1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

RE: Hijacked and Desperate for help (NeonFX)

Discussion in 'Virus & Other Malware Removal' started by dakota5369, Apr 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    mr. neonfx, i read this thread below and was wondering if you could help me as well. i am basically experiencing the EXACT same thing that user was. i did the ots thing and here is what i got...

    Code:
    OTS logfile created on: 4/27/2010 12:28:30 PM - Run 1
    OTS by OldTimer - Version 3.1.30.0     Folder = C:\Documents and Settings\Chris\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1,023.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): C:\pagefile.sys 512 1024
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.88 Gb Total Space | 145.78 Gb Free Space | 64.54% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: 
    Current User Name: Chris
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Chris\My Documents\Downloads\OTS.exe -> [2010/04/27 12:25:55 | 000,639,488 | ---- | M] (OldTimer Tools)
    firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation)
    sbamsvc.exe -> C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -> [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software)
    mxtask.exe -> C:\Program Files\Avanquest\Fix-It\mxtask.exe -> [2010/02/05 13:27:02 | 000,529,688 | ---- | M] (Avanquest Software)
    mxtask2.exe -> C:\Program Files\Avanquest\Fix-It\MXTask2.exe -> [2009/12/04 00:40:32 | 000,050,456 | ---- | M] (Avanquest Software)
    seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    vzcdbsvc.exe -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation)
    vzfw.exe -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation)
    vcsw.exe -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation)
    soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> [2004/10/21 15:20:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.)
    sonicstagemonitoring.exe -> C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -> [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation)
    smceman.exe -> C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -> [2003/08/13 13:23:00 | 000,106,496 | ---- | M] (Sony Corporation)
    rm_sv.exe -> C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -> [2003/08/13 13:07:22 | 000,094,208 | ---- | M] (Sony Corporation)
     
    [Modules - All]
    ots.exe -> C:\Documents and Settings\Chris\My Documents\Downloads\OTS.exe -> [2010/04/27 12:25:55 | 000,639,488 | ---- | M] (OldTimer Tools)
    wininet.dll -> C:\WINDOWS\system32\wininet.dll -> [2010/03/11 05:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation)
    ieframe.dll -> C:\WINDOWS\system32\ieframe.dll -> [2010/03/11 05:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation)
    iertutil.dll -> C:\WINDOWS\system32\iertutil.dll -> [2010/03/11 05:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation)
    winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2009/12/04 00:31:58 | 000,028,672 | ---- | M] (Avanquest Software)
    rpcrt4.dll -> C:\WINDOWS\system32\rpcrt4.dll -> [2009/04/15 07:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation)
    ntdll.dll -> C:\WINDOWS\system32\ntdll.dll -> [2009/02/09 05:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation)
    advapi32.dll -> C:\WINDOWS\system32\advapi32.dll -> [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
    comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/14 06:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation)
    winspool.drv -> C:\WINDOWS\system32\winspool.drv -> [2008/04/14 06:42:46 | 000,146,432 | ---- | M] (Microsoft Corporation)
    ws2_32.dll -> C:\WINDOWS\system32\ws2_32.dll -> [2008/04/14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation)
    ws2help.dll -> C:\WINDOWS\system32\ws2help.dll -> [2008/04/14 06:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation)
    userenv.dll -> C:\WINDOWS\system32\userenv.dll -> [2008/04/14 06:42:10 | 000,727,040 | ---- | M] (Microsoft Corporation)
    user32.dll -> C:\WINDOWS\system32\user32.dll -> [2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation)
    uxtheme.dll -> C:\WINDOWS\system32\uxtheme.dll -> [2008/04/14 06:42:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
    winmm.dll -> C:\WINDOWS\system32\winmm.dll -> [2008/04/14 06:42:10 | 000,176,128 | ---- | M] (Microsoft Corporation)
    wldap32.dll -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/14 06:42:10 | 000,172,032 | ---- | M] (Microsoft Corporation)
    version.dll -> C:\WINDOWS\system32\version.dll -> [2008/04/14 06:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation)
    srclient.dll -> C:\WINDOWS\system32\srclient.dll -> [2008/04/14 06:42:08 | 000,067,584 | ---- | M] (Microsoft Corporation)
    shell32.dll -> C:\WINDOWS\system32\shell32.dll -> [2008/04/14 06:42:06 | 008,461,312 | ---- | M] (Microsoft Corporation)
    setupapi.dll -> C:\WINDOWS\system32\setupapi.dll -> [2008/04/14 06:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation)
    shlwapi.dll -> C:\WINDOWS\system32\shlwapi.dll -> [2008/04/14 06:42:06 | 000,474,112 | ---- | M] (Microsoft Corporation)
    samlib.dll -> C:\WINDOWS\system32\samlib.dll -> [2008/04/14 06:42:06 | 000,064,000 | ---- | M] (Microsoft Corporation)
    secur32.dll -> C:\WINDOWS\system32\secur32.dll -> [2008/04/14 06:42:06 | 000,056,320 | ---- | M] (Microsoft Corporation)
    ole32.dll -> C:\WINDOWS\system32\ole32.dll -> [2008/04/14 06:42:04 | 001,287,168 | ---- | M] (Microsoft Corporation)
    oleaut32.dll -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/14 06:42:04 | 000,551,936 | ---- | M] (Microsoft Corporation)
