager\\CTSGrab.exe"=
"c:\\Program Files\\SightSpeed\\VideoMerge.exe"=
"c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Center\\LiveCam.exe"=
"c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=
"c:\\Program Files\\Creative\\Photo Manager\\CTPM.exe"=
"c:\\Program Files\\Creative\\Shared Files\\Software Update\\AutoUpdate.exe"=
"c:\\Program Files\\Creative\\Support\\System Information\\CTSi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=
"c:\\WINDOWS\\Installer\\{D103C4BA-F905-437A-8049-DB24763BBE36}\\SkypeIcon.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Documents and Settings\\Larry\\Desktop\\HP L7680 full drivers 2 28 11\\OJProL7X00_Full_14\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefrag Driver.sys [4/12/2011 1:12 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 123264]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/16/2011 9:26 AM 353168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [6/15/2009 4:30 PM 7372]
R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\Sony\vaio media integrated server\GPDBWatcher.exe [6/15/2009 3:15 AM 790528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:04 PM 136176]
S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [11/1/2004 10:18 PM 78720]
S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2/7/2005 12:28 PM 9376]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:04 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/31/2004 3:59 PM 14336]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [6/27/2010 10:28 AM 99648]
S3 WLI2USB2G54;BUFFALO WLI2-USB2-G54 Wireless LAN Driver;c:\windows\system32\drivers\PRISMA02.sys [3/14/2006 11:09 PM 347424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-18 21:24]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:08]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:08]
.
2011-07-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
.
2011-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-18 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader45.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2035197435-2053911333-572510945-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-08 21:08:53
ComboFix-quarantined-files.txt 2011-08-09 01:08
.
Pre-Run: 184,240,414,720 bytes free
Post-Run: 184,203,587,584 bytes free
.
- - End Of File - - DB741C87E9D7F396C9F898F3FF01D01D


EXEHELPER LOG

exeHelper by Raktor
Build 20100414
Run at 16:27:17 on 08/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 17:02:55 on 08/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

That's it, looking forward to your reply.

Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
09-Aug-2011, 03:20 AM #4
Hiya Larry,

Continue as follows please :-

Step 1

Uninstall anything related to I0bit that you have on your system, that includes Advanced system care and Smart Defrag.

Step 2

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Step 3

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the logs from TDSSKiller and Malwarebytes in your reply, Also give an update on issues/concerns.....

Kevin
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
11-Aug-2011, 05:18 PM #5
ParetoLogic and FileCure
Hi Kevin,

Sorry for the delay in responding.

A few tidbits and updates.

1. I think I removed all items related to IObit, at least based on Add/Remove Programs in Control Panel. I could not find Smart Defrag.

2. After using exehelper, any shortcut worked as expected. However, after restarting/rebooting, FileCure was back. I then used exehelper and all was good, etc, etc.

3. I have not done anything you have not instructed me to do. However, what about removing ParetoLogic? Probably not a good idea at this time.

4. Now that exehelper allows .exe files to work, would it be helpful to run HJT?

5. Malwarebytes free, was already installed on my computer but I reinstalled it anyway, just to make sure. As you will see, it found nothing.

6. Several of my icons on my desktop which usually had color fills, now only are black & white images. e.g., Firefox.

7. It just occured to me...if I use exehelper, is that preventing the software from "seeing" the FileCure problem?

Here are the logfiles you requested:

A new exehelper log...plus the previous ones from exehelper.

exeHelper by Raktor
Build 20100414
Run at 16:27:17 on 08/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 17:02:55 on 08/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 21:26:41 on 08/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 17:28:35 on 08/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 18:26:53 on 08/10/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 16:57:55 on 08/11/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

TDSSKILLER follows:

