Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Spyware, Malware, Virus ---Help me to remove it, please


(!)

lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
15-Sep-2011, 06:19 PM #16
after I restarted my laptop, there is message saying the restore point by erunt was not successful. ?
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
15-Sep-2011, 06:21 PM #17
also, there is old documents that I deleted from desktop long time ago after the restart.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
15-Sep-2011, 06:26 PM #18
In your personal opinion, is malwarebyte's anti-malware better than norton 360? should I try kaspersky?
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
17-Sep-2011, 11:35 AM #19
Hi lux13, OTL did not run properly. Please follow the instructions again to complete the removal process.



Running OTL
  • Please right-click on the OTL.exe icon on your desktop and select Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

  • Code:
    :OTL
    MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
    MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
    MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avforma t-52.dll
    MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
    MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32 .dll
    MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dl 
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
    O15 - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..Trusted Domains: iu.edu ([ithelplive] https in Trusted sites)
    [2011/08/13 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E199BFA1-ED27-45D3-AFE6-01F995C67618}
    [2011/08/13 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B018335F-7508-47EA-A6F4-B66FBD88B6FE}
    [2011/08/13 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6A4D0D32-3B48-49F8-9F0A-F6BEB5A4608C}
    [2011/08/25 21:47:58 | 000,002,472 | ---- | M] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
    [2011/08/25 21:19:01 | 000,002,296 | ---- | M] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
    [2011/08/18 06:08:25 | 000,002,472 | ---- | M] () -- C:\{98544866-7A41-4361-B14B-331CDC8919CC}
    [2011/08/25 21:47:56 | 000,002,472 | ---- | C] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
    [2011/08/25 21:18:55 | 000,002,296 | ---- | C] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMPFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
     
    :Files 
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [createrestorepoint] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button.
Quote:
In your personal opinion, is malwarebyte's anti-malware better than norton 360? should I try kaspersky?
I use Avira (free version) which is very nice however not everyone will like it as it produces an advert for each update that it performs. I personally just click ok and the update continues. I don't like Norton and I have had a few issues with previous versions and I am quite sure they are all fixed but it is not my cup of tea. Kaspersky is another good piece of software I wouldn't mind using. You made a comparison between MalwareBytes and Norton 360, MalwareBytes is not an antivirus software and is meant as a complementary program that is an additional layer of security. The free version is like an on-demand scanner. If you want realtime-protection then you need to purchase MalwareBytes pro edition. Realtime protection is basically a feature that will provide you with protection in the background without you needing to manually intervene (in most cases). If you are unsure please ask.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
19-Sep-2011, 05:00 PM #20
Thanks for the reply. I think I will definitely switch my to Avira or MalwareBytes pro after my Norton 360 contract ends. My laptop always seems to get some kind of infection/malware with Norton 360.

I tried to run OTL.exe over the weekend. I opened the otl.exe as an administrator and copy pasted the OTL log in your message in the customs and hit run fix. However, it runs for about 3-4 seconds fine and then just becomes unresponsive. What should I do now? I tried to it numerous times already and even after the reboot and restart, I still have the same problem. Is there an other way to make it work?

Thanks.
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
24-Sep-2011, 12:53 AM #21
Hi, sorry for the delay.


