1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ParetoLogic and FileCure

Discussion in 'Virus & Other Malware Removal' started by raster man, Aug 7, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Greetings:

    I can no longer access .exe programs. If I attempt to do so, I get a dialog box that states:

    FileCure - Manage File Extension
    You are trying to open this file:
    File name: firefox.exe

    To open this file, Windows needs to know what program to use.

    What do you want to do?

    Use FileCure to manage this type of file
    Use Windows to manage this type of file

    OK or Cancel

    There are radio buttons to select. I have only selected Windows, never FileCure. When I click OK, I get the following dialog box:

    rundll32.exe

    (there is a white X on a red background)

    This file does not have a program associated with it for perfoming this action. Create an association in the Folder Options control panel. OK.

    When I click OK, all dialog boxes go away. If I go to Folder Options in control panel, there are 3 tabs: General, View and File Types. If I click on File Types, I can't understand the resulting box or boxes. If I click on Add/Remove Programs, I get a dialog box almost identical as the FileCure box mentioned above. The difference is File name is now rundll32.exe. It offers the exact same options and results.

    A long time ago, I downloaded ParetLogic because it was stated that it would help run files that did not have associations. As far as I know, it never caused any issues. However, it seems that FileCure is associated with ParetLogic.

    I have tried accessing Malwarebytes on my computer, but FileCure prevents that with its familiar screen. About the only thing I can get is I.E.

    My best recollection of how this started (about 2.5 days ago), was I ran a routine run of SuperAntiSpyware (SAS) and it found the following: System.BrokenFileAssociation. I quarantined/removed it and that's when the issue began.

    Access to most programs is gone. I have not tried to access ParetoLogic as I thought it might make things worse. All control panel icons are prevented by FileCure.

    Now, to your instructions: I downloaded HJT and of course, FileCure prevents access. So it is not presented here.

    DDS did work and I will attempt to include them with this post.

    GMER worked in a fashion, as follows:

    Immediately after clicking on the desktop icon, I receive the following dialog box:

    GMER

    WARNING!!! (with a black exclamation point against a yellow background)
    GMER has found system modification caused by ROOTKIT activity
    OK

    I cannot progress or do anything at that point. GMER is frozen. The only thing I can do is go back to the instruction screen. Behind the warning box, is another box indicating ROOTKIT ACTIVITY.

    It has the following information highlighted in red:

    Module \systemroot\system32\UACd.sys(***hidden***) (under the Value term, the following:) A9B74000-A9B85000(69632bytes)

    Library D:\WINDOWS\system32\dll.dll(***hidden***)@D:\WINDOWS\System32\msiexec.exe(1660) (under Value, the following:)0x10000000

    Service D:\WINDOWS\system32\drivers\UACmdivrtnq.sys(***hidden***) (under Value, the following:[SYSTEM]UACd.sys

    File D:\WINDOWS\system32\UACmdivrtnq.sys (under Value, the following: 57344bytes executable

    I hope all this reads OK for you. I don't have the knowledge of how to "grab" the screen shots and send them along.

    I will now attempt to include the DDS.txt and the attach.txt:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Run by Larry at 16:22:29 on 2011-08-07
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.835 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
    mRun: [ATIModeChange] Ati2mdxx.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [V0420Mon.exe] c:\windows\V0420Mon.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remoco~1.lnk - c:\program files\sony\usbsircs\usbsircs.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader45.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139160906640
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194633407906
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{96F91524-E35E-449A-81EE-8572C2C830F9} : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{F08724B3-DA78-4F13-A2F7-B576B7F01137} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 192.168.1.102 HP001E0B9C97B3
    Hosts: 192.168.1.109 HP001F29701C62
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\vfv8d8u5.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-12 13496]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 123264]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-16 353168]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2009-6-15 7372]
    R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\sony\vaio media integrated server\GPDBWatcher.exe [2009-6-15 790528]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
    S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\athfmwdl.sys --> c:\windows\system32\drivers\ATHFMWDL.sys [?]
    S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2004-11-1 78720]
    S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2005-2-7 9376]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
    S3 ip_fw;ipfw kernel-mode driver;\??\c:\windows\system32\drivers\ip_fw.sys --> c:\windows\system32\drivers\ip_fw.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-3-31 14336]
    S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2010-6-27 99648]
    S3 WLI2USB2G54;BUFFALO WLI2-USB2-G54 Wireless LAN Driver;c:\windows\system32\drivers\PRISMA02.sys [2006-3-14 347424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
    S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-24 1247600]
    .
    =============== Created Last 30 ================
    .
    2011-08-04 21:07:21 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
    2011-07-15 02:48:13 -------- d-----w- c:\program files\common files\xing shared
    2011-07-15 02:44:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-07-15 02:47:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-07-15 02:47:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-10 22:23:06 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 18:53:36 1409 ----a-w- c:\windows\QTFont.for
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2007-07-05 16:34:44 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-07-05 16:34:12 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    ============= FINISH: 16:24:35.68 ===============