2011/08/11 17:14:16.0984 3044 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/11 17:14:21.0375 3044 =========================================================================== =====
2011/08/11 17:14:21.0375 3044 SystemInfo:
2011/08/11 17:14:21.0375 3044
2011/08/11 17:14:21.0375 3044 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/11 17:14:21.0375 3044 Product type: Workstation
2011/08/11 17:14:21.0375 3044 ComputerName: SONY
2011/08/11 17:14:21.0375 3044 UserName: Larry
2011/08/11 17:14:21.0375 3044 Windows directory: C:\WINDOWS
2011/08/11 17:14:21.0375 3044 System windows directory: C:\WINDOWS
2011/08/11 17:14:21.0375 3044 Processor architecture: Intel x86
2011/08/11 17:14:21.0375 3044 Number of processors: 2
2011/08/11 17:14:21.0375 3044 Page size: 0x1000
2011/08/11 17:14:21.0375 3044 Boot type: Normal boot
2011/08/11 17:14:21.0375 3044 =========================================================================== =====
2011/08/11 17:14:23.0125 3044 Initialize success
2011/08/11 17:14:26.0812 1036 =========================================================================== =====
2011/08/11 17:14:26.0812 1036 Scan started
2011/08/11 17:14:26.0812 1036 Mode: Manual;
2011/08/11 17:14:26.0812 1036 =========================================================================== =====
2011/08/11 17:14:28.0562 1036 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/08/11 17:14:29.0078 1036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/11 17:14:29.0265 1036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/11 17:14:29.0546 1036 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/08/11 17:14:29.0765 1036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/11 17:14:29.0968 1036 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/11 17:14:30.0234 1036 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/11 17:14:30.0562 1036 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/11 17:14:31.0359 1036 AR5523 (2fe74d040a88d51f0498305f6abfa8af) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2011/08/11 17:14:31.0593 1036 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/11 17:14:32.0187 1036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/11 17:14:32.0406 1036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/11 17:14:32.0937 1036 ati2mtag (f72b6633a6f796cfe04cae038cb77418) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/11 17:14:33.0187 1036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/11 17:14:33.0421 1036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/11 17:14:33.0609 1036 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/08/11 17:14:33.0875 1036 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/11 17:14:34.0093 1036 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/11 17:14:34.0281 1036 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/11 17:14:34.0484 1036 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/11 17:14:34.0718 1036 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/11 17:14:34.0921 1036 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/11 17:14:35.0125 1036 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/11 17:14:35.0343 1036 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/11 17:14:35.0578 1036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/11 17:14:35.0750 1036 BEL6001P (b657cf246a7d47bf751b7e5c84633d3f) C:\WINDOWS\system32\DRIVERS\BEL6001P.sys
2011/08/11 17:14:35.0984 1036 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/11 17:14:36.0015 1036 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/11 17:14:36.0250 1036 BUFADPT (383ad49c48bebe6c307fe2ccc9c97115) C:\WINDOWS\System32\BUFADPT.SYS
2011/08/11 17:14:36.0515 1036 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/11 17:14:37.0015 1036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/11 17:14:37.0250 1036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/11 17:14:37.0750 1036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/11 17:14:38.0031 1036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/11 17:14:38.0312 1036 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/11 17:14:38.0625 1036 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/11 17:14:38.0890 1036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/11 17:14:39.0578 1036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/11 17:14:39.0796 1036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/11 17:14:40.0125 1036 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/08/11 17:14:40.0296 1036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/11 17:14:40.0546 1036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/11 17:14:40.0765 1036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/11 17:14:41.0265 1036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/11 17:14:41.0468 1036 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/11 17:14:41.0671 1036 ESSIDSET (d18d7ec60c14ff8256e924ed4d1c188c) C:\WINDOWS\System32\ESSIDSET.SYS
2011/08/11 17:14:41.0984 1036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/11 17:14:42.0187 1036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/11 17:14:42.0375 1036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/11 17:14:42.0578 1036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/11 17:14:42.0796 1036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/11 17:14:43.0015 1036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/11 17:14:43.0218 1036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/11 17:14:43.0406 1036 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/11 17:14:43.0671 1036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/11 17:14:43.0921 1036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/11 17:14:44.0203 1036 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/11 17:14:44.0437 1036 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/11 17:14:44.0671 1036 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/11 17:14:44.0921 1036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/11 17:14:45.0281 1036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/11 17:14:45.0453 1036 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/11 17:14:45.0718 1036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/11 17:14:46.0265 1036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/11 17:14:46.0453 1036 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/11 17:14:46.0687 1036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/11 17:14:46.0890 1036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/11 17:14:47.0125 1036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/11 17:14:47.0343 1036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/11 17:14:47.0531 1036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/11 17:14:47.0765 1036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/11 17:14:47.0968 1036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/11 17:14:48.0187 1036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/11 17:14:48.0390 1036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/11 17:14:48.0625 1036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/11 17:14:48.0968 1036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/11 17:14:49.0171 1036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/11 17:14:49.0375 1036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/11 17:14:49.0593 1036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/11 17:14:49.0968 