Access safemode
  • Restart your computer, and just before Windows begins to load, please tap F8, then highlight Safe Mode on the list and press Enter.
    Login as usual.
  • Once in Safe Mode,Right-click on the OTL.exe icon on your desktop and select "Run as administrator"
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
    MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
    MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avforma t-52.dll
    MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
    MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32 .dll
    MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dl 
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
    O15 - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..Trusted Domains: iu.edu ([ithelplive] https in Trusted sites)
    [2011/08/13 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E199BFA1-ED27-45D3-AFE6-01F995C67618}
    [2011/08/13 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B018335F-7508-47EA-A6F4-B66FBD88B6FE}
    [2011/08/13 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6A4D0D32-3B48-49F8-9F0A-F6BEB5A4608C}
    [2011/08/25 21:47:58 | 000,002,472 | ---- | M] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
    [2011/08/25 21:19:01 | 000,002,296 | ---- | M] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
    [2011/08/18 06:08:25 | 000,002,472 | ---- | M] () -- C:\{98544866-7A41-4361-B14B-331CDC8919CC}
    [2011/08/25 21:47:56 | 000,002,472 | ---- | C] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
    [2011/08/25 21:18:55 | 000,002,296 | ---- | C] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMPFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    :Files 
     ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [createrestorepoint] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
If you are still experience the same issue with OTL crashing, then please post a new fresh OTL log.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
25-Sep-2011, 12:46 AM #22
no worries. I tried it in safe mode, but it kept on freezing. When I started my laptop I got following message :
"Windows created a temporary paging file on your computer because of a problem that occurred with your paging file configuration when you started your computer. The total paging file size for all disk drives may be somewhat larger than the size you specified."
What does this mean?
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
25-Sep-2011, 12:52 AM #23
now the olt scan won't even run. after few second it becomes unresponsive.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
26-Sep-2011, 07:05 PM #24
finally made it work. here is the log:

jjOTL logfile created on: 9/26/2011 5:02:36 PM - Run 6
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 58.58% Memory free
6.50 Gb Paging File | 3.63 Gb Available in Paging File | 55.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361.87 Gb Total Space | 0.86 Gb Free Space | 0.24% Space Free | Partition Type: NTFS
Drive H: | 377.00 Mb Total Space | 345.91 Mb Free Space | 91.75% Space Free | Partition Type: NTFS

Computer Name: BL-RH-BOERKHEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 05:50:02 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/09/12 19:11:25 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/05 13:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2009/08/26 17:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/08/26 17:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/08/26 17:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/08/26 17:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/07/17 11:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/17 11:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/17 11:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/17 11:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/17 11:31:26 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009/07/17 11:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/14 11:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/05/26 09:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/19 23:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogl eNaClPluginChrome.dll
MOD - [2011/09/19 23:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
MOD - [2011/09/19 23:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MOD - [2011/09/19 23:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avforma t-53.dll
MOD - [2011/09/19 23:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MOD - [2011/09/19 20:32:41 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32 .dll
MOD - [2011/09/19 20:32:41 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\140835~1.186\gcswf32.dl l
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/13 21:57:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4 a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/13 21:56:42 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e 68d763389246197\System.Web.ni.dll
MOD - [2011/08/13 21:56:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b39 9b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 21:56:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e 77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/13 21:56:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f 925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/13 21:55:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94 e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/13 21:55:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3 f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/13 21:55:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857 c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/08/13 21:49:10 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883f d8b03ec192d\System.ni.dll
MOD - [2011/08/13 21:49:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0 ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/04 18:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 18:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll
MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
MOD - [2010/11/04 21:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
MOD - [2010/11/04 21:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/26 17:11:50 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2009/08/26 17:11:50 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2009/08/26 17:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2009/08/26 17:11:50 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2009/08/26 17:11:50 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2009/08/26 17:11:50 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2009/08/26 17:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2009/08/26 17:11:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2009/08/26 17:11:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2009/08/26 17:11:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2009/08/26 17:11:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2009/08/26 17:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2009/08/26 17:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2009/08/26 17:11:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/08/26 17:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2009/08/26 17:11:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2009/08/26 17:11:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2009/08/26 17:11:48 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/12 16:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/06/09 13:00:34 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/09/08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/09/01 10:15:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/12/19 17:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/17 11:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/17 11:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/17 11:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/17 11:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/17 11:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/11 21:07:49 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR200.SYS -- (SMR200)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 22:23:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/07/25 22:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/03 15:43:36 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/01 12:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/01 12:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/01 12:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/01 12:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/01 10:15:16 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 23:52:38 | 005,437,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/10/22 20:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 20:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/09/09 13:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110923.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/18 01:09:29 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110926.003\EX64.SYS -- (NAVEX15)
DRV - [2011/08/18 01:09:29 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/18 01:09:29 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 01:09:29 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110926.003\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.polyvore.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 42 0F 2A 8B 57 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.8.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..extensions.enabledItems: gmailnoads@mywebber.com:3.3.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.5
FF - prefs.js..extensions.enabledItems: stefanvandamme@stefanvd.net:1.0.1
FF - prefs.js..extensions.enabledItems: trackerblock@privacychoice.org:1.1.1
FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:2.3
FF - prefs.js..extensions.enabledItems: {20068ab2-1901-4140-9f3c-81207d4dacc4}:0.6
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.5
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {c7b204cd-707e-4d13-b5c4-8eb3ce6f3f52}:0.2
FF - prefs.js..extensions.enabledItems: googledictionary@toptip.ca:2.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplu s_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/18 18:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@we b2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/15 21:07:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/07/06 22:32:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/09/26 16:18:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/10 12:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 21:07:35 | 000,000,000 | ---D | M]