    ntmarta.dll -> C:\WINDOWS\system32\ntmarta.dll -> [2008/04/14 06:42:04 | 000,118,784 | ---- | M] (Microsoft Corporation)
    olepro32.dll -> C:\WINDOWS\system32\olepro32.dll -> [2008/04/14 06:42:04 | 000,084,992 | ---- | M] (Microsoft Corporation)
    psapi.dll -> C:\WINDOWS\system32\psapi.dll -> [2008/04/14 06:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation)
    msvcrt.dll -> C:\WINDOWS\system32\msvcrt.dll -> [2008/04/14 06:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation)
    msctf.dll -> C:\WINDOWS\system32\msctf.dll -> [2008/04/14 06:42:00 | 000,297,984 | ---- | M] (Microsoft Corporation)
    msimg32.dll -> C:\WINDOWS\system32\msimg32.dll -> [2008/04/14 06:42:00 | 000,004,608 | ---- | M] (Microsoft Corporation)
    kernel32.dll -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/14 06:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation)
    mpr.dll -> C:\WINDOWS\system32\mpr.dll -> [2008/04/14 06:41:58 | 000,059,904 | ---- | M] (Microsoft Corporation)
    gdi32.dll -> C:\WINDOWS\system32\gdi32.dll -> [2008/04/14 06:41:56 | 000,285,184 | ---- | M] (Microsoft Corporation)
    imagehlp.dll -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/14 06:41:56 | 000,144,384 | ---- | M] (Microsoft Corporation)
    imm32.dll -> C:\WINDOWS\system32\imm32.dll -> [2008/04/14 06:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation)
    framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2008/04/14 06:41:54 | 000,185,344 | ---- | M] (Microsoft Corporation)
    comres.dll -> C:\WINDOWS\system32\comres.dll -> [2008/04/14 06:41:52 | 000,792,064 | ---- | M] (Microsoft Corporation)
    clbcatq.dll -> C:\WINDOWS\system32\clbcatq.dll -> [2008/04/14 06:41:52 | 000,498,688 | ---- | M] (Microsoft Corporation)
    comdlg32.dll -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/14 06:41:52 | 000,276,992 | ---- | M] (Microsoft Corporation)
    apphelp.dll -> C:\WINDOWS\system32\apphelp.dll -> [2008/04/14 06:41:50 | 000,125,952 | ---- | M] (Microsoft Corporation)
    msctfime.ime -> C:\WINDOWS\system32\msctfime.ime -> [2008/04/14 06:40:08 | 000,177,152 | ---- | M] (Microsoft Corporation)
    normaliz.dll -> C:\WINDOWS\system32\normaliz.dll -> [2006/06/29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation)
    serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/10 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
    umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/10 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (hpdj) hpdj [Auto | Stopped] ->  -> File not found
    (avast! Web Scanner) avast! Web Scanner [Disabled | Stopped] ->  -> File not found
    (avast! Mail Scanner) avast! Mail Scanner [Disabled | Stopped] ->  -> File not found
    (avast! Antivirus) avast! Antivirus [Disabled | Stopped] ->  -> File not found
    (AntiVirService) Avira AntiVir Guard [Disabled | Stopped] ->  -> File not found
    (AntiVirSchedulerService) Avira AntiVir Scheduler [Disabled | Stopped] ->  -> File not found
    (SBAMSvc) Fix-It [Auto | Running] -> C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -> [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software)
    (Fix-It Task Manager) Fix-It Task Manager [Auto | Running] -> C:\Program Files\Avanquest\Fix-It\mxtask.exe -> [2010/02/05 13:27:02 | 000,529,688 | ---- | M] (Avanquest Software)
    (fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
    (SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
    (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -> [2008/05/17 09:16:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
    (VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -> [2004/11/02 16:42:42 | 001,826,816 | ---- | M] (Sony Corporation)
    (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> [2004/10/25 10:35:34 | 000,073,728 | ---- | M] (Sony Corporation)
    (VzCdbSvc) VAIO Entertainment Database Service [Auto | Running] -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation)
    (VzFw) VAIO Entertainment File Import Service [Auto | Running] -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation)
    (Vcsw) VAIO Entertainment UPnP Client Adapter [On_Demand | Running] -> C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> [2004/06/16 04:41:06 | 000,188,416 | ---- | M] (Sony Corporation)
    (SonicStageMonitoring) SonicStageMonitoring [Auto | Running] -> C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -> [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation)
    (VAIOMediaPlatform-VideoServer-AppServer) VAIO Media Video Server [On_Demand | Stopped] -> C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -> [2003/10/30 13:48:10 | 001,286,144 | ---- | M] (Sony Corporation)
    (Sony TVTA Manager) Sony TVTA Manager [Auto | Running] -> C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -> [2003/08/13 13:23:00 | 000,106,496 | ---- | M] (Sony Corporation)
    (Sony TV Tuner Controller) Sony TV Tuner Controller [On_Demand | Stopped] -> C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -> [2003/08/13 13:10:04 | 000,118,784 | ---- | M] (Sony Corporation)
    (Sony TV Tuner Manager) Sony TV Tuner Manager [On_Demand | Running] -> C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -> [2003/08/13 13:07:22 | 000,094,208 | ---- | M] (Sony Corporation)
     
    [Driver Services - Safe List]
    (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/09 03:50:20 | 000,056,816 | ---- | M] (Avira GmbH)
    (SBRE) SBRE [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SBREDrv.sys -> [2009/10/13 08:22:50 | 000,095,024 | ---- | M] (Sunbelt Software)