1036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/11 17:14:50.0203 1036 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/11 17:14:50.0484 1036 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/08/11 17:14:50.0875 1036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/11 17:14:51.0312 1036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/11 17:14:51.0531 1036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/11 17:14:51.0765 1036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/11 17:14:51.0968 1036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/11 17:14:52.0156 1036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/11 17:14:52.0390 1036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/11 17:14:52.0609 1036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/11 17:14:52.0859 1036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/11 17:14:53.0046 1036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/11 17:14:53.0296 1036 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/11 17:14:53.0500 1036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/11 17:14:53.0718 1036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/11 17:14:53.0921 1036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/11 17:14:54.0125 1036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/11 17:14:54.0343 1036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/11 17:14:54.0578 1036 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/11 17:14:54.0812 1036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/11 17:14:55.0062 1036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/11 17:14:55.0375 1036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/11 17:14:55.0562 1036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/11 17:14:55.0781 1036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/11 17:14:56.0015 1036 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/11 17:14:56.0296 1036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/11 17:14:56.0515 1036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/11 17:14:56.0734 1036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/11 17:14:56.0937 1036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/11 17:14:57.0328 1036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/11 17:14:57.0515 1036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/11 17:14:59.0156 1036 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/11 17:14:59.0500 1036 portD (7b87e62bf60b51a2119faca7bd6310c3) C:\WINDOWS\system32\DRIVERS\portd2k.sys
2011/08/11 17:14:59.0703 1036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/11 17:14:59.0906 1036 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/11 17:15:00.0125 1036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/11 17:15:00.0343 1036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/11 17:15:00.0546 1036 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/11 17:15:01.0812 1036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/11 17:15:02.0078 1036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/11 17:15:02.0296 1036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/11 17:15:02.0515 1036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/11 17:15:02.0734 1036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/11 17:15:02.0937 1036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/11 17:15:03.0203 1036 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/11 17:15:03.0453 1036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/11 17:15:03.0703 1036 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/11 17:15:03.0796 1036 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/11 17:15:04.0062 1036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/11 17:15:04.0328 1036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/11 17:15:04.0593 1036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/11 17:15:04.0875 1036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/11 17:15:05.0125 1036 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys
2011/08/11 17:15:05.0468 1036 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/11 17:15:05.0953 1036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/11 17:15:06.0234 1036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/11 17:15:06.0531 1036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/11 17:15:06.0828 1036 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/11 17:15:07.0015 1036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/11 17:15:07.0250 1036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/11 17:15:07.0453 1036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/11 17:15:07.0796 1036 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
2011/08/11 17:15:08.0093 1036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/11 17:15:08.0343 1036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/11 17:15:08.0609 1036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/11 17:15:08.0828 1036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/11 17:15:09.0078 1036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/11 17:15:09.0343 1036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/11 17:15:09.0640 1036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/11 17:15:09.0921 1036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/11 17:15:10.0140 1036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/11 17:15:10.0375 1036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/11 17:15:10.0578 1036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/11 17:15:10.0843 1036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/11 17:15:11.0078 1036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/11 17:15:11.0296 1036 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/11 17:15:11.0515 1036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/11 17:15:11.0703 1036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/11 17:15:11.0937 1036 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys
2011/08/11 17:15:12.0234 1036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/11 17:15:12.0468 1036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/11 17:15:12.0718 1036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/11 17:15:12.0968 1036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/11 17:15:13.0218 1036 WLI2USB2G54 (397e216ec181f9ce1a42e9b409bb0532) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
2011/08/11 17:15:13.0578 1036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/11 17:15:13.0796 1036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/11 17:15:14.0031 1036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/11 17:15:14.0250 1036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/11 17:15:14.0531 1036 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/11 17:15:14.0781 1036 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/11 17:15:14.0828 1036 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
2011/08/11 17:15:15.0031 1036 Boot (0x1200) (76ec6d5df841c1615d69a2cde5c37331) \Device\Harddisk0\DR0\Partition0
2011/08/11 17:15:15.0046 1036 =========================================================================== =====
2011/08/11 17:15:15.0046 1036 Scan finished
2011/08/11 17:15:15.0046 1036 =========================================================================== =====
2011/08/11 17:15:15.0062 1592 Detected object count: 0
2011/08/11 17:15:15.0062 1592 Actual detected object count: 0