[2010/09/18 18:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/07/07 16:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/09/24 23:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions
[2011/09/24 23:58:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/09/24 23:58:47 | 000,000,000 | ---D | M] (Reader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2010/09/18 18:37:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(38)
[2011/09/10 12:47:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/02 05:39:04 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\firefox@ghostery.com
[2011/06/18 19:05:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\foxmarks@kei.com
[2010/09/18 18:37:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\ex tensions\isreaditlater@ideashower(37).com
[2010/10/18 21:36:46 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\se archplugins\bing-zugo.xml
[2010/04/30 04:05:25 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\se archplugins\bing.xml
[2009/09/18 13:02:51 | 000,001,626 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\se archplugins\mozilla-add-ons.xml
[2011/07/07 04:18:57 | 000,002,469 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\se archplugins\safesearch.xml
[2011/09/16 14:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 18:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/18 18:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/15 21:07:22 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010/09/18 18:10:03 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/09/26 16:18:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/07/06 22:32:11 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{45D8FF86-D909-11DB-9705-005056C00008}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\GMAILNOADS@MYWEBBER.COM.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\SIMPLEBLOCK@AKSOFTWARE.NE1.NET.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\TRACKERBLOCK@PRIVACYCHOICE.ORG.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\UNSORTEDBOOKMARKSMENU@ALICE.XPI
[2010/09/18 18:16:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/10 12:47:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/01/18 15:32:50 | 000,000,743 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E97869-E04A-40FB-8B3D-BA2ED36C4490}: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E3E8E2-C58E-4C65-9B42-3369F7A5B0CA}: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/25 00:03:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/17 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2011/09/16 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/09/15 17:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/15 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/15 08:34:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/15 08:30:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/15 08:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/15 08:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/09/14 17:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/09/12 19:11:24 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/09/05 23:50:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/05 23:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/09/05 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/09/05 22:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