    And now the Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/9/2004 11:38:17 AM
    System Uptime: 8/7/2011 12:05:51 PM (4 hours ago)
    .
    Motherboard: ASUSTek Computer Inc. | | P4SD-VL
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 227 GiB total, 171.22 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet Pro L7600
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro L7600
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1488: 4/27/2011 9:59:06 AM - System Checkpoint
    RP1489: 4/28/2011 6:27:28 PM - Software Distribution Service 3.0
    RP1490: 4/29/2011 11:46:16 PM - System Checkpoint
    RP1491: 5/1/2011 5:26:39 PM - System Checkpoint
    RP1492: 5/2/2011 5:43:32 PM - System Checkpoint
    RP1493: 5/3/2011 7:31:11 PM - System Checkpoint
    RP1494: 5/5/2011 7:12:15 PM - System Checkpoint
    RP1495: 5/6/2011 11:53:59 PM - System Checkpoint
    RP1496: 5/7/2011 12:42:06 PM - Removed Adobe Reader 9.4.4.
    RP1497: 5/7/2011 12:54:47 PM - Installed Adobe Reader X (10.0.1).
    RP1498: 5/8/2011 2:32:16 PM - System Checkpoint
    RP1499: 5/9/2011 8:31:16 PM - System Checkpoint
    RP1500: 5/11/2011 9:31:17 AM - System Checkpoint
    RP1501: 5/11/2011 2:54:06 PM - Software Distribution Service 3.0
    RP1502: 5/13/2011 9:16:22 AM - System Checkpoint
    RP1503: 5/16/2011 9:40:01 AM - System Checkpoint
    RP1504: 5/17/2011 10:18:07 AM - System Checkpoint
    RP1505: 5/18/2011 11:04:20 AM - System Checkpoint
    RP1506: 5/20/2011 4:33:19 PM - System Checkpoint
    RP1507: 5/23/2011 9:09:41 AM - System Checkpoint
    RP1508: 5/23/2011 8:21:52 PM - Installed Logitech Harmony Remote Software
    RP1509: 5/25/2011 9:19:34 AM - System Checkpoint
    RP1510: 5/28/2011 2:06:05 PM - System Checkpoint
    RP1511: 5/30/2011 9:16:17 AM - System Checkpoint
    RP1512: 5/31/2011 2:45:12 PM - System Checkpoint
    RP1513: 6/2/2011 1:53:34 PM - System Checkpoint
    RP1514: 6/5/2011 1:42:20 PM - System Checkpoint
    RP1515: 6/6/2011 1:53:22 PM - System Checkpoint
    RP1516: 6/7/2011 6:13:33 PM - System Checkpoint
    RP1517: 6/10/2011 9:16:18 AM - System Checkpoint
    RP1518: 6/11/2011 2:52:14 PM - Installed QuickTime
    RP1519: 6/13/2011 2:02:32 PM - Removed Apple Application Support
    RP1520: 6/13/2011 2:04:02 PM - Removed Apple Software Update
    RP1521: 6/16/2011 10:26:38 AM - System Checkpoint
    RP1522: 6/17/2011 9:20:51 PM - System Checkpoint
    RP1523: 6/19/2011 10:55:47 PM - System Checkpoint
    RP1524: 6/21/2011 12:48:09 PM - Software Distribution Service 3.0
    RP1525: 6/21/2011 1:18:01 PM - Software Distribution Service 3.0
    RP1526: 6/22/2011 6:00:09 PM - System Checkpoint
    RP1527: 6/25/2011 6:38:46 PM - System Checkpoint
    RP1528: 6/27/2011 9:22:49 AM - System Checkpoint
    RP1529: 6/29/2011 1:34:31 PM - System Checkpoint
    RP1530: 6/30/2011 11:09:04 AM - Software Distribution Service 3.0
    RP1531: 7/5/2011 2:33:00 PM - System Checkpoint
    RP1532: 7/10/2011 5:59:53 PM - System Checkpoint
    RP1533: 7/13/2011 9:16:22 AM - System Checkpoint
    RP1534: 7/14/2011 9:46:45 AM - System Checkpoint
    RP1535: 7/14/2011 10:20:27 PM - Software Distribution Service 3.0
    RP1536: 7/16/2011 2:29:04 PM - System Checkpoint
    RP1537: 7/17/2011 7:41:51 PM - System Checkpoint
    RP1538: 7/18/2011 7:43:04 PM - System Checkpoint
    RP1539: 7/20/2011 9:27:53 AM - System Checkpoint
    RP1540: 7/22/2011 9:30:39 PM - System Checkpoint
    RP1541: 7/24/2011 12:38:43 PM - System Checkpoint
    RP1542: 7/25/2011 1:34:21 PM - System Checkpoint
    RP1543: 7/27/2011 9:19:49 AM - System Checkpoint
    RP1544: 8/1/2011 9:15:18 AM - System Checkpoint
    RP1545: 8/4/2011 5:40:38 PM - System Checkpoint
    RP1546: 8/6/2011 8:04:53 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    7500_7600_7700_Help1
    Acrobat.com
    Ad-Aware
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    Adobe Reader X (10.1.0)
    Advanced SystemCare 4
    Agere Systems AC'97 Modem
    ArcSoft PhotoImpression 5
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG 2011
    BounceBack Express
    bpd_scan_Carrier
    BPDSoftware
    BPDSoftware_Ini
    BreezeBrowser Pro
    Broderbund Home and Business Lawyer
    Browser MOUSE
    BUFFALO Client Manager
    BurnAware Free 3.0.5
    C4700
    C6300
    Cache Cleaner 4.2.0
    Check Identical Files version 2.20
    ClearType Tuning Control Panel Applet
    Click to DVD 2.0 Menu Data
    Click to DVD 2.4.12
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CPC Lite Plugin
    Creative Live! Cam Center
    Creative Live! Cam Manager
    Creative Live! Cam User's Guide
    Creative Live! Cam Vista IM Driver (1.00.03.0000)
    Creative Photo Manager
    Creative Software AutoUpdate
    Creative System Information
    Destinations
    DeviceDiscovery
    DeviceManagementQFolder
    DigitalCAM
    DocProc
    Drag'n Drop CD+DVD
    dvdSanta 4.50
    Easy DV to DVD
    EPSON CardMonitor
    EPSON PhotoStarter3.0
    EPSON Print CD
    EPSON Printer Software
    EPSON Stylus Photo R260 User's Guide
    Express Burn
    Family Matters
    Fax
    Film Factory
    Flickr Uploadr 2.5.0.15
    FLV Player
    Giga Pocket 5.5
    Giga Pocket Demo Movie
    Giga Pocket Hardware Library 5.5
    Glary Utilities 2.33.0.1158
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    HamsterFreeVideoConverter
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB961118)
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP OfficeJet L7300/L7500/7600/7700
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
    HP Product Detection
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPDiagnosticAlert
    HPSSupply
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer (Enable DEP)
    InterVideo WinDVD 5 for VAIO
    Iomega ZipCD Support Files
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    JPEG Lossless Rotator 5.0
    Kodak DIGITAL GEM Airbrush Professional Plug-In
    L7600
    Labtec Desktop V5.1
    Logitech Harmony Remote Software
    Logitech Harmony Remote Software 7
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    Mavis Beacon Teaches Microsoft Word
    Mavis Beacon Teaches Typing Platinum 20
    McAfee Security Scan Plus
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Digital Image Library 10
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Pro 10
    Microsoft Digital Image Suite 10
    Microsoft Easy Assist
    Microsoft Office Standard Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 7.0
    Movie DVD Maker 3.01
    Mozilla Firefox (3.6.18)
    MPM
    MSN Music Assistant
    MSN Toolbar
    MSN Toolbar Platform
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muveeNow 2.0 - Creative
    My Sam's Club Digital Photo Center
    Network
    OCR Software by I.R.I.S. 14.0
    OpenMG Limited Patch 4.0-04-11-01-01
    OpenMG Secure Module 4.0.05
    ParetoLogic FileCure
    Picasa 2
    PolderbitS Sound Recorder and Editor
    ProductContext
    PS_AIO_04_C6300_Software_Min
    PS_AIO_06_C4700_SW_Min
    QFolder
    QuickTime
    QuickTransfer
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Remote Control USB Driver
    Replay Converter 2.8
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Shop for HP Supplies
    Shutterfly Plugin
    Shutterfly Studio
    SightSpeed
    Skype Toolbars
    Skype™ 4.2
    Smart Defrag 2
    SmartWebPrinting
    SolutionCenter
    SonicStage 2.0.02
    Sony Certificate PCH
    Sony Download Taxi 1.5.0.0
    Sony Picture Utility
    Sony USB Driver
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Status
    SUPERAntiSpyware
    SureThing CD Labeler - Stomper Edition 32 bit
    Toolbox
    TrayApp
    Tweak UI
    Ulead Photo Explorer 8.0 SE Basic
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB971029)
    VAIO Entertainment Platform
    VAIO Help and Support
    VAIO Media 4.0
    VAIO Media Integrated Server 4.1
    VAIO Media Redistribution 4.0
    VAIO Media Registration Tool 4.0
    VAIO Registration
    VAIO Remote Commander Utility 6.2
    VAIO SLIT-C Screen Saver
    VAIO SLIT Pattern Wallpaper
    VAIO Survey Standalone
    VAIO Update 2
    Viewpoint Media Player (Remove Only)
    Wal-Mart Digital Photo Manager
    WavePad Uninstall
    WebFldrs XP
    Welcome to VAIO life
    Windows Backup Utility
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Internet Mail
    Yahoo! Mail Quick Select Tool (PhotoMail)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2011 9:38:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 BUFADPT DMICall Fips intelppm SASDIFSV SASKUTIL
    8/4/2011 9:38:08 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/4/2011 9:36:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/4/2011 5:06:20 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    8/4/2011 3:03:12 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/4/2011 3:03:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    .
    ==== End Of File ===========================
    Sorry, I forgot to include TSG SysInfo. Will do that now as follows: Sorry, FileCure will not allow!

    My Operating system is Windows XP, SP3

    I sincerely hope this info works for you and that this issue can be safely removed.

    Thanks, Larry
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Proceed as follows :-

    Step 1

    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix. Vista or Windows 7 user right click and seclect Run as Administartor
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the two logs in next reply please...

    Kevin
     
  3. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hello Kevin:

    Thanks for your time.

    Following are the exehelper log and the ComboFix log. Hope they are readable and helpful.