Malwarebytes follows:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7419
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/9/2011 5:52:43 PM
mbam-log-2011-08-09 (17-52-43).txt
Scan type: Quick scan
Objects scanned: 189268
Time elapsed: 6 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Look forward to hearing from you.

Larry
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
11-Aug-2011, 09:11 PM #6
ParetoLogic and FileCure
Hi Kevin,

Just noticed that the dialog box that asks me to select between FileCure and Windows has changed as follows:

The title of the box is now "Windows" (without the quotes) and not FileCure. It goes on about not being able to open the program because windows needs to know what program created it, blah, blah.

It asks "Use the Web service to find the appropriate program
or "Select the program from a list"

If I choose the "list" response, I then get a dialog box "Open With" and it gives me a sort of legitimate looking list of programs from which to select to open the program, in this case is Windows Explorer. However, I don't know what program would be appropriate to open WE. It seems as if we are making some sort of headway; at least the box is not titled FileCure! I have not tried the "Web service" selection for fear it's a trap. Whose paranoid?

Could this be some sort of File Association corruption? I like to through around big words even when I don't know what the hell I'm talking about. Ha, Ha. I hate using LOL.

Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
12-Aug-2011, 03:39 AM #7
Hiya Larry,

Rerun exe.helper again, then run the following:

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in
    Code:
          netsvcs
          drivers32
          %SYSTEMDRIVE%\*.*
          %systemroot%\*. /mp /s
          Msconfig
          Safebootminimal
          safebootnetwork
          CREATERESTOREPOINT
          %systemroot%\System32\config\*.sav
          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the logs in your reply..

Kevin
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
12-Aug-2011, 06:54 PM #8
ParetoLogic and FileCure
Hi Kevin,

For some unknown reason, having a terrible time responding to your most recent post. I have tried 4 times to respond and each and every time I receive a "Web page timed out" message and my reply becomes vapor! This time, instead of responding via the email, I have gone into the forum itself and will attempt to reply this way. Hope it works.

exehelper had the following indication shown in its back, DOS-looking screen, but not in its Notepad version:

Resetting filetype association for .exe
exefile="%1" %*
.exe=exefile

also,

Resetting filetype association for .com
comfile="%1" %*
.com=comfile

That's it! The above indications are NOT shown in the Notepad logfile. Don't know if this means anything or not.

OTL logfile created on: 8/12/2011 4:16:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.14% Memory free
4.10 Gb Paging File | 3.40 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2302 2302 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.88 Gb Total Space | 170.63 Gb Free Space | 75.21% Space Free | Partition Type: NTFS

Computer Name: SONY | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\desktop\OTL.exe
PRC - [2011/08/04 17:07:21 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/20 20:33:58 | 000,790,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe
PRC - [2005/01/14 15:26:56 | 000,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
PRC - [2005/01/14 15:21:32 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
PRC - [2005/01/06 15:52:56 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/01/06 15:52:56 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/01/06 15:52:54 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/05/21 16:35:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2003/12/05 14:32:56 | 000,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe
PRC - [2003/12/05 14:32:06 | 000,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe


========== Modules (SafeList) ==========

MOD - [2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/04 17:07:21 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/29 15:44:30 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/09/24 23:54:23 | 001,247,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/02/20 20:33:58 | 000,790,528 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe -- (VAIOMediaDBSyncService)
SRV - [2006/02/20 19:59:42 | 001,847,296 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/01/14 15:26:56 | 000,745,472 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 15:21:32 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 15:20:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/01/06 15:52:56 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/01/06 15:52:56 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/01/06 15:52:54 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/10/29 01:20:54 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/10/29 01:18:24 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2004/05/21 16:43:18 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/05/21 16:35:10 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2003/12/05 14:32:56 | 000,077,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector)
SRV - [2003/12/05 14:32:06 | 000,090,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/09/25 14:38:56 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 17:07:14 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 17:07:14 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/05/13 19:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/30 21:32:34 | 000,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2006/10/31 14:23:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/19 04:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/08/19 04:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/24 22:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2004/07/13 12:04:02 | 000,347,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (WLI2USB2G54)
DRV - [2004/07/13 12:04:01 | 000,009,376 | R--- | M] (MELCO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ESSIDSET.SYS -- (ESSIDSET)
DRV - [2004/07/13 12:03:48 | 000,009,600 | R--- | M] (BUFFALO INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)
DRV - [2004/03/22 21:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/25 18:28:54 | 000,768,256 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/14 21:24:30 | 000,007,372 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2003/05/23 14:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/06 17:43:36 | 000,078,720 | R--- | M] (Belkin International) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEL6001P.sys -- (BEL6001P) Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2)
DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre cordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/22 18:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/22 18:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp .com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/08 17:20:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/10 10:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/10 10:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 10:23:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp. com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:48:44 | 000,000,000 | ---D | M]