========== Files - Modified Within 30 Days ==========

[2011/09/26 17:24:14 | 000,104,155 | ---- | M] () -- C:\test.xml
[2011/09/26 16:55:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821222001-2714658270-602336847-1000UA.job
[2011/09/26 16:55:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/26 16:27:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 16:27:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 16:18:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/26 16:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 16:17:30 | 510,935,039 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 08:43:41 | 000,377,732 | ---- | M] () -- C:\Users\Owner\Desktop\E Fall 2011 box copy.pdf
[2011/09/26 04:04:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821222001-2714658270-602336847-1000Core.job
[2011/09/25 00:29:13 | 011,272,192 | ---- | M] () -- C:\Users\Owner\ntuser.bak
[2011/09/25 00:03:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/22 13:01:48 | 000,002,472 | ---- | M] () -- C:\{86FCE3C9-44A2-4736-A4CF-E091FD07D95A}
[2011/09/22 12:44:21 | 000,001,768 | ---- | M] () -- C:\{8ECC3900-1959-4E3A-96C5-6D824AECEE94}
[2011/09/16 14:00:02 | 026,309,259 | ---- | M] () -- C:\Users\Owner\Documents\Upper Body Workout - Part 4_7.flv
[2011/09/16 00:05:58 | 000,407,409 | ---- | M] () -- C:\Users\Owner\Desktop\b03.pdf
[2011/09/15 17:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/15 08:29:56 | 000,001,104 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/15 08:29:53 | 000,000,924 | ---- | M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2011/09/15 08:29:53 | 000,000,905 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/09/14 23:10:04 | 000,002,472 | ---- | M] () -- C:\{72127A2A-52CF-4BEC-9D24-C16662357BB8}
[2011/09/14 22:58:23 | 000,001,872 | ---- | M] () -- C:\{7BDF7739-D56C-40D4-98C6-5E65F26184D3}
[2011/09/14 17:17:19 | 000,001,135 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/12 19:11:25 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/09/06 21:30:52 | 001,390,108 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/04 16:30:05 | 000,004,265 | ---- | M] () -- C:\Users\Owner\AppData\Local\devcpp.ini
[2011/09/04 16:30:05 | 000,000,273 | ---- | M] () -- C:\Users\Owner\AppData\Local\devcpp.cfg
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/22 13:01:46 | 000,002,472 | ---- | C] () -- C:\{86FCE3C9-44A2-4736-A4CF-E091FD07D95A}
[2011/09/22 12:44:18 | 000,001,768 | ---- | C] () -- C:\{8ECC3900-1959-4E3A-96C5-6D824AECEE94}
[2011/09/16 13:52:33 | 026,309,259 | ---- | C] () -- C:\Users\Owner\Documents\Upper Body Workout - Part 4_7.flv
[2011/09/16 00:06:05 | 000,407,409 | ---- | C] () -- C:\Users\Owner\Desktop\b03.pdf
[2011/09/15 17:11:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/15 08:29:55 | 000,001,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/15 08:29:53 | 000,000,924 | ---- | C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2011/09/15 08:29:53 | 000,000,905 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/09/14 23:10:02 | 000,002,472 | ---- | C] () -- C:\{72127A2A-52CF-4BEC-9D24-C16662357BB8}
[2011/09/14 22:58:22 | 000,001,872 | ---- | C] () -- C:\{7BDF7739-D56C-40D4-98C6-5E65F26184D3}
[2011/09/14 17:17:19 | 000,001,135 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/05 22:44:45 | 001,390,108 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/30 07:48:22 | 000,377,732 | ---- | C] () -- C:\Users\Owner\Desktop\E Fall 2011 box copy.pdf
[2011/08/17 18:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\defaultcode.cfg
[2011/08/17 18:49:29 | 000,000,273 | ---- | C] () -- C:\Users\Owner\AppData\Local\devcpp.cfg
[2011/08/17 18:48:53 | 000,004,265 | ---- | C] () -- C:\Users\Owner\AppData\Local\devcpp.ini
[2011/08/11 23:02:12 | 000,000,770 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SMRBackup200.dat
[2011/06/03 14:18:40 | 000,000,021 | RHS- | C] () -- C:\ProgramData\ExpPDFSAMSystem.kje
[2011/04/30 12:19:44 | 000,202,792 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/20 18:08:48 | 000,747,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/26 01:33:52 | 000,026,112 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 01:32:50 | 000,000,344 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/09/18 21:48:28 | 000,000,033 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/09/18 18:03:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 02:42:59 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/06/10 01:27:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/03 00:03:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/30 19:58:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/08 10:41:50 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/05/08 09:52:22 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/20 16:01:11 | 000,002,763 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Files - Unicode (All) ==========
[2011/07/25 15:03:44 | 000,019,014 | ---- | M] ()(C:\Users\Owner\Desktop\??????? ??? ??????.docx) -- C:\Users\Owner\Desktop\Хэвшсэн нэр томьёо.docx
[2011/07/24 16:17:16 | 000,019,014 | ---- | C] ()(C:\Users\Owner\Desktop\??????? ??? ??????.docx) -- C:\Users\Owner\Desktop\Хэвшсэн нэр томьёо.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
26-Sep-2011, 07:24 PM #25
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
29-Sep-2011, 10:12 AM #26
Hi. The OTL fix run successfully this time.