    (sbapifs) sbapifs [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\sbapifs.sys -> [2009/08/10 21:06:28 | 000,069,936 | ---- | M] (Sunbelt Software)
    (fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation)
    (sbtis) sbtis [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\sbtis.sys -> [2009/07/15 10:17:58 | 000,203,056 | ---- | M] (Sunbelt Software)
    (sbaphd) sbaphd [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\sbaphd.sys -> [2009/05/13 18:30:46 | 000,013,360 | ---- | M] (Sunbelt Software)
    (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2008/08/05 14:57:41 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
    (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2008/08/05 14:57:35 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2006/02/15 19:21:50 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
    (CA561) ICatch VI PC CAMERA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SPCA561.SYS -> [2004/11/29 16:51:52 | 000,122,928 | ---- | M] (SP)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2004/10/27 18:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.)
    (AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AFS2K.SYS -> [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.)
    (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/09/29 05:22:22 | 000,800,256 | ---- | M] (ATI Technologies Inc.)
    (smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\smrt.sys -> [2004/08/05 21:20:34 | 000,788,736 | ---- | M] (Sony Corporation)
    (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems)
    (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Hdaudio.sys -> [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.)
    (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
    (DMICall) Sony DMI Call service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\DMICall.sys -> [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.sony.com/vaiopeople -> 
    HKEY_USERS\.DEFAULT\: SearchURL\\"provider" ->  -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.sony.com/vaiopeople -> 
    HKEY_USERS\S-1-5-18\: SearchURL\\"provider" ->  -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.sony.com/vaiopeople -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.sony.com/vaiopeople -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\: Main\\"SearchMigratedDefaultName" -> Google -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\: "ProxyEnable" -> 0 -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\ddk86gnb.default\prefs.js -> 
    extensions.enabledItems -> [email protected]:3.5 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/27 02:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/20 12:46:03 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions -> [2009/12/06 14:00:17 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ddk86gnb.default\extensions -> [2008/04/14 21:35:57 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/27 06:00:30 | 000,000,000 | ---D | M]
    < HOSTS File > ([2008/05/02 20:51:48 | 000,221,534 | ---- | M] - 7821 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1       localhost
    127.0.0.1    007guard.com
    127.0.0.1    www.007guard.com
    127.0.0.1    008i.com
    127.0.0.1    008k.com
    127.0.0.1    www.008k.com
    127.0.0.1    00hq.com
    127.0.0.1    www.00hq.com
    127.0.0.1    010402.com
    127.0.0.1    032439.com
    127.0.0.1    www.032439.com
    127.0.0.1    1001-search.info
    127.0.0.1    www.1001-search.info
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    123topsearch.com
    127.0.0.1    www.123topsearch.com
    127.0.0.1    132.com
    127.0.0.1    www.132.com
    127.0.0.1    136136.net
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 02:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
    {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2007/08/31 15:46:14 | 001,122,128 | ---- | M] (Safer Networking Limited)
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 09:38:44 | 000,181,352 | ---- | M] (Yahoo!)
    {65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKLM] -> C:\Program Files\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> [2005/01/24 07:55:32 | 000,115,832 | ---- | M] (Yahoo! Inc.)
    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 12:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
    {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} [HKLM] -> C:\Program Files\InboxDollars\Toolbar.dll [Freecause Toolbar BHO] -> [2010/04/20 11:30:53 | 001,529,856 | ---- | M] ()
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 000,509,328 | ---- | M] (Sun Microsystems, Inc.)
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/04/19 21:03:59 | 000,812,528 | ---- | M] (Google Inc.)
    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    "{47980628-3844-42AA-A0DD-E2D86BBA9600}" [HKLM] -> C:\Program Files\InboxDollars\Toolbar.dll [InboxDollars] -> [2010/04/20 11:30:53 | 001,529,856 | ---- | M] ()
    "{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}" [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2005/08/04 19:54:42 | 000,343,112 | ---- | M] (Yahoo! Inc.)
    < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}" [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}" [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    ShellBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    ShellBrowser\\"{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}" [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    ShellBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/04/19 21:03:34 | 000,278,128 | ---- | M] (Google Inc.)
    WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{47980628-3844-42AA-A0DD-E2D86BBA9600}" [HKLM] -> C:\Program Files\InboxDollars\Toolbar.dll [InboxDollars] -> [2010/04/20 11:30:53 | 001,529,856 | ---- | M] ()
    WebBrowser\\"{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C}" [HKLM] -> C:\Program Files\embarqtoolbar\embarqtoolbar.dll [Embarq Toolbar] -> [2007/06/08 16:13:00 | 001,897,472 | ---- | M] (Embarq)
    WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "CountDown" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
    "HitmanPro35" -> C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe ["C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot] -> [2010/04/27 10:05:15 | 005,937,984 | ---- | M] (SurfRight B.V.)
    "SBRegRebootCleaner" -> C:\Program Files\Common Files\AntiVirus\SBRC.exe [C:\Program Files\Common Files\AntiVirus\SBRC.exe] -> [2010/02/22 13:30:10 | 000,197,968 | ---- | M] (Sunbelt Software)
    "SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2004/10/21 15:20:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.)
    < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "AROReminder" -> C:\Program Files\Advanced Registry Optimizer\aro.exe [C:\Program Files\Advanced Registry Optimizer\aro.exe -rem] -> [2010/01/20 14:51:22 | 002,137,600 | ---- | M] (Sammsoft)
    < WinNT Load [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
    *load* -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
    C:\WINDOWS\system32\pmkhg.exe -> C:\WINDOWS\System32\pmkhg.exe -> File not found
    *MultiFile Done* -> -> 
    < WinNT Load [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
    *load* -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
    C:\WINDOWS\system32\pmkhg.exe -> C:\WINDOWS\System32\pmkhg.exe -> File not found
    *MultiFile Done* -> -> 
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    < Chris Startup Folder > -> C:\Documents and Settings\Chris\Start Menu\Programs\Startup -> 
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
    < HelpAssistant.KOHN Startup Folder > -> C:\Documents and Settings\HelpAssistant.KOHN\Start Menu\Programs\Startup -> 
    < HelpAssistant.KOHN.000 Startup Folder > -> C:\Documents and Settings\HelpAssistant.KOHN.000\Start Menu\Programs\Startup -> 
    < Jody Startup Folder > -> C:\Documents and Settings\Jody\Start Menu\Programs\Startup -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoCDBurning" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 04:39:00 | 001,347,728 | ---- | M] (Microsoft)
    \\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 03:03:28 | 000,001,293 | ---- | M] ()
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Windows &Live Favorites ->  [http://favorites.live.com/quickadd.aspx] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Windows &Live Favorites ->  [http://favorites.live.com/quickadd.aspx] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll [Menu: Sun Java Console] -> [2004/12/01 14:04:15 | 000,069,740 | ---- | M] (Sun Microsystems, Inc.)
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2005/05/26 09:38:44 | 000,181,352 | ---- | M] (Yahoo!)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2007/08/31 15:46:14 | 001,122,128 | ---- | M] (Safer Networking Limited)
    {F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe [Button: PartyPoker.net] -> [2006/12/22 19:36:48 | 000,110,592 | ---- | M] ()
    {F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe [Menu: PartyPoker.net] -> [2006/12/22 19:36:48 | 000,110,592 | ---- | M] ()
    {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Button: Bodog Poker] -> File not found
    {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}:Exec [HKLM] -> C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe [Button: PokerStars.net] -> [2008/02/19 16:58:36 | 000,435,088 | ---- | M] (PokerStars)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 09:38:44 | 000,181,352 | ---- | M] (Yahoo!)
    CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2007/08/31 15:46:14 | 001,122,128 | ---- | M] (Safer Networking Limited)
    CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] -> C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> [2006/12/22 19:36:48 | 000,110,592 | ---- | M] ()
    CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
    CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/02/19 16:58:36 | 000,435,088 | ---- | M] (PokerStars)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 09:38:44 | 000,181,352 | ---- | M] (Yahoo!)
    CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2007/08/31 15:46:14 | 001,122,128 | ---- | M] (Safer Networking Limited)
    CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] -> C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> [2006/12/22 19:36:48 | 000,110,592 | ---- | M] ()
    CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
    CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/02/19 16:58:36 | 000,435,088 | ---- | M] (PokerStars)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 09:38:44 | 000,181,352 | ---- | M] (Yahoo!)
    CmdMapping\\"{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2007/08/31 15:46:14 | 001,122,128 | ---- | M] (Safer Networking Limited)
    CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] -> C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> [2006/12/22 19:36:48 | 000,110,592 | ---- | M] ()
    CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
    CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/02/19 16:58:36 | 000,435,088 | ---- | M] (PokerStars)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\] > -> HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-3190556429-677033014-1943261468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
    {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} [HKLM] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab [Reg Error: Key error.] -> 
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] -> 
    {48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab [MySpace Uploader Control] -> 
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
    {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Facebook Photo Uploader 4 Control] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab [MessengerStatsClient Class] -> 
    {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab [Java Plug-in 1.5.0] -> 
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab [PopCapLoader Object] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.2.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {80330374-3D85-4400-AB1F-FDC2B7FA1A85}\\DhcpNameServer -> 192.168.2.1   (Intel(R) PRO/100 VE Network Connection) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> File not found
    AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2004/09/29 05:18:08 | 000,090,112 | ---- | M] (ATI Technologies Inc.)