[2008/08/26 18:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
[2011/08/10 10:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions
[2011/03/07 02:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 12:47:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/12/09 13:35:19 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/05/23 20:53:42 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\DeviceDetection@l ogitech.com
[2011/08/09 09:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 09:49:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/17 13:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/08/10 10:23:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/08 17:20:53 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2008/12/02 23:11:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2007/10/05 21:57:27 | 001,255,424 | ---- | M] (Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com) -- C:\Program Files\mozilla firefox\plugins\NPCPC32.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/08/08 18:04:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://pephoto.lifepics.com/net/Uplo...Uploader45.cab (Image Uploader Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info...TunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1139160906640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1194633407906 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/mail/ymmapi.cab (YahooYMailTo Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/...loadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/27 10:11:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\Program Files\Replay Converter\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "VAIOMediaPlatform-VideoServer-UPnP"
MsConfig - Services: "VAIOMediaPlatform-VideoServer-HTTP"
MsConfig - Services: "VAIOMediaPlatform-VideoServer-AppServer"
MsConfig - Services: "VAIO Entertainment UPnP Client Adapter"
MsConfig - Services: "VAIO Entertainment File Import Service"
MsConfig - Services: "PACSPTISVR"
MsConfig - Services: "ose"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPodService"
MsConfig - Services: "ipfw"
MsConfig - Services: "IDriverT"
MsConfig - Services: "hpdj"
MsConfig - Services: "gusvc"
MsConfig - Services: "CLTNetCnService"
MsConfig - Services: "avg8wd"
MsConfig - Services: "avg8emc"
MsConfig - Services: "AdobeActiveFileMonitor4.0"
MsConfig - Services: "aawservice"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk - C:\Program Files\BUFFALO\Client Manager\ClientMgr2.exe - (BUFFALO INC.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk - C:\Program Files\Sony\Giga Pocket\ReserveModule.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: Creative Live! Cam Manager - hkey= - key= - C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: EPSON Stylus Photo R260 Series - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus Photo R300 Series - hkey= - key= - File not found
MsConfig - StartUpReg: ezShieldProtector for Px - hkey= - key= - File not found
MsConfig - StartUpReg: FLMOFFICE4DMOUSE - hkey= - key= - C:\Program Files\Labtec\Desktop\V5.1\MOffice.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
MsConfig - StartUpReg: OFFICEKB - hkey= - key= - C:\Program Files\Labtec\Desktop\V5.1\KBDAP32A.EXE ()
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VAIO Recovery - hkey= - key= - C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
MsConfig - StartUpReg: VAIO Update 2 - hkey= - key= - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
MsConfig - StartUpReg: VMConsole.exe - hkey= - key= - C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe (Sony Corporation)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 15:09:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2011/08/11 17:40:24 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 17:38:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/11 16:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/08/10 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/08/10 10:22:58 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/08/10 10:22:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/08/10 10:22:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/08/10 10:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/08/10 10:12:16 | 000,683,792 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\Larry\Desktop\RealPlayer.exe
[2011/08/09 17:42:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/09 17:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/09 17:06:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\TFC.exe
[2011/08/08 17:54:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/08 17:51:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/08 17:51:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/08 17:51:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/08 17:51:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/08 17:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/08 17:50:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/08 17:49:26 | 004,167,591 | R--- | C] (Swearware) -- C:\Documents and Settings\Larry\Desktop\Gotcha.exe
[2011/08/07 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Tech Support Guy FileCure issue
[2011/08/07 17:55:45 | 000,508,416 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Larry\Desktop\SysInfo.exe
[2011/08/07 16:22:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Larry\Start Menu\Programs\Administrative Tools
[2011/08/07 16:22:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Larry\Desktop\dds.com
[2011/08/07 16:19:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\Desktop\HijackThis.exe
[2011/08/05 16:10:42 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry\Desktop\TDSSKiller.exe
[2011/08/04 17:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/14 22:44:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/08/12 15:11:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
[2011/08/12 15:11:05 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
[2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2011/08/12 14:37:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\prvlcl.dat
[2011/08/12 14:28:57 | 127,805,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/12 14:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 14:22:41 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 18:02:02 | 000,507,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 18:02:02 | 000,089,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 17:59:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 17:23:19 | 003,448,870 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Ava Sings.wav
[2011/08/11 17:13:55 | 001,388,507 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\tdsskiller.zip
[2011/08/11 16:00:00 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/10 18:32:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/10 10:23:32 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/10 10:22:58 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/08/10 10:22:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/08/10 10:22:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/08/10 10:22:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/08/10 10:12:18 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Larry\Desktop\RealPlayer.exe
[2011/08/09 17:44:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/09 17:44:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 17:42:59 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/09 17:31:16 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry\Desktop\TDSSKiller.exe
[2011/08/09 17:06:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\TFC.exe
[2011/08/08 18:04:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/08 17:51:05 | 004,167,591 | R--- | M] (Swearware) -- C:\Documents and Settings\Larry\Desktop\Gotcha.exe
[2011/08/08 17:20:55 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/08 16:26:21 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\exeHelper.com
[2011/08/07 17:55:45 | 000,508,416 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Larry\Desktop\SysInfo.exe
[2011/08/07 16:22:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Larry\Desktop\dds.com
[2011/08/07 16:19:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\Desktop\HijackThis.exe
[2011/08/06 17:37:36 | 000,197,518 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/06 16:43:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 17:21:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Microsoft Office Word 2003.lnk
[2011/08/01 09:02:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 09:02:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/17 22:07:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/07/17 19:06:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/17 19:05:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/14 22:44:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/14 22:41:17 | 000,343,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/08/11 17:23:19 | 003,448,870 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Ava Sings.wav
[2011/08/10 10:23:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/09 17:30:08 | 001,388,507 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\tdsskiller.zip
[2011/08/08 17:54:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/08 17:54:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/08 17:51:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/08 17:51:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/08 17:51:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/08 17:51:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/08 17:51:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/08 16:26:17 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\exeHelper.com
[2011/08/06 16:43:13 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/08 09:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\prvlcl.dat
[2011/06/12 12:18:14 | 000,001,428 | -HS- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\80b8pg205i3703f7k01v8p6t64t7nml47ly
[2011/06/12 12:18:14 | 000,001,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80b8pg205i3703f7k01v8p6t64t7nml47ly
[2010/10/22 19:01:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2010/09/20 23:40:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/09/20 23:26:08 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/20 23:26:08 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/09/20 23:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/20 23:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/09/20 23:26:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/09/20 23:26:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/09/20 22:55:06 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\burnaware.ini
[2010/07/29 18:49:40 | 000,208,210 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/07/29 18:49:40 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010/07/29 17:38:15 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/07/29 17:03:02 | 000,062,532 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/06/27 09:50:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/08 15:49:25 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2010/02/06 19:59:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/26 19:39:56 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/25 08:04:46 | 000,063,106 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/11 11:22:54 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/21 13:05:33 | 000,239,133 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2009/08/21 13:04:57 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2009/08/21 12:55:26 | 000,146,762 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/08/21 12:55:26 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/06/15 16:30:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
[2009/06/15 03:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/05/26 20:01:34 | 000,000,671 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/08 21:59:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2009/03/08 21:42:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2008/12/22 17:39:21 | 000,164,714 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2008/12/22 17:39:21 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2008/12/22 15:37:07 | 000,016,050 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2008/07/22 20:22:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv32_16.ini
[2008/03/14 21:18:29 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/14 21:08:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2008/03/13 18:01:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\IV3.INI