    Larry

    ComboFix 11-08-08.02 - Larry 08/08/2011 20:56:21.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1328 [GMT -4:00]
    Running from: c:\documents and settings\Larry\Desktop\Gotcha.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\install.exe
    c:\program files\messenger\msmsgsin.exe
    C:\Thumbs.db
    c:\windows\iun6002.exe
    c:\windows\setup.exe
    c:\windows\system32\spool\prtprocs\w32x86\hpzpp4sa(2).dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_IPFW
    -------\Service_ip_fw
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-04 21:07 . 2011-08-04 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
    2011-07-15 02:48 . 2011-07-15 02:48 -------- d-----w- c:\program files\Common Files\xing shared
    2011-07-15 02:44 . 2011-07-15 02:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-15 02:47 . 2005-04-04 22:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-15 02:47 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-07-10 22:23 . 2006-09-27 21:53 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2011-07-06 23:52 . 2010-03-22 17:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2010-03-22 17:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 18:53 . 2011-06-11 18:53 1409 ----a-w- c:\windows\QTFont.for
    2011-06-02 14:02 . 2004-03-31 19:59 1858944 ----a-w- c:\windows\system32\win32k.sys
    2007-07-05 16:34 . 2007-07-05 16:34 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-07-05 16:34 . 2007-07-05 16:32 25990432 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-04 4599680]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-15 273544]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
    Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-6-16 229376]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk]
    backup=c:\windows\pss\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk]
    backup=c:\windows\pss\ClientManager2.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk]
    backup=c:\windows\pss\Harmony Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
    backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^BounceBack Launcher.lnk]
    backup=c:\windows\pss\BounceBack Launcher.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
    backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
    backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ColdWare
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSFox
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SageTV
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-09-09 06:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2003-05-23 18:43 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
    2007-06-07 18:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
    2006-10-17 07:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
    2003-06-04 08:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
    2007-05-14 11:50 958464 ----a-w- c:\program files\Labtec\Desktop\V5.1\MOffice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2003-04-07 07:07 114688 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2003-09-01 11:42 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2003-04-07 07:19 155648 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-06-14 20:24 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2010-07-06 16:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
    2007-05-14 11:50 387584 ----a-w- c:\program files\Labtec\Desktop\V5.1\KBDAP32A.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-07-15 02:47 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
    2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
    2005-01-14 20:19 315392 ----a-w- c:\program files\Sony\vaio media integrated server\Platform\VMConsole.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "VAIOMediaPlatform-VideoServer-UPnP"=2 (0x2)
    "VAIOMediaPlatform-VideoServer-HTTP"=2 (0x2)
    "VAIOMediaPlatform-VideoServer-AppServer"=2 (0x2)
    "VAIO Entertainment UPnP Client Adapter"=3 (0x3)
    "VAIO Entertainment File Import Service"=2 (0x2)
    "PACSPTISVR"=3 (0x3)
    "ose"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPodService"=3 (0x3)
    "ipfw"=2 (0x2)
    "IDriverT"=3 (0x3)
    "hpdj"=2 (0x2)
    "gusvc"=3 (0x3)
    "CLTNetCnService"=2 (0x2)
    "avg8wd"=2 (0x2)
    "avg8emc"=2 (0x2)
    "AdobeActiveFileMonitor4.0"=2 (0x2)
    "aawservice"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\Sony\\Giga Pocket\\gps.exe"=
    "c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
    "c:\\Documents and Settings\\Larry\\Desktop\\spybotsd162.exe"=
    "c:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe"=
    "c:\\Program Files\\Sony\\vaio media integrated server\\Setup\\VMSetup.exe"=
    "c:\\Program Files\\Sony\\Giga Pocket\\gvr.exe"=
    "c:\\Program Files\\Sony\\Giga Pocket\\ReserveModule.exe"=
    "c:\\Program Files\\Sony\\Giga Pocket\\ReserveW.exe"=
    "c:\\Program Files\\Sony\\Giga Pocket\\tvsetup.exe"=
    "c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"=
    "c:\\Program Files\\sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"=
    "c:\\Program Files\\sony\\vaio media integrated server\\Platform\\VMConsole.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Creative\\Photo Manager\\CTSGrab.exe"=
    "c:\\Program Files\\SightSpeed\\VideoMerge.exe"=
    "c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Center\\LiveCam.exe"=
    "c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=
    "c:\\Program Files\\Creative\\Photo Manager\\CTPM.exe"=
    "c:\\Program Files\\Creative\\Shared Files\\Software Update\\AutoUpdate.exe"=
    "c:\\Program Files\\Creative\\Support\\System Information\\CTSi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=
    "c:\\WINDOWS\\Installer\\{D103C4BA-F905-437A-8049-DB24763BBE36}\\SkypeIcon.exe"=
    "c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "c:\\Program Files\\Movie Maker\\moviemk.exe"=
    "c:\\Documents and Settings\\Larry\\Desktop\\HP L7680 full drivers 2 28 11\\OJProL7X00_Full_14\\setup\\hpznui01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
    "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/12/2011 1:12 PM 13496]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 123264]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/16/2011 9:26 AM 353168]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [6/15/2009 4:30 PM 7372]
    R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\Sony\vaio media integrated server\GPDBWatcher.exe [6/15/2009 3:15 AM 790528]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:04 PM 136176]
    S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
    S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [11/1/2004 10:18 PM 78720]
    S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2/7/2005 12:28 PM 9376]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:04 PM 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/31/2004 3:59 PM 14336]
    S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [6/27/2010 10:28 AM 99648]
    S3 WLI2USB2G54;BUFFALO WLI2-USB2-G54 Wireless LAN Driver;c:\windows\system32\drivers\PRISMA02.sys [3/14/2006 11:09 PM 347424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-17 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-03-18 21:24]
    .
    2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:08]
    .
    2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:08]
    .
    2011-07-17 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
    .
    2011-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-07-18 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-12 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader45.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
    FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-08 21:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2035197435-2053911333-572510945-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(880)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2312)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-08-08 21:08:53
    ComboFix-quarantined-files.txt 2011-08-09 01:08
    .
    Pre-Run: 184,240,414,720 bytes free
    Post-Run: 184,203,587,584 bytes free
    .
    - - End Of File - - DB741C87E9D7F396C9F898F3FF01D01D


    EXEHELPER LOG

    exeHelper by Raktor
    Build 20100414
    Run at 16:27:17 on 08/08/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 17:02:55 on 08/08/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    That's it, looking forward to your reply.

    Larry
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Larry,

    Continue as follows please :-

    Step 1

    Uninstall anything related to I0bit that you have on your system, that includes Advanced system care and Smart Defrag.

    Step 2

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Step 3

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Step 4

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see the logs from TDSSKiller and Malwarebytes in your reply, Also give an update on issues/concerns.....

    Kevin
     
  5. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hi Kevin,

    Sorry for the delay in responding.

    A few tidbits and updates.

    1. I think I removed all items related to IObit, at least based on Add/Remove Programs in Control Panel. I could not find Smart Defrag.

    2. After using exehelper, any shortcut worked as expected. However, after restarting/rebooting, FileCure was back. I then used exehelper and all was good, etc, etc.

    3. I have not done anything you have not instructed me to do. However, what about removing ParetoLogic? Probably not a good idea at this time.

    4. Now that exehelper allows .exe files to work, would it be helpful to run HJT?

    5. Malwarebytes free, was already installed on my computer but I reinstalled it anyway, just to make sure. As you will see, it found nothing.

    6. Several of my icons on my desktop which usually had color fills, now only are black & white images. e.g., Firefox.

    7. It just occured to me...if I use exehelper, is that preventing the software from "seeing" the FileCure problem?

    Here are the logfiles you requested:

    A new exehelper log...plus the previous ones from exehelper.

    exeHelper by Raktor
    Build 20100414
    Run at 16:27:17 on 08/08/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 17:02:55 on 08/08/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 21:26:41 on 08/08/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 17:28:35 on 08/09/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 18:26:53 on 08/10/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
    exeHelper by Raktor
    Build 20100414
    Run at 16:57:55 on 08/11/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    TDSSKILLER follows:

    2011/08/11 17:14:16.0984 3044 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
    2011/08/11 17:14:21.0375 3044 ================================================================================
    2011/08/11 17:14:21.0375 3044 SystemInfo:
    2011/08/11 17:14:21.0375 3044
    2011/08/11 17:14:21.0375 3044 OS Version: 5.1.2600 ServicePack: 3.0
    2011/08/11 17:14:21.0375 3044 Product type: Workstation
    2011/08/11 17:14:21.0375 3044 ComputerName: SONY
    2011/08/11 17:14:21.0375 3044 UserName: Larry
    2011/08/11 17:14:21.0375 3044 Windows directory: C:\WINDOWS
    2011/08/11 17:14:21.0375 3044 System windows directory: C:\WINDOWS
    2011/08/11 17:14:21.0375 3044 Processor architecture: Intel x86
    2011/08/11 17:14:21.0375 3044 Number of processors: 2
    2011/08/11 17:14:21.0375 3044 Page size: 0x1000
    2011/08/11 17:14:21.0375 3044 Boot type: Normal boot
    2011/08/11 17:14:21.0375 3044 ================================================================================
    2011/08/11 17:14:23.0125 3044 Initialize success
    2011/08/11 17:14:26.0812 1036 ================================================================================
    2011/08/11 17:14:26.0812 1036 Scan started
    2011/08/11 17:14:26.0812 1036 Mode: Manual;
    2011/08/11 17:14:26.0812 1036 ================================================================================
    2011/08/11 17:14:28.0562 1036 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2011/08/11 17:14:29.0078 1036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/08/11 17:14:29.0265 1036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/08/11 17:14:29.0546 1036 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/08/11 17:14:29.0765 1036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/08/11 17:14:29.0968 1036 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/08/11 17:14:30.0234 1036 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/08/11 17:14:30.0562 1036 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/08/11 17:14:31.0359 1036 AR5523 (2fe74d040a88d51f0498305f6abfa8af) C:\WINDOWS\system32\DRIVERS\ar5523.sys
    2011/08/11 17:14:31.0593 1036 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/08/11 17:14:32.0187 1036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/08/11 17:14:32.0406 1036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/08/11 17:14:32.0937 1036 ati2mtag (f72b6633a6f796cfe04cae038cb77418) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/08/11 17:14:33.0187 1036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/08/11 17:14:33.0421 1036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/08/11 17:14:33.0609 1036 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2011/08/11 17:14:33.0875 1036 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2011/08/11 17:14:34.0093 1036 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2011/08/11 17:14:34.0281 1036 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2011/08/11 17:14:34.0484 1036 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2011/08/11 17:14:34.0718 1036 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2011/08/11 17:14:34.0921 1036 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2011/08/11 17:14:35.0125 1036 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2011/08/11 17:14:35.0343 1036 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2011/08/11 17:14:35.0578 1036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/08/11 17:14:35.0750 1036 BEL6001P (b657cf246a7d47bf751b7e5c84633d3f) C:\WINDOWS\system32\DRIVERS\BEL6001P.sys
    2011/08/11 17:14:35.0984 1036 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2011/08/11 17:14:36.0015 1036 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2011/08/11 17:14:36.0250 1036 BUFADPT (383ad49c48bebe6c307fe2ccc9c97115) C:\WINDOWS\System32\BUFADPT.SYS
    2011/08/11 17:14:36.0515 1036 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2011/08/11 17:14:37.0015 1036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/08/11 17:14:37.0250 1036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/08/11 17:14:37.0750 1036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/08/11 17:14:38.0031 1036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/08/11 17:14:38.0312 1036 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2011/08/11 17:14:38.0625 1036 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2011/08/11 17:14:38.0890 1036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/08/11 17:14:39.0578 1036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/08/11 17:14:39.0796 1036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/08/11 17:14:40.0125 1036 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
    2011/08/11 17:14:40.0296 1036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/08/11 17:14:40.0546 1036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/08/11 17:14:40.0765 1036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/08/11 17:14:41.0265 1036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/08/11 17:14:41.0468 1036 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/08/11 17:14:41.0671 1036 ESSIDSET (d18d7ec60c14ff8256e924ed4d1c188c) C:\WINDOWS\System32\ESSIDSET.SYS
    2011/08/11 17:14:41.0984 1036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/08/11 17:14:42.0187 1036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/08/11 17:14:42.0375 1036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/08/11 17:14:42.0578 1036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/08/11 17:14:42.0796 1036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/08/11 17:14:43.0015 1036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/08/11 17:14:43.0218 1036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/08/11 17:14:43.0406 1036 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/11 17:14:43.0671 1036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/08/11 17:14:43.0921 1036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/08/11 17:14:44.0203 1036 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/08/11 17:14:44.0437 1036 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/08/11 17:14:44.0671 1036 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/08/11 17:14:44.0921 1036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/08/11 17:14:45.0281 1036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/08/11 17:14:45.0453 1036 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/08/11 17:14:45.0718 1036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/08/11 17:14:46.0265 1036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/08/11 17:14:46.0453 1036 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/08/11 17:14:46.0687 1036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/08/11 17:14:46.0890 1036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/08/11 17:14:47.0125 1036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/08/11 17:14:47.0343 1036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/08/11 17:14:47.0531 1036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/08/11 17:14:47.0765 1036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/08/11 17:14:47.0968 1036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/08/11 17:14:48.0187 1036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/08/11 17:14:48.0390 1036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/08/11 17:14:48.0625 1036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/08/11 17:14:48.0968 1036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/08/11 17:14:49.0171 1036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/08/11 17:14:49.0375 1036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/08/11 17:14:49.0593 1036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/08/11 17:14:49.0968 1036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/08/11 17:14:50.0203 1036 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/08/11 17:14:50.0484 1036 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2011/08/11 17:14:50.0875 1036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/08/11 17:14:51.0312 1036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/08/11 17:14:51.0531 1036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/08/11 17:14:51.0765 1036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/08/11 17:14:51.0968 1036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/08/11 17:14:52.0156 1036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/08/11 17:14:52.0390 1036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/08/11 17:14:52.0609 1036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/08/11 17:14:52.0859 1036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/08/11 17:14:53.0046 1036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/08/11 17:14:53.0296 1036 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/08/11 17:14:53.0500 1036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/08/11 17:14:53.0718 1036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/08/11 17:14:53.0921 1036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/08/11 17:14:54.0125 1036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/08/11 17:14:54.0343 1036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/08/11 17:14:54.0578 1036 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/08/11 17:14:54.0812 1036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/08/11 17:14:55.0062 1036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/08/11 17:14:55.0375 1036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/08/11 17:14:55.0562 1036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/08/11 17:14:55.0781 1036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/08/11 17:14:56.0015 1036 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/08/11 17:14:56.0296 1036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/08/11 17:14:56.0515 1036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/08/11 17:14:56.0734 1036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/08/11 17:14:56.0937 1036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/08/11 17:14:57.0328 1036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/08/11 17:14:57.0515 1036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/08/11 17:14:59.0156 1036 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    2011/08/11 17:14:59.0500 1036 portD (7b87e62bf60b51a2119faca7bd6310c3) C:\WINDOWS\system32\DRIVERS\portd2k.sys
    2011/08/11 17:14:59.0703 1036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/08/11 17:14:59.0906 1036 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/08/11 17:15:00.0125 1036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/08/11 17:15:00.0343 1036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/08/11 17:15:00.0546 1036 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/08/11 17:15:01.0812 1036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/08/11 17:15:02.0078 1036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/08/11 17:15:02.0296 1036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/08/11 17:15:02.0515 1036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/08/11 17:15:02.0734 1036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/08/11 17:15:02.0937 1036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/08/11 17:15:03.0203 1036 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/08/11 17:15:03.0453 1036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/08/11 17:15:03.0703 1036 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/08/11 17:15:03.0796 1036 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/08/11 17:15:04.0062 1036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/08/11 17:15:04.0328 1036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/08/11 17:15:04.0593 1036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/08/11 17:15:04.0875 1036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/08/11 17:15:05.0125 1036 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys
    2011/08/11 17:15:05.0468 1036 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/08/11 17:15:05.0953 1036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/08/11 17:15:06.0234 1036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/08/11 17:15:06.0531 1036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/08/11 17:15:06.0828 1036 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/08/11 17:15:07.0015 1036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/08/11 17:15:07.0250 1036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/08/11 17:15:07.0453 1036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/08/11 17:15:07.0796 1036 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
    2011/08/11 17:15:08.0093 1036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/08/11 17:15:08.0343 1036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/08/11 17:15:08.0609 1036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/08/11 17:15:08.0828 1036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/08/11 17:15:09.0078 1036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/08/11 17:15:09.0343 1036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/08/11 17:15:09.0640 1036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/08/11 17:15:09.0921 1036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/08/11 17:15:10.0140 1036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/08/11 17:15:10.0375 1036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/08/11 17:15:10.0578 1036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/08/11 17:15:10.0843 1036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/08/11 17:15:11.0078 1036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/08/11 17:15:11.0296 1036 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/08/11 17:15:11.0515 1036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/08/11 17:15:11.0703 1036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/08/11 17:15:11.0937 1036 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\WINDOWS\system32\DRIVERS\V0420Vid.sys
    2011/08/11 17:15:12.0234 1036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/08/11 17:15:12.0468 1036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/08/11 17:15:12.0718 1036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/08/11 17:15:12.0968 1036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/08/11 17:15:13.0218 1036 WLI2USB2G54 (397e216ec181f9ce1a42e9b409bb0532) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
    2011/08/11 17:15:13.0578 1036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/08/11 17:15:13.0796 1036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/08/11 17:15:14.0031 1036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/08/11 17:15:14.0250 1036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/08/11 17:15:14.0531 1036 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
    2011/08/11 17:15:14.0781 1036 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
    2011/08/11 17:15:14.0828 1036 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    2011/08/11 17:15:15.0031 1036 Boot (0x1200) (76ec6d5df841c1615d69a2cde5c37331) \Device\Harddisk0\DR0\Partition0
    2011/08/11 17:15:15.0046 1036 ================================================================================
    2011/08/11 17:15:15.0046 1036 Scan finished
    2011/08/11 17:15:15.0046 1036 ================================================================================
    2011/08/11 17:15:15.0062 1592 Detected object count: 0
    2011/08/11 17:15:15.0062 1592 Actual detected object count: 0

    Malwarebytes follows:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org
    Database version: 7419
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    8/9/2011 5:52:43 PM
    mbam-log-2011-08-09 (17-52-43).txt
    Scan type: Quick scan
    Objects scanned: 189268
    Time elapsed: 6 minute(s), 45 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Look forward to hearing from you.

    Larry
     
  6. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hi Kevin,

    Just noticed that the dialog box that asks me to select between FileCure and Windows has changed as follows:

    The title of the box is now "Windows" (without the quotes) and not FileCure. It goes on about not being able to open the program because windows needs to know what program created it, blah, blah.

    It asks "Use the Web service to find the appropriate program
    or "Select the program from a list"

    If I choose the "list" response, I then get a dialog box "Open With" and it gives me a sort of legitimate looking list of programs from which to select to open the program, in this case is Windows Explorer. However, I don't know what program would be appropriate to open WE. It seems as if we are making some sort of headway; at least the box is not titled FileCure! I have not tried the "Web service" selection for fear it's a trap. Whose paranoid?

    Could this be some sort of File Association corruption? I like to through around big words even when I don't know what the hell I'm talking about. Ha, Ha. I hate using LOL.

    Larry
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Larry,

    Rerun exe.helper again, then run the following:

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            Msconfig
            Safebootminimal
            safebootnetwork
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Let me see the logs in your reply..

    Kevin
     
  8. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hi Kevin,

    For some unknown reason, having a terrible time responding to your most recent post. I have tried 4 times to respond and each and every time I receive a "Web page timed out" message and my reply becomes vapor! This time, instead of responding via the email, I have gone into the forum itself and will attempt to reply this way. Hope it works.

    exehelper had the following indication shown in its back, DOS-looking screen, but not in its Notepad version:

    Resetting filetype association for .exe
    exefile="%1" %*
    .exe=exefile

    also,

    Resetting filetype association for .com
    comfile="%1" %*
    .com=comfile

    That's it! The above indications are NOT shown in the Notepad logfile. Don't know if this means anything or not.