    GoToAssist -> C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll -> [2008/05/17 09:16:26 | 000,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> Reg Error: Key error. [SysTray] -> File not found
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> Reg Error: Key error. [] -> File not found
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 19:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\1140056420\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1140056420\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1140056420\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 15:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found
    "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/02/08 14:32:57 | 000,147,456 | ---- | M] (Lime Wire, LLC)
    "C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> File not found
    "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 19:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2005/08/19 17:34:02 | 000,053,248 | ---- | M] (Yahoo! Inc.)
    "C:\WINDOWS\system32\jrdeqjyl.exe" -> C:\WINDOWS\System32\jrdeMESSENGER\YSERVER.EX [C:\WINDOWS\system32\jrdeMESSENGER\YSERVER.EX] -> File not found
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/12/01 12:43:52 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>\ -> 
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
     
    [Registry - Additional Scans - Safe List]
    < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
    0 -> [Key] -> 
    0 -> FriendlyName = My Current Home Page -> 
    0 -> Source = About:Home -> 
    0 -> SubscribedURL = About:Home -> 
    < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
    WallPaper -> C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp -> 
    BackupWallPaper -> C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp -> 
    < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
    "AntiVirSchedulerService" -> -> 
    "AntiVirService" -> -> 
    "avast! Antivirus" -> -> 
    "avast! Mail Scanner" -> -> 
    "avast! Web Scanner" -> -> 
    "Bonjour Service" -> -> 
    "iPod Service" -> -> 
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 20:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBARQ Help.lnk -> C:\Program Files\Virtual Assistant\bin\matcli.exe -> [2005/06/03 10:25:18 | 000,217,088 | ---- | M] (Motive Communications, Inc.)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk -> C:\Program Files\Google\Google Updater\GoogleUpdater.exe -> [2009/03/22 10:09:41 | 000,161,776 | ---- | M] (Google)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> [2008/05/10 08:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company)
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
    Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ALCMTR.EXE -> [2004/10/13 17:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.)
    AlcWzrd hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ALCWZRD.EXE -> [2004/10/21 18:44:36 | 002,744,832 | ---- | M] (RealTek Semicoductor Corp.)
    BearShare hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\BearShare\BearShare.exe -> File not found
    DW6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe -> [2009/12/21 14:15:04 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.)
    HPDJ Taskbar Utility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.)
    Microsoft Dll Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    msnmsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation)
    QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2009/11/11 00:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
    SUPERAntiSpyware hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
    swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/04/30 21:10:49 | 000,068,856 | ---- | M] (Google Inc.)
    updateMgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
    Windows Memory Running Services hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "bootini" -> 0 -> 
    "services" -> 2 -> 
    "startup" -> 2 -> 
    "system.ini" -> 0 -> 
    "win.ini" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    6to4 ->  -> File not found
    Ias -> C:\WINDOWS\system32\ias -> [2004/12/01 12:43:15 | 000,000,000 | ---D | M]
    Iprip ->  -> File not found
    Irmon ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    WmdmPmSp ->  -> File not found
    *MultiFile Done* -> -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/14 06:42:42 | 000,135,168 | ---- | M] (Microsoft Corporation)
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    {013E1BA8-C815-4E27-BCB9-D6B1B2E24094} -> SonicStage Mastering Studio Audio Filter Custom Preset
    {03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn
    {07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour
    {073F22CE-9A5B-4A40-A604-C7270AC6BF34} -> ESSSONIC
    {0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
    {11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday
    {139E303E-1050-497F-98B1-9AE87B15C463} -> Windows Live Family Safety
    {1451DE6B-ABE1-4F62-BE9A-B363A17588A2} -> QuickTime
    {14D4ED84-6A9A-45A0-96F6-1753768C3CB5} -> ESSPCD
    {178832DE-9DE0-4C87-9F82-9315A9B03985} -> Windows Live Writer
    {18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
    {1BEF9285-5530-426B-A5F1-5836B95C7EB1} -> VAIO Original Screen Saver
    {1CB92574-96F2-467B-B793-5CEB35C40C29} -> Image Resizer Powertoy for Windows XP