[2008/03/13 18:01:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\IVOPEN.$$$
[2008/03/11 20:47:55 | 000,000,179 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2007/12/13 14:57:07 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/12/13 13:02:57 | 000,002,747 | ---- | C] () -- C:\Program Files\Shortcut to FamMatters3.exe.lnk
[2007/11/02 22:10:54 | 000,239,827 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp
[2007/11/02 22:10:54 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
[2007/11/02 16:48:15 | 000,100,584 | ---- | C] () -- C:\WINDOWS\hpgins14.dat
[2007/11/01 14:28:26 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/09/24 14:05:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/09/24 14:05:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/09/24 14:04:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2007/07/05 12:35:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/07/05 12:34:26 | 003,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2007/07/05 12:32:05 | 025,990,432 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/11/19 23:45:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/31 17:47:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/18 11:09:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/08 09:27:45 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Retrieve.INI
[2006/07/08 06:41:36 | 000,000,344 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/07/08 06:41:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/03/14 22:43:45 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2006/03/14 22:40:22 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
[2005/12/23 12:42:43 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/12/23 12:42:43 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/12/23 12:42:43 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2005/12/23 12:42:43 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2005/12/23 12:42:43 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/12/23 12:42:43 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2005/12/23 12:42:43 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2005/12/23 12:42:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2005/12/23 12:42:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2005/12/23 12:42:43 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2005/12/23 12:42:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2005/12/23 12:42:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2005/12/23 12:42:43 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2005/12/23 12:42:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/23 12:38:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/23 12:37:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2005/11/24 17:02:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/12 15:21:18 | 000,068,952 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2005/09/12 15:21:18 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/12 12:24:57 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/08/05 11:09:22 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/04/23 22:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/04/20 14:23:37 | 000,104,651 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2005/04/20 14:23:37 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/04/04 19:08:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\fusioncache.dat
[2005/04/04 18:51:03 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/02/09 21:26:01 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/01/18 15:59:57 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/17 13:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/11/17 13:09:46 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/09/09 16:45:39 | 000,008,698 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/09/09 16:44:48 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/07/13 12:03:53 | 000,041,269 | ---- | C] () -- C:\WINDOWS\UN800001.INI
[2004/07/13 12:03:11 | 000,084,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2004/07/13 12:03:11 | 000,083,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2004/06/16 23:45:35 | 000,000,561 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/16 23:40:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/06/16 23:34:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/06/16 23:34:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/06/16 23:34:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/06/16 23:34:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/06/16 23:34:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/06/16 23:34:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/03/31 19:59:36 | 000,001,180 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/31 19:57:08 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/03/31 19:54:28 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/03/31 19:54:25 | 000,013,988 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/03/31 19:09:29 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2004/03/31 18:59:58 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2004/03/31 18:50:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/03/31 17:43:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/31 17:12:00 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/31 17:09:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/31 17:06:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/31 16:00:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/03/31 16:00:01 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/31 15:59:42 | 000,507,412 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/03/31 15:59:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/03/31 15:59:42 | 000,089,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/03/31 15:59:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/03/31 15:59:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/03/31 15:59:40 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/03/31 15:59:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/31 15:59:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/03/31 15:59:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/03/31 15:59:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/03/31 15:59:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/31 09:03:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/31 09:03:13 | 000,343,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/22 21:50:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/22 21:49:08 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/06/17 17:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 17:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2011/08/04 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2008/09/06 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\All-In-One
[2010/09/13 15:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
[2010/11/24 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/22 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/09/02 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/10/22 13:34:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/22 18:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2007/09/24 14:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/11/24 17:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/10/22 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/06/21 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2005/02/20 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/08/08 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/27 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/09/06 17:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/22 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/02/19 15:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/08 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/12/19 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2009/04/20 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2004/12/30 23:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ACD Systems
[2008/07/23 10:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Audacity
[2010/10/22 13:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\AVG10
[2008/09/02 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Broderbund
[2007/11/20 20:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\check identical files
[2009/04/29 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ClientManager2
[2008/12/23 18:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/01 13:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ElevatedDiagnostics
[2008/08/30 13:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Family Lawyer
[2007/12/11 15:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Flickr
[2011/03/17 20:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\GlarySoft
[2010/09/20 23:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\HamsterSoft
[2009/08/18 21:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Image Zone Express
[2004/09/18 22:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\InterVideo
[2011/08/09 17:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
[2005/08/05 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Juniper Networks
[2005/12/23 13:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Leadertech
[2010/08/16 18:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\muvee Technologies
[2009/04/18 22:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\NCH Swift Sound
[2005/01/04 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Neoteris
[2010/07/16 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Opera
[2009/08/18 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Printer Info Cache
[2007/07/15 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Shutterfly
[2006/12/30 21:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Snapfish
[2005/01/19 11:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Template
[2009/03/08 21:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Ulead Systems
[2009/04/22 17:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Uniblue
[2009/09/03 12:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\VirtualStore
[2007/12/19 16:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Wal-Mart
[2011/07/17 19:05:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/07/17 19:06:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/07/17 22:07:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/11/24 17:22:31 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2010/06/27 10:11:58 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/21 13:16:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/10 18:32:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/08 21:08:54 | 000,026,399 | ---- | M] () -- C:\ComboFix.txt
[2004/03/31 17:07:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/08 09:41:23 | 000,001,441 | ---- | M] () -- C:\devicetable.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/08/12 14:22:41 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2005/06/03 00:49:59 | 000,045,739 | ---- | M] () -- C:\hpfr3600.log
[2004/09/21 14:40:33 | 000,000,391 | -H-- | M] () -- C:\hpothb07.dat
[2004/09/21 14:40:33 | 000,000,749 | -H-- | M] () -- C:\hpothb07.tif
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/03/31 17:07:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 16:45:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/04/29 13:37:18 | 000,019,690 | ---- | M] () -- C:\mombi.log
[2004/03/31 17:07:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/11/09 14:57:11 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/02 18:18:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/12 14:22:39 | 2413,821,952 | -HS- | M] () -- C:\pagefile.sys
[2007/03/07 18:02:02 | 071,712,054 | ---- | M] () -- C:\REGISTRYBKUP.reg
[2009/06/15 03:07:48 | 000,000,087 | ---- | M] () -- C:\setup.log
[2011/08/09 17:37:50 | 000,045,594 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_09.08.2011_17.32.29_log.txt
[2011/08/11 17:13:37 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_11.08.2011_17.13.27_log.txt
[2011/08/11 17:16:53 | 000,045,326 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_11.08.2011_17.14.16_log.txt
[2008/12/22 19:23:27 | 000,002,414 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2005/08/08 18:35:44 | 000,004,991 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/03/31 09:02:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/03/31 09:02:41 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/03/31 09:02:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 22:02:15