    OTL logfile created on: 8/12/2011 4:16:23 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Larry\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.14% Memory free
    4.10 Gb Paging File | 3.40 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): C:\pagefile.sys 2302 2302 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 226.88 Gb Total Space | 170.63 Gb Free Space | 75.21% Space Free | Partition Type: NTFS

    Computer Name: SONY | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\desktop\OTL.exe
    PRC - [2011/08/04 17:07:21 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/20 20:33:58 | 000,790,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe
    PRC - [2005/01/14 15:26:56 | 000,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
    PRC - [2005/01/14 15:21:32 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
    PRC - [2005/01/06 15:52:56 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2005/01/06 15:52:56 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2005/01/06 15:52:54 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2004/05/21 16:35:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    PRC - [2003/12/05 14:32:56 | 000,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe
    PRC - [2003/12/05 14:32:06 | 000,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/04 17:07:21 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/03/29 15:44:30 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2007/09/24 23:54:23 | 001,247,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2006/02/20 20:33:58 | 000,790,528 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\GPDBWatcher.exe -- (VAIOMediaDBSyncService)
    SRV - [2006/02/20 19:59:42 | 001,847,296 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
    SRV - [2005/01/14 15:26:56 | 000,745,472 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
    SRV - [2005/01/14 15:21:32 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
    SRV - [2005/01/14 15:20:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2005/01/06 15:52:56 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2005/01/06 15:52:56 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2005/01/06 15:52:54 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2004/10/29 01:20:54 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2004/10/29 01:18:24 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2004/05/21 16:43:18 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
    SRV - [2004/05/21 16:35:10 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2003/12/05 14:32:56 | 000,077,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector)
    SRV - [2003/12/05 14:32:06 | 000,090,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager)
    SRV - [2003/09/25 14:38:56 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/04 17:07:14 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/08/04 17:07:14 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2008/05/13 19:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/05/30 21:32:34 | 000,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
    DRV - [2006/10/31 14:23:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2005/08/19 04:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2005/08/19 04:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/02/24 22:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
    DRV - [2004/07/13 12:04:02 | 000,347,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (WLI2USB2G54)
    DRV - [2004/07/13 12:04:01 | 000,009,376 | R--- | M] (MELCO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ESSIDSET.SYS -- (ESSIDSET)
    DRV - [2004/07/13 12:03:48 | 000,009,600 | R--- | M] (BUFFALO INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)
    DRV - [2004/03/22 21:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/02/25 18:28:54 | 000,768,256 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
    DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/09/14 21:24:30 | 000,007,372 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
    DRV - [2003/05/23 14:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2002/11/06 17:43:36 | 000,078,720 | R--- | M] (Belkin International) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEL6001P.sys -- (BEL6001P) Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2)
    DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
    FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/22 18:25:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/22 18:25:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:48:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/08 17:20:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/10 10:23:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/10 10:22:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 10:23:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:48:44 | 000,000,000 | ---D | M]

    [2008/08/26 18:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
    [2011/08/10 10:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions
    [2011/03/07 02:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/07 12:47:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/12/09 13:35:19 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2011/05/23 20:53:42 | 000,000,000 | ---D | M] (&#1056;&#1072;&#1079;&#1087;&#1086;&#1079;&#1085;&#1072;&#1074;&#1072;&#1085;&#1077; &#1085;&#1072; &#1091;&#1089;&#1090;&#1088;&#1086;&#1081;&#1089;&#1090;&#1074;&#1086; Logitech) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\vfv8d8u5.default\extensions\[email protected]
    [2011/08/09 09:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/27 09:49:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/05/17 13:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/08/10 10:23:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/08/08 17:20:53 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2008/12/02 23:11:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2007/10/05 21:57:27 | 001,255,424 | ---- | M] (Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com) -- C:\Program Files\mozilla firefox\plugins\NPCPC32.dll
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
    [2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll

    O1 HOSTS File: ([2011/08/08 18:04:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://pephoto.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139160906640 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194633407906 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/mail/ymmapi.cab (YahooYMailTo Class)
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/27 10:11:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\Program Files\Replay Converter\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    MsConfig - Services: "WMPNetworkSvc"
    MsConfig - Services: "VAIOMediaPlatform-VideoServer-UPnP"
    MsConfig - Services: "VAIOMediaPlatform-VideoServer-HTTP"
    MsConfig - Services: "VAIOMediaPlatform-VideoServer-AppServer"
    MsConfig - Services: "VAIO Entertainment UPnP Client Adapter"
    MsConfig - Services: "VAIO Entertainment File Import Service"
    MsConfig - Services: "PACSPTISVR"
    MsConfig - Services: "ose"
    MsConfig - Services: "JavaQuickStarterService"
    MsConfig - Services: "iPodService"
    MsConfig - Services: "ipfw"
    MsConfig - Services: "IDriverT"
    MsConfig - Services: "hpdj"
    MsConfig - Services: "gusvc"
    MsConfig - Services: "CLTNetCnService"
    MsConfig - Services: "avg8wd"
    MsConfig - Services: "avg8emc"
    MsConfig - Services: "AdobeActiveFileMonitor4.0"
    MsConfig - Services: "aawservice"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk - C:\Program Files\BUFFALO\Client Manager\ClientMgr2.exe - (BUFFALO INC.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk - - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk - C:\Program Files\Sony\Giga Pocket\ReserveModule.exe - (Sony Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe - ()
    MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe - Reg Error: Value error. - File not found
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
    MsConfig - StartUpReg: Creative Live! Cam Manager - hkey= - key= - C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
    MsConfig - StartUpReg: EPSON Stylus Photo R260 Series - hkey= - key= - File not found
    MsConfig - StartUpReg: EPSON Stylus Photo R300 Series - hkey= - key= - File not found
    MsConfig - StartUpReg: ezShieldProtector for Px - hkey= - key= - File not found
    MsConfig - StartUpReg: FLMOFFICE4DMOUSE - hkey= - key= - C:\Program Files\Labtec\Desktop\V5.1\MOffice.exe ()
    MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
    MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
    MsConfig - StartUpReg: OFFICEKB - hkey= - key= - C:\Program Files\Labtec\Desktop\V5.1\KBDAP32A.EXE ()
    MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    MsConfig - StartUpReg: VAIO Recovery - hkey= - key= - C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
    MsConfig - StartUpReg: VAIO Update 2 - hkey= - key= - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
    MsConfig - StartUpReg: VMConsole.exe - hkey= - key= - C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe (Sony Corporation)
    MsConfig - State: "system.ini" - 1
    MsConfig - State: "win.ini" - 2
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SafeBootMin: AppMgmt - File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SafeBootNet: AppMgmt - File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/12 15:09:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
    [2011/08/11 17:40:24 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2011/08/11 17:38:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
    [2011/08/11 16:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
    [2011/08/10 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/08/10 10:22:58 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/08/10 10:22:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/08/10 10:22:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/08/10 10:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
    [2011/08/10 10:12:16 | 000,683,792 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\Larry\Desktop\RealPlayer.exe
    [2011/08/09 17:42:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/09 17:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/08/09 17:06:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\TFC.exe
    [2011/08/08 17:54:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/08/08 17:51:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/08/08 17:51:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/08/08 17:51:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/08/08 17:51:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/08/08 17:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/08/08 17:50:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/08 17:49:26 | 004,167,591 | R--- | C] (Swearware) -- C:\Documents and Settings\Larry\Desktop\Gotcha.exe
    [2011/08/07 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Tech Support Guy FileCure issue
    [2011/08/07 17:55:45 | 000,508,416 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Larry\Desktop\SysInfo.exe
    [2011/08/07 16:22:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Larry\Start Menu\Programs\Administrative Tools
    [2011/08/07 16:22:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Larry\Desktop\dds.com
    [2011/08/07 16:19:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\Desktop\HijackThis.exe
    [2011/08/05 16:10:42 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry\Desktop\TDSSKiller.exe
    [2011/08/04 17:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2011/07/14 22:44:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    ========== Files - Modified Within 30 Days ==========