    {1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth
    {1EB317D8-8945-4FD6-B37F-DF470317C6AB} -> VAIO Media 3.1
    {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    {205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
    {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
    {25CF0627-2EF6-4FCE-A0DE-7D6350C774B2} -> VAIO Original Screen Saver VAIO Scene HD Normal Contents
    {27337663-2619-11D4-99DC-0000F49094C7} -> Memory Stick Formatter
    {2816F7DF-B377-4E3C-B201-9E2A037078EF} -> 3D Home Architect Home Design SE 6
    {2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} -> essvatgt
    {2DBE41DD-2129-4C65-A3D3-5647236A60F3} -> Quicken 2005
    {315BA29D-2644-4760-B5FD-5AC04A52B8C5} -> VAIO Registration
    {3248F0A8-6813-11D6-A77B-00B0D0150000} -> J2SE Runtime Environment 5.0
    {3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
    {341201D4-4F61-4ADB-987E-9CCE4D83A58D} -> Windows Live Toolbar Extension (Windows Live Toolbar)
    {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
    {3FA365DF-2D68-45ED-8F83-8C8A33E65143} -> Apple Application Support
    {40D1BC4F-56CB-458E-BE8C-35A025CC52FB} -> Sony TV Tuner Library 1.0
    {416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
    {42938595-0D83-404D-9F73-F8177FDD531A} -> ESScore
    {4537EA4B-F603-4181-89FB-2953FC695AB1} -> netbrdg
    {48820099-ED7D-424B-890C-9A82EF00656D} -> VAIO Update 2
    {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
    {5158974E-2D28-4018-9335-7694C2974746} -> Fix-It Utilities 10 Professional
    {5316DFC9-CE99-4458-9AB3-E8726EDE0210} -> skin0001
    {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} -> Microsoft Office Live Add-in 1.3
    {605A4E39-613C-4A12-B56F-DEFBE6757237} -> SHASTA
    {608D2A3C-6889-4C11-9B54-A42F45ACBFDB} -> fflink
    {6412CECE-8172-4BE5-935B-6CECACD2CA87} -> Windows Live Mail
    {643EAE81-920C-4931-9F0B-4B343B225CA6} -> ESSBrwr
    {685BCC47-B8EC-45EC-BBCE-77DF2451502C} -> DVgate Plus
    {693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids
    {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
    {6E78BE97-E8CF-11D7-9D83-0030BD612918} -> Power Accounting for Accounting 21ed
    {6F1974D6-4249-43B6-88B0-9A9B8A33956C} -> OpenMG Secure Module 4.0.00
    {7128C69B-8F7E-4336-8698-3FD3CDD955EC} -> VAIO Media Redistribution 3.1
    {71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A} -> SonicStage 2.1.02
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    {7745B7A9-F323-4BB9-9811-01BF57A028DA} -> Map Button (Windows Live Toolbar)
    {786C4AD1-DCBA-49A6-B0EF-B317A344BD66} -> Windows Live Favorites for Windows Live Toolbar
    {7A79D11B-FD82-4A5E-834F-20173515DD14} -> VAIO Media Integrated Server 3.1
    {80EE18E6-F16C-11D4-8BE8-006097C9A3ED} -> ISScript
    {81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} -> Windows Live Essentials
    {84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} -> Windows Live Sync
    {86D6A20D-3910-4441-A3E5-EB6977251C86} -> Samsung USB Driver
    {88DA0A52-3372-4803-971A-ADFB961707E8} -> PictureGear Studio 2.0
    {8943CE61-53BD-475E-90E1-A580869E98A2} -> staticcr
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
    {8A502E38-29C9-49FA-BCFA-D727CA062589} -> ESSTOOLS
    {8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
    {8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday
    {8E92D746-CD9F-4B90-9668-42B74C14F765} -> ESSini
    {91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003
    {91517631-A9F3-4B7C-B482-43E0068FD55A} -> ESSgui
    {91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD 5 for VAIO
    {91A5B6C0-EF4E-4830-AC7D-6761C0A9B292} -> hp deskjet 3600
    {9422C8EA-B0C6-4197-B8FC-DC797658CA00} -> Windows Live Sign-in Assistant
    {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
    {95120000-0122-0409-0000-0000000FF1CE} -> Microsoft Office Outlook Connector
    {9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow!
    {9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders
    {995F1E2E-F542-4310-8E1D-9926F5A279B3} -> Windows Live Toolbar
    {999D43F4-9709-4887-9B1A-83EBB15A8370} -> VPRINTOL
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {9B953606-000E-491C-B74D-78ECFDD520A0} -> OpenMG Metadata Extractor for Windows Media Player
    {9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt
    {9E407618-D9CD-4F39-9490-9ED45294073D} -> Click to DVD 2.0.02 Menu Data
    {A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove
    {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
    {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
    {A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} -> Highlight Viewer (Windows Live Toolbar)
    {A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} -> iTunes
    {A85FD55B-891B-4314-97A5-EA96C0BD80B5} -> Windows Live Messenger
    {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
    {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} -> Apple Mobile Device Support
    {AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9
    {AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} -> ESSCDBK
    {AEC0CEBC-0FC7-4716-8222-1C4A742719B1} -> Digimax Master
    {B162D0A6-9A1D-4B7C-91A5-88FB48113C45} -> OfotoXMI
    {B376402D-58EA-45EA-BD50-DD924EB67A70} -> HP Memories Disc
    {B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore
    {BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