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88959883
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
< End of report >


OTL Extras logfile created on: 8/12/2011 4:16:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.14% Memory free
4.10 Gb Paging File | 3.40 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2302 2302 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.88 Gb Total Space | 170.63 Gb Free Space | 75.21% Space Free | Partition Type: NTFS

Computer Name: SONY | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe" = C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Sony\Giga Pocket\gps.exe" = C:\Program Files\Sony\Giga Pocket\gps.exe:*:Enabled:Giga Pocket Server -- (Sony Corporation)
"C:\Program Files\Sony\VAIO Media 4.0\Vc.exe" = C:\Program Files\Sony\VAIO Media 4.0\Vc.exe:*:Enabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"C:\Documents and Settings\Larry\Desktop\spybotsd162.exe" = C:\Documents and Settings\Larry\Desktop\spybotsd162.exe:*:Enabled:spybotsd162.exe -- (Safer Networking Limited )
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" = C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe:*:Enabled:VAIO Update Options -- (Sony Corporation)
"C:\Program Files\Sony\vaio media integrated server\Setup\VMSetup.exe" = C:\Program Files\Sony\vaio media integrated server\Setup\VMSetup.exe:*:Enabled:VAIO Media Setup -- (Sony Corporation)
"C:\Program Files\Sony\Giga Pocket\gvr.exe" = C:\Program Files\Sony\Giga Pocket\gvr.exe:*:Enabled:Giga Pocket -- (Sony Corporation)
"C:\Program Files\Sony\Giga Pocket\ReserveModule.exe" = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe:*:Enabled:Timer Recording Manager -- (Sony Corporation)
"C:\Program Files\Sony\Giga Pocket\ReserveW.exe" = C:\Program Files\Sony\Giga Pocket\ReserveW.exe:*:Enabled:Timer Recording Wizard -- (Sony Corporation)
"C:\Program Files\Sony\Giga Pocket\tvsetup.exe" = C:\Program Files\Sony\Giga Pocket\tvsetup.exe:*:Enabled:TV Setup -- (Sony Corporation)
"C:\Program Files\Browser MOUSE\mouse32a.exe" = C:\Program Files\Browser MOUSE\mouse32a.exe:*:Enabled: Browser MOUSE -- ()
"C:\Program Files\sony\vaio media integrated server\Platform\SV_Httpd.exe" = C:\Program Files\sony\vaio media integrated server\Platform\SV_Httpd.exe:*:Enabled:SV_Httpd -- (Sony Corporation)
"C:\Program Files\sony\vaio media integrated server\Platform\UPnPFramework.exe" = C:\Program Files\sony\vaio media integrated server\Platform\UPnPFramework.exe:*:Enabled:UPnPFramework -- (Sony Corporation)
"C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" = C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe:*:Enabled:[VAIO Media] SNAC Server -- (Sony Corporation)
"C:\Program Files\Creative\Photo Manager\CTSGrab.exe" = C:\Program Files\Creative\Photo Manager\CTSGrab.exe:*:Enabled:Screen Capture -- (Creative Technology Ltd)
"C:\Program Files\SightSpeed\VideoMerge.exe" = C:\Program Files\SightSpeed\VideoMerge.exe:*:Enabled:CallExporter -- (SightSpeed Inc.)
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe" = C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe:*:Enabled:Creative Live! Cam Center -- (Creative Technology Ltd)
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" = C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*:Enabled:Creative Live! Cam Manager -- (Creative Technology Ltd.)
"C:\Program Files\Creative\Photo Manager\CTPM.exe" = C:\Program Files\Creative\Photo Manager\CTPM.exe:*:Enabled:Creative Photo Manager -- (Creative Technology Ltd)
"C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" = C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe:*:Enabled:Creative Software AutoUpdate -- (Creative Technology Ltd)
"C:\Program Files\Creative\Support\System Information\CTSi.exe" = C:\Program Files\Creative\Support\System Information\CTSi.exe:*:Enabled:Creative System Information -- (Creative Technology Ltd.)
"C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe" = C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe:*:Enabled:HP Solution Center -- (Hewlett-Packard Company)
"C:\WINDOWS\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe" = C:\WINDOWS\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe:*:Enabled:SkypeIcon.exe -- ()
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\Movie Maker\moviemk.exe" = C:\Program Files\Movie Maker\moviemk.exe:*:Enabled:Windows Movie Maker -- (Microsoft Corporation)
"C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe" = C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B406F3B-8008-430C-B385-ED63154534C7}" = L7600
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{3F679809-E099-4A45-BAF6-04F6F02141A3}" = Family Matters
"{402ABB62-3C87-47F4-B8D6-A2A51C241B2F}" = DigitalCAM
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C656CE5-1252-4699-A80F-1C9C469FD77B}" = Mavis Beacon Teaches Microsoft Word
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F51F451-E2A9-411C-9076-BFCE69C3632B}" = Broderbund Home and Business Lawyer
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.02
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD871377-A1A3-4D7B-AA5E-EB163E1202C6}" = Kodak DIGITAL GEM Airbrush Professional Plug-In
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
"{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D2DFC174-494B-435D-BB9D-D82520D03C28}" = My Sam's Club Digital Photo Center
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.12
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AnvSoft Movie DVD Maker_is1" = Movie DVD Maker 3.01
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Browser MOUSE" = Browser MOUSE
"BurnAware Free_is1" = BurnAware Free 3.0.5
"Check Identical Files_is1" = Check Identical Files version 2.20
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CPC View Plugin" = CPC Lite Plugin
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"Easy DV to DVD" = Easy DV to DVD
"EPSON Printer and Utilities" = EPSON Printer Software
"ExpressBurn" = Express Burn
"Film Factory" = Film Factory
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"FLV Player1.33T" = FLV Player
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{4C656CE5-1252-4699-A80F-1C9C469FD77B}" = Mavis Beacon Teaches Microsoft Word
"InstallShield_{4F51F451-E2A9-411C-9076-BFCE69C3632B}" = Broderbund Home and Business Lawyer
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Iomega ZipCD" = Iomega ZipCD Support Files
"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 5.0
"Labtec Desktop V5.1" = Labtec Desktop V5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"OpenMG HotFix4.0-04-11-01-01" = OpenMG Limited Patch 4.0-04-11-01-01
"Picasa 3" = Picasa 3
"PictureItSuite_v10" = Microsoft Digital Image Suite 10
"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"SFlyStudio" = Shutterfly Studio
"Shop for HP Supplies" = Shop for HP Supplies
"Shutterfly Plugin" = Shutterfly Plugin
"SightSpeed" = SightSpeed
"Silent Package Run-Time Sample" = EPSON Stylus Photo R260 User's Guide
"SysInfo" = Creative System Information
"Tweak UI 2.10" = Tweak UI
"UN800001" = BUFFALO Client Manager
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WavePad" = WavePad Uninstall
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Cache_Cleaner 4.2.0" = Cache Cleaner 4.2.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2010 4:22:38 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/24/2010 4:30:21 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/24/2010 4:30:21 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/24/2010 6:33:36 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/24/2010 6:33:37 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/24/2010 10:30:44 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/25/2010 3:00:00 AM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/25/2010 3:00:01 AM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/25/2010 5:41:58 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...uthrootseq.txt>
with error: A connection with the server could not be established

Error - 11/26/2010 1:25:55 PM | Computer Name = SONY | Source = VzFw | ID = 108
Description = Failed to start monitoring folder. (00000000) C:\Documents and Settings\All
Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

[ System Events ]
Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The VAIO Media Integrated Server (HTTP) service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment Database Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/11/2011 4:34:27 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The VAIO Media Integrated Server (UPnP) service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/11/2011 4:34:27 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/11/2011 4:34:28 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The Sony TV Tuner Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/11/2011 4:34:28 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment TV Device Arbitration Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 8/11/2011 8:38:03 PM | Computer Name = SONY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/11/2011 8:38:03 PM | Computer Name = SONY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/12/2011 4:11:55 PM | Computer Name = SONY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 00112F1989E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >


Hope this goes.