Please update the following programs to enhance system security and to minimise malware infection.

Update Java




It is critical to have the latest version of Java installed, because older versions are a security risk that malware often exploits.
  • To get the latest version of Java please go here.
  • Please select "Agree and Start Free Download".
  • Once downloaded please follow the on screen wizard to install it.
  • When installed, please go to Start -> Control Panel -> Programs and Features.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there:
    Select any found and choose Uninstall.
Next:

Update Adobe Reader

Adobe Acrobat 10.0 is outdated and contains security vulnerabilities. To update to the latest version of Adobe Reader 10.1.1, please do the following:
  • Please download Adobe Reader 10.1.1 from here and install it.
  • Once Adobe is installed, please navigate to Start >> Control Panel >> Add or Remove Programs.
  • Please remove Adobe Acrobat 10.0.
Note: I recommend you uncheck any optional installs (For example, Free McAfee Security Scan, Free Google Toolbar, Free Ask Toolbar, etc).

Next:




Run ESET Online Scan
  1. Right click on Internet Explorer, and choose Run as administrator.

  2. Then please copy this url to the new window you just opened. ESET OnlineScan
  3. Click the button.
  4. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  5. Check
  6. Click the button.
  7. Accept any security warnings from your browser.
  8. Check
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
  12. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  13. Push the button.
  14. Push
You can refer to this animation by neomage if needed.

Could you please tell me what this link is? I tried opening it but it is incorrect.


In your next reply, please include the following
- EESET log.
- Please note any remaining problems.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
30-Sep-2011, 02:23 PM #27
thanks for helping me with this.
instead of log, I got this. here is link to the capture:
https://picasaweb.google.com/jojosan...17881907999730
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
30-Sep-2011, 02:25 PM #28
also, I always get a message saying that my laptop has low disk space. I didn't set it up my laptop when I bought, so instead of 2 disk which I prefer I have only 1. If I want to set 2 disk spaces, how do I do that? also, should I format laptop since it seems to be always freezing up and kinda getting slower?
jimbo100's Avatar
jimbo100 jimbo100 is offline jimbo100 is a malware removal trainee.
jimbo100 has a Photo Album
Computer Specs
Malware Removal Trainee with 185 posts.
 
Join Date: Jul 2011
Location: United Kingdom
Experience: The learning never stops
02-Oct-2011, 09:50 AM #29
Hello there. The ESET scan indicates the machine is clean and you may no longer have any malware present in your machine.
Quote:
I always get a message saying that my laptop has low disk space. I didn't set it up my laptop when I bought, so instead of 2 disk which I prefer I have only 1.
The error message is an early warning. You have a lot of data stored in your C: drive, please try to remove some of it now. If you keep adding data to this drive, soon your computer will become unusable. I belive the crashes are because of this. You want to create two disks, this is known as partitioning. You need a piece of software to do this. I will give you the link for the software but first, we need to remove unnecessary data.

A few tips that will help you.
  • Uninstall any program you no longer use or need, all of these use unnecessary storage.
  • Navigate to Documents / Pictures / Music, find anything you no longer need and remove it.
  • Empty your recycle bin.
If you have data that you do not want to remove, then perhaps you can back this data up to another external source of media. At the moment, you have 0.24% free, you need to get this to atleast 10 - 15% free.
lux13's Avatar
lux13 lux13 is offline
Junior Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2011
06-Oct-2011, 01:17 AM #30
Thanks for the reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
malware, removal of spyware, spyware, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