    {BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D} -> Sony Video Shared Library
    {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
    {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D0448678-1203-4158-A58F-B3D0B616BF9E} -> Sony Certificate PCH
    {D32470A1-B10C-4059-BA53-CF0486F68EBC} -> Kodak EasyShare software
    {D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1} -> VAIO Control Center
    {D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA} -> Windows Live Photo Gallery
    {D917FD82-6CE5-489A-AAF8-C701AAC85C4D} -> VAIO Entertainment Platform
    {DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR
    {E0828692-FD9D-459F-9312-C645C3CA6650} -> HP Photo and Imaging 2.0 - Deskjet Series
    {E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby
    {E2DFE069-083E-4631-9B6C-43C48E991DE5} -> Junk Mail filter update
    {E68B38DE-D7DD-4FB3-A453-3F03A947EA8E} -> VAIO Help and Support
    {E715FA41-46EB-4D3F-B4D9-A45973E76026} -> VAIO Structure Wallpaper
    {E79987F0-0E34-42CC-B8FF-6C860AEEB26A} -> tooltips
    {E809063C-51A3-4269-8984-D1EB742F2151} -> Click to DVD 2.3.01
    {ED00D08A-3C5F-488D-93A0-A04F21F23956} -> Windows Live Communications Platform
    {F084395C-40FB-4DB3-981C-B51E74E1E83D} -> Smart Menus (Windows Live Toolbar)
    {F09AA70A-AE99-4FE5-A8C1-289488DFB83E} -> DataBase Professional
    {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
    {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
    {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
    {F22C222C-3CE2-4A4B-A83F-AF4681371ABE} -> kgcbase
    {F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} -> SKINXSDK
    {F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
    {F9593CFB-D836-49BC-BFF1-0E669A411D9F} -> WIRELESS
    {FA11D5B5-7D0A-43E8-88C4-960F97B194DE} -> VAIO Survey Standalone
    {FCDB1C92-03C6-4C76-8625-371224256091} -> ESSPDock
    1Click DVD to Mpeg Mpg 2.13_is1 -> 1Click DVD to Mpeg Mpg 2.13
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin -> Adobe Flash Player Plugin
    Advanced Registry Optimizer_is1 -> Advanced Registry Optimizer
    Agere Systems Soft Modem -> Agere Systems PCI Soft Modem
    All ATI Software -> ATI - Software Uninstall Utility
    ATI Display Driver -> ATI Display Driver
    Chillin Penguins -> Chillin Penguins Screen Saver
    Chris Moneymakers World Poker Championship -> Chris Moneymakers World Poker Championship (remove only)
    CoffeeCup VisualSite Designer -> CoffeeCup VisualSite Designer
    CONNECT -> CONNECT
    DD Tournament Poker 1.0 -> DD Tournament Poker 1.0
    DVD Decrypter -> DVD Decrypter (Remove Only)
    Easy GIF Animator_is1 -> Easy GIF Animator 3.4
    EMBARQ Help Online -> EMBARQ Help Online
    EMBARQ Remote Control -> EMBARQ Remote Control
    embarqtoolbar -> Embarq Toolbar
    ESPN Java Check -> ESPN Java Check
    Frost Writer -> Frost Writer Screen Saver
    FrostWire -> FrostWire 4.18.4
    Google Updater -> Google Updater
    GoToAssist -> GoToAssist 8.0.0.508
    HitmanPro35 -> Hitman Pro 3.5
    hp print screen utility -> hp print screen utility
    IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
    InboxDollars -> InboxDollars
    InstallShield_{2816F7DF-B377-4E3C-B201-9E2A037078EF} -> 3D Home Architect Home Design SE 6
    InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3} -> Quicken 2005
    InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5} -> VAIO Registration
    InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C} -> OpenMG Secure Module 4.0.00
    InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E} -> VAIO Help and Support
    InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE} -> VAIO Survey Standalone
    InterActual Player -> InterActual Player
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    Messenger Plus! Live -> Messenger Plus! Live
    Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    MoodLogic -> MoodLogic
    Movielink eHome_is1 -> Movielink eHome version 1.1
    Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
    MySpaceIM -> MySpaceIM
    Netscape Online Setup -> Netscape Internet Service Setup
    NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
    OpenMG HotFix4.0-04-06-21-01 -> OpenMG Limited Patch 4.0-04-08-02-01
    PokerStars -> PokerStars
    PokerStars.net -> PokerStars.net
    PROSet -> Intel(R) PRO Network Adapters and Drivers
    RealPlayer 6.0 -> RealPlayer Basic
    Sprint.MccInstall -> EMBARQ Help
    The Weather Channel Desktop 6 -> The Weather Channel Desktop 6
    ViewpointMediaPlayer -> Viewpoint Media Player
    Welcome to VAIO life -> Welcome to VAIO life
    WIC -> Windows Imaging Component
    Windows Media Format Runtime -> Windows Media Format Runtime
    Windows XP Service Pack -> Windows XP Service Pack 3
    WinLiveSuite_Wave3 -> Windows Live Essentials
    World Series of Poker TOC -> World Series of Poker: TOC
    Yahoo! Companion -> Yahoo! Toolbar
    Yahoo! Customizations -> Yahoo! extras
    Yahoo! Internet Mail -> Yahoo! Internet Mail
    Yahoo! Messenger -> Yahoo! Messenger
    YInstHelper -> Yahoo! Install Manager
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/25/2010 8:19:14 AM Computer Name = KOHN | Source = Application Error | ID = 1000 -> Description = Faulting application desktopweather.exe, version 6.0.0.15, faulting module desktopweather.exe, version 6.0.0.15, fault address 0x0000513c.