    [2011/08/12 15:11:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
    [2011/08/12 15:11:05 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035197435-2053911333-572510945-1005.job
    [2011/08/12 15:09:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
    [2011/08/12 14:37:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\prvlcl.dat
    [2011/08/12 14:28:57 | 127,805,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/08/12 14:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/12 14:22:41 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/11 18:02:02 | 000,507,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/11 18:02:02 | 000,089,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/11 17:59:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/08/11 17:23:19 | 003,448,870 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Ava Sings.wav
    [2011/08/11 17:13:55 | 001,388,507 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\tdsskiller.zip
    [2011/08/11 16:00:00 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/10 18:32:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/08/10 10:23:32 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2011/08/10 10:22:58 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/08/10 10:22:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/08/10 10:22:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/08/10 10:22:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2011/08/10 10:12:18 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Larry\Desktop\RealPlayer.exe
    [2011/08/09 17:44:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/08/09 17:44:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/09 17:42:59 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/09 17:31:16 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry\Desktop\TDSSKiller.exe
    [2011/08/09 17:06:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\TFC.exe
    [2011/08/08 18:04:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/08/08 17:51:05 | 004,167,591 | R--- | M] (Swearware) -- C:\Documents and Settings\Larry\Desktop\Gotcha.exe
    [2011/08/08 17:20:55 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/08/08 16:26:21 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\exeHelper.com
    [2011/08/07 17:55:45 | 000,508,416 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Larry\Desktop\SysInfo.exe
    [2011/08/07 16:22:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Larry\Desktop\dds.com
    [2011/08/07 16:19:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\Desktop\HijackThis.exe
    [2011/08/06 17:37:36 | 000,197,518 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/08/06 16:43:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/04 17:21:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Microsoft Office Word 2003.lnk
    [2011/08/01 09:02:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/01 09:02:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2011/07/17 22:07:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
    [2011/07/17 19:06:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
    [2011/07/17 19:05:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
    [2011/07/14 22:44:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/07/14 22:41:17 | 000,343,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2011/08/11 17:23:19 | 003,448,870 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Ava Sings.wav
    [2011/08/10 10:23:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2011/08/09 17:30:08 | 001,388,507 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\tdsskiller.zip
    [2011/08/08 17:54:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/08/08 17:54:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/08/08 17:51:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/08 17:51:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/08 17:51:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/08 17:51:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/08 17:51:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/08/08 16:26:17 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\exeHelper.com
    [2011/08/06 16:43:13 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys
    [2011/07/08 09:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\prvlcl.dat
    [2011/06/12 12:18:14 | 000,001,428 | -HS- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\80b8pg205i3703f7k01v8p6t64t7nml47ly
    [2011/06/12 12:18:14 | 000,001,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80b8pg205i3703f7k01v8p6t64t7nml47ly
    [2010/10/22 19:01:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
    [2010/09/20 23:40:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
    [2010/09/20 23:26:08 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/09/20 23:26:08 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2010/09/20 23:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/09/20 23:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2010/09/20 23:26:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2010/09/20 23:26:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2010/09/20 22:55:06 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\burnaware.ini
    [2010/07/29 18:49:40 | 000,208,210 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
    [2010/07/29 18:49:40 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
    [2010/07/29 17:38:15 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
    [2010/07/29 17:03:02 | 000,062,532 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2010/06/27 09:50:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/03/08 15:49:25 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
    [2010/02/06 19:59:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/26 19:39:56 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
    [2009/12/25 08:04:46 | 000,063,106 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2009/09/11 11:22:54 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
    [2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
    [2009/08/21 13:05:33 | 000,239,133 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
    [2009/08/21 13:04:57 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
    [2009/08/21 12:55:26 | 000,146,762 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
    [2009/08/21 12:55:26 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
    [2009/06/15 16:30:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
    [2009/06/15 03:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
    [2009/05/26 20:01:34 | 000,000,671 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2009/03/08 21:59:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
    [2009/03/08 21:42:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
    [2008/12/22 17:39:21 | 000,164,714 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
    [2008/12/22 17:39:21 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
    [2008/12/22 15:37:07 | 000,016,050 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
    [2008/07/22 20:22:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv32_16.ini
    [2008/03/14 21:18:29 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2008/03/14 21:08:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
    [2008/03/13 18:01:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\IV3.INI
    [2008/03/13 18:01:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\IVOPEN.$$$
    [2008/03/11 20:47:55 | 000,000,179 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
    [2007/12/13 14:57:07 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/12/13 13:02:57 | 000,002,747 | ---- | C] () -- C:\Program Files\Shortcut to FamMatters3.exe.lnk
    [2007/11/02 22:10:54 | 000,239,827 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp
    [2007/11/02 22:10:54 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
    [2007/11/02 16:48:15 | 000,100,584 | ---- | C] () -- C:\WINDOWS\hpgins14.dat
    [2007/11/01 14:28:26 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
    [2007/09/24 14:05:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2007/09/24 14:05:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2007/09/24 14:04:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
    [2007/07/05 12:35:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
    [2007/07/05 12:34:26 | 003,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
    [2007/07/05 12:32:05 | 025,990,432 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
    [2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2007/03/06 05:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2006/11/19 23:45:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/10/31 17:47:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/07/18 11:09:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/07/08 09:27:45 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Retrieve.INI
    [2006/07/08 06:41:36 | 000,000,344 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2006/07/08 06:41:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2006/03/14 22:43:45 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
    [2006/03/14 22:40:22 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
    [2005/12/23 12:42:43 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2005/12/23 12:42:43 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2005/12/23 12:42:43 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2005/12/23 12:42:43 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2005/12/23 12:42:43 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2005/12/23 12:42:43 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2005/12/23 12:42:43 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2005/12/23 12:42:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2005/12/23 12:42:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2005/12/23 12:42:43 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2005/12/23 12:42:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2005/12/23 12:42:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2005/12/23 12:42:43 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2005/12/23 12:42:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2005/12/23 12:38:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
    [2005/12/23 12:37:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
    [2005/11/24 17:02:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/09/12 15:21:18 | 000,068,952 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
    [2005/09/12 15:21:18 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
    [2005/08/12 12:24:57 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2005/08/05 11:09:22 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
    [2005/04/23 22:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2005/04/20 14:23:37 | 000,104,651 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
    [2005/04/20 14:23:37 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
    [2005/04/04 19:08:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\fusioncache.dat
    [2005/04/04 18:51:03 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2005/02/09 21:26:01 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2005/01/18 15:59:57 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/11/17 13:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/11/17 13:09:46 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2004/09/09 16:45:39 | 000,008,698 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
    [2004/09/09 16:44:48 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2004/07/13 12:03:53 | 000,041,269 | ---- | C] () -- C:\WINDOWS\UN800001.INI
    [2004/07/13 12:03:11 | 000,084,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
    [2004/07/13 12:03:11 | 000,083,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
    [2004/06/16 23:45:35 | 000,000,561 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/06/16 23:40:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
    [2004/06/16 23:34:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2004/06/16 23:34:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2004/06/16 23:34:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2004/06/16 23:34:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2004/06/16 23:34:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2004/06/16 23:34:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2004/03/31 19:59:36 | 000,001,180 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2004/03/31 19:57:08 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2004/03/31 19:54:28 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
    [2004/03/31 19:54:25 | 000,013,988 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2004/03/31 19:09:29 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
    [2004/03/31 18:59:58 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
    [2004/03/31 18:50:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
    [2004/03/31 17:43:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/03/31 17:12:00 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/03/31 17:09:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/03/31 17:06:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/03/31 16:00:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2004/03/31 16:00:01 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/03/31 15:59:42 | 000,507,412 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/03/31 15:59:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/03/31 15:59:42 | 000,089,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/03/31 15:59:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/03/31 15:59:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/03/31 15:59:40 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/03/31 15:59:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/03/31 15:59:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/03/31 15:59:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/03/31 15:59:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/03/31 15:59:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/03/31 09:03:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/03/31 09:03:13 | 000,343,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/03/22 21:50:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2004/03/22 21:49:08 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2003/06/17 17:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
    [2003/06/17 17:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
    [2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
    [2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