Larry
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
12-Aug-2011, 06:56 PM #9
ParetoLogic and FileCure
Kevin, If you get this please relpy ASAP

Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
12-Aug-2011, 09:31 PM #10
OK, what is the big issue...
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
12-Aug-2011, 10:04 PM #11
ParetoLogic and FileCure
Hi Kevin,

Sorry for the request for quick response. I had tried to respond to you on a timely basis. However, each time I attempted to send the latest info you requested, I received an "error message" stating the Web page had expired. I then went to the thread and did not see the message I sent. I assumed that you would not get the info and I tried sending it 5 times! Now, I see that it was sent. Sorry for the redundant messages.

Looking forward to your next instructions.

Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-Aug-2011, 04:23 AM #12
Hiya Larry,

Continue as follows please :-

Step 1

Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2007/09/24 23:54:23 | 001,247,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info...TunesSetup.exe (Reg Error: Key error.)
    @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88959883
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
    :Services
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\FileCure
    C:\Documents and Settings\All Users\Application Data\IObit
    C:\Documents and Settings\All Users\Application Data\ParetoLogic
    C:\Documents and Settings\Larry\Application Data\IObit
    C:\WINDOWS\Tasks\ParetoLogic Registration3.job
    C:\WINDOWS\Tasks\SmartDefrag_Startup.job
    :Commands
    [purity]
    [resethosts]
    [EmptyFlash]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
  • Re-open Malwarebytes and check for updates...
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those three logs in next reply, also give an update on issues and concerns....

Kevin
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
15-Aug-2011, 05:57 PM #13
ParetoLogic and FileCure
Kevin,

I have sent you comments previously and I don't know if you have seen/read them. I think they might be pertinent. Please let me know. They have been in with the various logs I have sent.

As I have stated, exehelper fixes the file association issue but only temporarily; after I restart or reboot, the file association dialog box appears.

When I try to start an app without the assist from exehelper, I get the file association dialog box only NOW, however, its title is not FileCure, it's Windows. I still can't execute anything without exehelper being used right after the desktop appears! That includes OTL, Malwarbytes, etc. I'm wondering if the exehelper program is "hiding" the issue from the OTL and Malwarbytes? But, I can't run those programs without exehelper. I guess I'm being redundant.

After exehelper functions, it has two screens: A black DOS-looking screen and the .txt screen ala Notepad. The black screen has 2 lines in it that are not listed in the .txt screen as follows:

exefile="%1" %*
.exe=exefile

and

comfile="%1" %*
.com=comfile

From what little research I'v done, those are registry fixes. However, as pointed out above, they are not permanent. Each restart/reboot and they are back to the defective whatever.

With the help of exehelper, I could now run HJT. Would this be helpful? I surely cannot not run it without exehelper. My assumption would be that exehelper would prevent HJT from "seeing" what is really wrong???

Doug Knox, in his site, has a similar program to exehelper. It too is temporary.

Your instruction in your previous message it appears that item 2 and 3 are identical. Please correct me if I'm wrong.

Here are the logs you asked for in your previous message.

All processes killed
========== OTL ==========
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
Error: No service named CLTNetCnService was found to stop!
Service\Driver key CLTNetCnService not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
Error: No service named Symantec Core LC was found to stop!
Service\Driver key Symantec Core LC not found.
File C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:88959883 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF .
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Larry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Larry\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\FileCure not found.
File\Folder C:\Documents and Settings\All Users\Application Data\IObit not found.
File\Folder C:\Documents and Settings\All Users\Application Data\ParetoLogic not found.
File\Folder C:\Documents and Settings\Larry\Application Data\IObit not found.
File\Folder C:\WINDOWS\Tasks\ParetoLogic Registration3.job not found.
File\Folder C:\WINDOWS\Tasks\SmartDefrag_Startup.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: Administrator.SONY

User: All Users

User: Default User

User: Larry
->Flash cache emptied: 456 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SONY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Larry
->Temp folder emptied: 110950 bytes
->Temporary Internet Files folder emptied: 25337389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12437502 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46347 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.SONY

User: All Users

User: Default User

User: Larry
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08152011_160208
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD42E.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD439.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD4C1.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD4CC.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD5CE.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD5D9.tmp not found!
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\iframe3[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[1] moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[2] moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[3] moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\aceUAC[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\aceUAC[2].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\B4742075[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\iframe3[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\iframe3[2].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\md[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\st[1] moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\welcome[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\6547533461[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\aceUACping[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\B4742075[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\B4742075[2].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\clk[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\fc[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\hic[1].htm moved successfully.
File move failed. C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...

MALWAREBYTES follows

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7474
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/15/2011 5:04:06 PM
mbam-log-2011-08-15 (17-04-06).txt
Scan type: Quick scan
Objects scanned: 189571
Time elapsed: 6 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Thanks, Larry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
15-Aug-2011, 06:20 PM #14
Hiya Larry,

See if you can run GMER again, ensure all security is off or GMER will have issues.....

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
Temporarily disable Security

Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO
    Then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)


      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" *
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please copy and paste the report into your Post.
raster man's Avatar
raster man raster man is offline
Junior Member with 20 posts.
THREAD STARTER
 
Join Date: Jun 2009
16-Aug-2011, 08:41 PM #15
ParetoLogic and FileCure
Hi Kevin,

Ran GMER with zero results! A message came up that said in effect, it found nothing. I saved the blank page as ark.txt, but what good is that. I did have to run exehelper to get GMER to run. I tried to change GMER to a .com file but could not do it. So perhaps GMER thought everything was ok because of what exehelper does.

Please comment on my comments!

Once again, if I run exehelper, all is well...until of course I restart or reboot. If we could make whatever exehelper is doing permanent, then I would be happy.

As I'm sure on your end, I'm getting a little tired of this. However, I do appreciate your perseverence!

Larry
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