    ========== LOP Check ==========

    [2011/08/04 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2008/09/06 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\All-In-One
    [2010/09/13 15:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
    [2010/11/24 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/22 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/09/02 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2010/10/22 13:34:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/22 18:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2007/09/24 14:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2005/11/24 17:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/10/22 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2011/06/21 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2005/02/20 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2011/08/08 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/06/27 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2008/09/06 17:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/10/22 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2011/02/19 15:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/03/08 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2007/12/19 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
    [2009/04/20 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2004/12/30 23:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ACD Systems
    [2008/07/23 10:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Audacity
    [2010/10/22 13:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\AVG10
    [2008/09/02 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Broderbund
    [2007/11/20 20:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\check identical files
    [2009/04/29 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ClientManager2
    [2008/12/23 18:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/01/01 13:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ElevatedDiagnostics
    [2008/08/30 13:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Family Lawyer
    [2007/12/11 15:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Flickr
    [2011/03/17 20:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\GlarySoft
    [2010/09/20 23:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\HamsterSoft
    [2009/08/18 21:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Image Zone Express
    [2004/09/18 22:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\InterVideo
    [2011/08/09 17:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
    [2005/08/05 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Juniper Networks
    [2005/12/23 13:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Leadertech
    [2010/08/16 18:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\muvee Technologies
    [2009/04/18 22:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\NCH Swift Sound
    [2005/01/04 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Neoteris
    [2010/07/16 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Opera
    [2009/08/18 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Printer Info Cache
    [2007/07/15 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Shutterfly
    [2006/12/30 21:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Snapfish
    [2005/01/19 11:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Template
    [2009/03/08 21:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Ulead Systems
    [2009/04/22 17:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Uniblue
    [2009/09/03 12:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\VirtualStore
    [2007/12/19 16:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Wal-Mart
    [2011/07/17 19:05:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
    [2011/07/17 19:06:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
    [2011/07/17 22:07:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/11/24 17:22:31 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2010/06/27 10:11:58 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/06/21 13:16:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/08/10 18:32:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/08/08 21:08:54 | 000,026,399 | ---- | M] () -- C:\ComboFix.txt
    [2004/03/31 17:07:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/07/08 09:41:23 | 000,001,441 | ---- | M] () -- C:\devicetable.log
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/08/12 14:22:41 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
    [2005/06/03 00:49:59 | 000,045,739 | ---- | M] () -- C:\hpfr3600.log
    [2004/09/21 14:40:33 | 000,000,391 | -H-- | M] () -- C:\hpothb07.dat
    [2004/09/21 14:40:33 | 000,000,749 | -H-- | M] () -- C:\hpothb07.tif
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/03/31 17:07:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/19 16:45:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/04/29 13:37:18 | 000,019,690 | ---- | M] () -- C:\mombi.log
    [2004/03/31 17:07:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/11/09 14:57:11 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/01/02 18:18:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/12 14:22:39 | 2413,821,952 | -HS- | M] () -- C:\pagefile.sys
    [2007/03/07 18:02:02 | 071,712,054 | ---- | M] () -- C:\REGISTRYBKUP.reg
    [2009/06/15 03:07:48 | 000,000,087 | ---- | M] () -- C:\setup.log
    [2011/08/09 17:37:50 | 000,045,594 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_09.08.2011_17.32.29_log.txt
    [2011/08/11 17:13:37 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_11.08.2011_17.13.27_log.txt
    [2011/08/11 17:16:53 | 000,045,326 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_11.08.2011_17.14.16_log.txt
    [2008/12/22 19:23:27 | 000,002,414 | ---- | M] () -- C:\updatedatfix.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2005/08/08 18:35:44 | 000,004,991 | ---- | M] () -- C:\_Sid.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/03/31 09:02:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/03/31 09:02:41 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/03/31 09:02:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 22:02:15

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88959883
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
    < End of report >


    OTL Extras logfile created on: 8/12/2011 4:16:23 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Larry\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.14% Memory free
    4.10 Gb Paging File | 3.40 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): C:\pagefile.sys 2302 2302 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 226.88 Gb Total Space | 170.63 Gb Free Space | 75.21% Space Free | Partition Type: NTFS

    Computer Name: SONY | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
    "2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe" = C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\Sony\Giga Pocket\gps.exe" = C:\Program Files\Sony\Giga Pocket\gps.exe:*:Enabled:Giga Pocket Server -- (Sony Corporation)
    "C:\Program Files\Sony\VAIO Media 4.0\Vc.exe" = C:\Program Files\Sony\VAIO Media 4.0\Vc.exe:*:Enabled:[VAIO Media] VAIO Media -- (Sony Corporation)
    "C:\Documents and Settings\Larry\Desktop\spybotsd162.exe" = C:\Documents and Settings\Larry\Desktop\spybotsd162.exe:*:Enabled:spybotsd162.exe -- (Safer Networking Limited )
    "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" = C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe:*:Enabled:VAIO Update Options -- (Sony Corporation)
    "C:\Program Files\Sony\vaio media integrated server\Setup\VMSetup.exe" = C:\Program Files\Sony\vaio media integrated server\Setup\VMSetup.exe:*:Enabled:VAIO Media Setup -- (Sony Corporation)
    "C:\Program Files\Sony\Giga Pocket\gvr.exe" = C:\Program Files\Sony\Giga Pocket\gvr.exe:*:Enabled:Giga Pocket -- (Sony Corporation)
    "C:\Program Files\Sony\Giga Pocket\ReserveModule.exe" = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe:*:Enabled:Timer Recording Manager -- (Sony Corporation)
    "C:\Program Files\Sony\Giga Pocket\ReserveW.exe" = C:\Program Files\Sony\Giga Pocket\ReserveW.exe:*:Enabled:Timer Recording Wizard -- (Sony Corporation)
    "C:\Program Files\Sony\Giga Pocket\tvsetup.exe" = C:\Program Files\Sony\Giga Pocket\tvsetup.exe:*:Enabled:TV Setup -- (Sony Corporation)
    "C:\Program Files\Browser MOUSE\mouse32a.exe" = C:\Program Files\Browser MOUSE\mouse32a.exe:*:Enabled: Browser MOUSE -- ()
    "C:\Program Files\sony\vaio media integrated server\Platform\SV_Httpd.exe" = C:\Program Files\sony\vaio media integrated server\Platform\SV_Httpd.exe:*:Enabled:SV_Httpd -- (Sony Corporation)
    "C:\Program Files\sony\vaio media integrated server\Platform\UPnPFramework.exe" = C:\Program Files\sony\vaio media integrated server\Platform\UPnPFramework.exe:*:Enabled:UPnPFramework -- (Sony Corporation)
    "C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" = C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe:*:Enabled:[VAIO Media] SNAC Server -- (Sony Corporation)
    "C:\Program Files\Creative\Photo Manager\CTSGrab.exe" = C:\Program Files\Creative\Photo Manager\CTSGrab.exe:*:Enabled:Screen Capture -- (Creative Technology Ltd)
    "C:\Program Files\SightSpeed\VideoMerge.exe" = C:\Program Files\SightSpeed\VideoMerge.exe:*:Enabled:CallExporter -- (SightSpeed Inc.)
    "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe" = C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe:*:Enabled:Creative Live! Cam Center -- (Creative Technology Ltd)
    "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" = C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*:Enabled:Creative Live! Cam Manager -- (Creative Technology Ltd.)
    "C:\Program Files\Creative\Photo Manager\CTPM.exe" = C:\Program Files\Creative\Photo Manager\CTPM.exe:*:Enabled:Creative Photo Manager -- (Creative Technology Ltd)
    "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" = C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe:*:Enabled:Creative Software AutoUpdate -- (Creative Technology Ltd)
    "C:\Program Files\Creative\Support\System Information\CTSi.exe" = C:\Program Files\Creative\Support\System Information\CTSi.exe:*:Enabled:Creative System Information -- (Creative Technology Ltd.)
    "C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe" = C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe:*:Enabled:HP Solution Center -- (Hewlett-Packard Company)
    "C:\WINDOWS\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe" = C:\WINDOWS\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe:*:Enabled:SkypeIcon.exe -- ()
    "C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
    "C:\Program Files\Movie Maker\moviemk.exe" = C:\Program Files\Movie Maker\moviemk.exe:*:Enabled:Windows Movie Maker -- (Microsoft Corporation)
    "C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe" = C:\Documents and Settings\Larry\Desktop\HP L7680 full drivers 2 28 11\OJProL7X00_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
    "{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
    "{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
    "{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
    "{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B406F3B-8008-430C-B385-ED63154534C7}" = L7600
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
    "{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro
    "{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
    "{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
    "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
    "{3F679809-E099-4A45-BAF6-04F6F02141A3}" = Family Matters
    "{402ABB62-3C87-47F4-B8D6-A2A51C241B2F}" = DigitalCAM
    "{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
    "{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C656CE5-1252-4699-A80F-1C9C469FD77B}" = Mavis Beacon Teaches Microsoft Word
    "{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F51F451-E2A9-411C-9076-BFCE69C3632B}" = Broderbund Home and Business Lawyer
    "{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
    "{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
    "{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
    "{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.02
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
    "{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.1
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
    "{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
    "{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
    "{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AD871377-A1A3-4D7B-AA5E-EB163E1202C6}" = Kodak DIGITAL GEM Airbrush Professional Plug-In
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
    "{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
    "{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
    "{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager
    "{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
    "{D2DFC174-494B-435D-BB9D-D82520D03C28}" = My Sam's Club Digital Photo Center
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
    "{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.12
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
    "{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
    "{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "All ATI Software" = ATI - Software Uninstall Utility
    "AnvSoft Movie DVD Maker_is1" = Movie DVD Maker 3.01
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "Browser MOUSE" = Browser MOUSE
    "BurnAware Free_is1" = BurnAware Free 3.0.5
    "Check Identical Files_is1" = Check Identical Files version 2.20
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "CPC View Plugin" = CPC Lite Plugin
    "Creative Live! Cam Center" = Creative Live! Cam Center
    "Creative Live! Cam Manager" = Creative Live! Cam Manager
    "Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
    "Creative Photo Manager" = Creative Photo Manager
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
    "dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
    "Easy DV to DVD" = Easy DV to DVD
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ExpressBurn" = Express Burn
    "Film Factory" = Film Factory
    "Flickr Uploadr" = Flickr Uploadr 2.5.0.15
    "FLV Player1.33T" = FLV Player
    "Glary Utilities_is1" = Glary Utilities 2.33.0.1158
    "Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 14.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "InstallShield_{4C656CE5-1252-4699-A80F-1C9C469FD77B}" = Mavis Beacon Teaches Microsoft Word
    "InstallShield_{4F51F451-E2A9-411C-9076-BFCE69C3632B}" = Broderbund Home and Business Lawyer
    "InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
    "InstallShield_{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
    "InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "Iomega ZipCD" = Iomega ZipCD Support Files
    "JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 5.0
    "Labtec Desktop V5.1" = Labtec Desktop V5.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
    "OpenMG HotFix4.0-04-11-01-01" = OpenMG Limited Patch 4.0-04-11-01-01
    "Picasa 3" = Picasa 3
    "PictureItSuite_v10" = Microsoft Digital Image Suite 10
    "PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RealPlayer 12.0" = RealPlayer
    "SFlyStudio" = Shutterfly Studio
    "Shop for HP Supplies" = Shop for HP Supplies
    "Shutterfly Plugin" = Shutterfly Plugin
    "SightSpeed" = SightSpeed
    "Silent Package Run-Time Sample" = EPSON Stylus Photo R260 User's Guide
    "SysInfo" = Creative System Information
    "Tweak UI 2.10" = Tweak UI
    "UN800001" = BUFFALO Client Manager
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "WavePad" = WavePad Uninstall
    "Welcome to VAIO life" = Welcome to VAIO life
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Internet Mail" = Yahoo! Internet Mail
    "ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Neoteris_Cache_Cleaner 4.2.0" = Cache Cleaner 4.2.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/24/2010 4:22:38 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/24/2010 4:30:21 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/24/2010 4:30:21 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/24/2010 6:33:36 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/24/2010 6:33:37 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/24/2010 10:30:44 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/25/2010 3:00:00 AM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/25/2010 3:00:01 AM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/25/2010 5:41:58 PM | Computer Name = SONY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/26/2010 1:25:55 PM | Computer Name = SONY | Source = VzFw | ID = 108
    Description = Failed to start monitoring folder. (00000000) C:\Documents and Settings\All
    Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

    [ System Events ]
    Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7031
    Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    10000 milliseconds: Restart the service.

    Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The VAIO Media Integrated Server (HTTP) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/11/2011 4:34:26 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The VAIO Entertainment Database Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/11/2011 4:34:27 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The VAIO Media Integrated Server (UPnP) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/11/2011 4:34:27 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/11/2011 4:34:28 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The Sony TV Tuner Manager service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 8/11/2011 4:34:28 PM | Computer Name = SONY | Source = Service Control Manager | ID = 7034
    Description = The VAIO Entertainment TV Device Arbitration Service service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 8/11/2011 8:38:03 PM | Computer Name = SONY | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 8/11/2011 8:38:03 PM | Computer Name = SONY | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 8/12/2011 4:11:55 PM | Computer Name = SONY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.8 for the Network Card with network
    address 00112F1989E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >


    Hope this goes.

    Larry
     
  9. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Kevin, If you get this please relpy ASAP

    Larry
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    OK, what is the big issue...
     
  11. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hi Kevin,

    Sorry for the request for quick response. I had tried to respond to you on a timely basis. However, each time I attempted to send the latest info you requested, I received an "error message" stating the Web page had expired. I then went to the thread and did not see the message I sent. I assumed that you would not get the info and I tried sending it 5 times! Now, I see that it was sent. Sorry for the redundant messages.

    Looking forward to your next instructions.

    Larry
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Larry,

    Continue as follows please :-

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- -- (HidServ)
      SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
      SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
      SRV - [2007/09/24 23:54:23 | 001,247,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info...TunesSetup.exe (Reg Error: Key error.)
      @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88959883
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF
      :Services
      :Files
      ipconfig /flushdns /c
      C:\Documents and Settings\All Users\Application Data\FileCure
      C:\Documents and Settings\All Users\Application Data\IObit
      C:\Documents and Settings\All Users\Application Data\ParetoLogic
      C:\Documents and Settings\Larry\Application Data\IObit
      C:\WINDOWS\Tasks\ParetoLogic Registration3.job
      C:\WINDOWS\Tasks\SmartDefrag_Startup.job
      :Commands
      [purity]
      [resethosts]
      [EmptyFlash]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    • Re-open Malwarebytes and check for updates...
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see those three logs in next reply, also give an update on issues and concerns....

    Kevin
     
  13. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Kevin,

    I have sent you comments previously and I don't know if you have seen/read them. I think they might be pertinent. Please let me know. They have been in with the various logs I have sent.

    As I have stated, exehelper fixes the file association issue but only temporarily; after I restart or reboot, the file association dialog box appears.

    When I try to start an app without the assist from exehelper, I get the file association dialog box only NOW, however, its title is not FileCure, it's Windows. I still can't execute anything without exehelper being used right after the desktop appears! That includes OTL, Malwarbytes, etc. I'm wondering if the exehelper program is "hiding" the issue from the OTL and Malwarbytes? But, I can't run those programs without exehelper. I guess I'm being redundant.

    After exehelper functions, it has two screens: A black DOS-looking screen and the .txt screen ala Notepad. The black screen has 2 lines in it that are not listed in the .txt screen as follows:

    exefile="%1" %*
    .exe=exefile

    and

    comfile="%1" %*
    .com=comfile

    From what little research I'v done, those are registry fixes. However, as pointed out above, they are not permanent. Each restart/reboot and they are back to the defective whatever.

    With the help of exehelper, I could now run HJT. Would this be helpful? I surely cannot not run it without exehelper. My assumption would be that exehelper would prevent HJT from "seeing" what is really wrong???

    Doug Knox, in his site, has a similar program to exehelper. It too is temporary.

    Your instruction in your previous message it appears that item 2 and 3 are identical. Please correct me if I'm wrong.

    Here are the logs you asked for in your previous message.

    All processes killed
    ========== OTL ==========
    Error: No service named HidServ was found to stop!
    Service\Driver key HidServ not found.
    Error: No service named CLTNetCnService was found to stop!
    Service\Driver key CLTNetCnService not found.
    Error: No service named AppMgmt was found to stop!
    Service\Driver key AppMgmt not found.
    Error: No service named Symantec Core LC was found to stop!
    Service\Driver key Symantec Core LC not found.
    File C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
    Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:88959883 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6108D5DF .
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Larry\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Larry\Desktop\cmd.txt deleted successfully.
    File\Folder C:\Documents and Settings\All Users\Application Data\FileCure not found.
    File\Folder C:\Documents and Settings\All Users\Application Data\IObit not found.
    File\Folder C:\Documents and Settings\All Users\Application Data\ParetoLogic not found.
    File\Folder C:\Documents and Settings\Larry\Application Data\IObit not found.
    File\Folder C:\WINDOWS\Tasks\ParetoLogic Registration3.job not found.
    File\Folder C:\WINDOWS\Tasks\SmartDefrag_Startup.job not found.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: Administrator

    User: Administrator.SONY

    User: All Users

    User: Default User

    User: Larry
    ->Flash cache emptied: 456 bytes

    User: LocalService

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.SONY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Larry
    ->Temp folder emptied: 110950 bytes
    ->Temporary Internet Files folder emptied: 25337389 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 12437502 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 46347 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 36.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.SONY

    User: All Users

    User: Default User

    User: Larry
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.26.1 log created on 08152011_160208
    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD42E.tmp not found!
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD439.tmp not found!
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD4C1.tmp not found!
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD4CC.tmp not found!
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD5CE.tmp not found!
    File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFD5D9.tmp not found!
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\iframe3[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[1] moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[2] moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\XCW6MCG1\st[3] moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\aceUAC[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\aceUAC[2].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\B4742075[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\iframe3[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\iframe3[2].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\md[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\st[1] moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\SAOR8HJT\welcome[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\6547533461[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\aceUACping[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\B4742075[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\B4742075[2].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\clk[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\fc[1].htm moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\I1M2H0K5\hic[1].htm moved successfully.
    File move failed. C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
    Registry entries deleted on Reboot...

    MALWAREBYTES follows

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org
    Database version: 7474
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    8/15/2011 5:04:06 PM
    mbam-log-2011-08-15 (17-04-06).txt
    Scan type: Quick scan
    Objects scanned: 189571
    Time elapsed: 6 minute(s), 40 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Thanks, Larry
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Larry,

    See if you can run GMER again, ensure all security is off or GMER will have issues.....

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.
    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

    Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
    Temporarily disable Security

    Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
      [​IMG]
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO
      Then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)

        [​IMG]
        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" *
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


    Please copy and paste the report into your Post.
     
  15. raster man

    raster man Thread Starter

    Joined:
    Jun 15, 2009
    Messages:
    20
    Hi Kevin,

    Ran GMER with zero results! A message came up that said in effect, it found nothing. I saved the blank page as ark.txt, but what good is that. I did have to run exehelper to get GMER to run. I tried to change GMER to a .com file but could not do it. So perhaps GMER thought everything was ok because of what exehelper does.

    Please comment on my comments!

    Once again, if I run exehelper, all is well...until of course I restart or reboot. If we could make whatever exehelper is doing permanent, then I would be happy.

    As I'm sure on your end, I'm getting a little tired of this. However, I do appreciate your perseverence!

    Larry
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1011286