    Application [ Error ] 4/25/2010 9:17:47 AM Computer Name = KOHN | Source = COM+ | ID = 135761 -> Description = The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector fail
    Application [ Error ] 4/26/2010 5:12:21 AM Computer Name = KOHN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting module mshtml.dll, version 7.0.6000.17023, fault address 0x0017cdf8.
    Application [ Error ] 4/26/2010 8:05:54 AM Computer Name = KOHN | Source = LoadPerf | ID = 3001 -> Description = The performance counter name string value in the registry is incorrectly  formatted. The bogus string is 3998, the bogus index value is the first  DWORD in Data section while the last valid index values are the second and  third DWORD in Data section.
    Application [ Error ] 4/26/2010 8:05:54 AM Computer Name = KOHN | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The  Error code is the first DWORD in Data section.
    Application [ Error ] 4/26/2010 8:05:58 AM Computer Name = KOHN | Source = LoadPerf | ID = 3001 -> Description = The performance counter name string value in the registry is incorrectly  formatted. The bogus string is 3998, the bogus index value is the first  DWORD in Data section while the last valid index values are the second and  third DWORD in Data section.
    Application [ Error ] 4/26/2010 8:05:58 AM Computer Name = KOHN | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The  Error code is the first DWORD in Data section.
    Application [ Error ] 4/26/2010 8:06:00 AM Computer Name = KOHN | Source = LoadPerf | ID = 3001 -> Description = The performance counter name string value in the registry is incorrectly  formatted. The bogus string is 3998, the bogus index value is the first  DWORD in Data section while the last valid index values are the second and  third DWORD in Data section.
    Application [ Error ] 4/26/2010 10:48:47 PM Computer Name = KOHN | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.
    Application [ Error ] 4/26/2010 10:55:31 PM Computer Name = KOHN | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.
    System [ Error ] 4/23/2010 9:58:47 PM Computer Name = KOHN | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page  file on the boot partition and that is large enough to contain all physical  memory.
    System [ Error ] 4/23/2010 10:00:00 PM Computer Name = KOHN | Source = Schedule | ID = 7901 -> Description = The At44.job command failed to start due to the following error:   %%2147942402
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The aswFsBlk service failed to start due to the following error:   %%2
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The avast! Standard Shield Support service failed to start due to the following error:   %%2
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7001 -> Description = The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error:   %%2
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The Avira AntiVir Scheduler service failed to start due to the following error:   %%3
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The Avira AntiVir Guard service failed to start due to the following error:   %%3
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The hpdj service failed to start due to the following error:   %%2
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7000 -> Description = The MCSTRM service failed to start due to the following error:   %%2
    System [ Error ] 4/23/2010 10:00:08 PM Computer Name = KOHN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   Aavmker4  aswSP  aswTdi  avgio  avipbb  SASDIFSV  SASKUTIL  ssmdrv
     
    [Files/Folders - Created Within 30 Days]
     SuperSearch -> C:\Program Files\SuperSearch -> [2010/04/27 02:13:13 | 000,000,000 | ---D | C]
     t2embed.dll -> C:\WINDOWS\System32\dllcache\t2embed.dll -> [2010/04/26 18:21:26 | 000,119,808 | ---- | C] (Microsoft Corporation)
     fontsub.dll -> C:\WINDOWS\System32\dllcache\fontsub.dll -> [2010/04/26 18:21:26 | 000,081,920 | ---- | C] (Microsoft Corporation)
     lsasrv.dll -> C:\WINDOWS\System32\dllcache\lsasrv.dll -> [2010/04/26 18:21:11 | 000,729,088 | ---- | C] (Microsoft Corporation)
     ntoskrnl.exe -> C:\WINDOWS\System32\dllcache\ntoskrnl.exe -> [2010/04/26 18:21:10 | 002,189,952 | ---- | C] (Microsoft Corporation)
     ntkrnlmp.exe -> C:\WINDOWS\System32\dllcache\ntkrnlmp.exe -> [2010/04/26 18:21:10 | 002,146,304 | ---- | C] (Microsoft Corporation)
     ntkrpamp.exe -> C:\WINDOWS\System32\dllcache\ntkrpamp.exe -> [2010/04/26 18:21:09 | 002,024,448 | ---- | C] (Microsoft Corporation)
     netapi32.dll -> C:\WINDOWS\System32\dllcache\netapi32.dll -> [2010/04/26 06:33:29 | 000,337,408 | ---- | C] (Microsoft Corporation)
     Prefetch -> C:\WINDOWS\Prefetch -> [2010/04/26 06:23:40 | 000,000,000 | ---D | C]
     msxml6.dll -> C:\WINDOWS\System32\dllcache\msxml6.dll -> [2010/04/26 06:08:32 | 001,372,672 | ---- | C] (Microsoft Corporation)
     msxml6r.dll -> C:\WINDOWS\System32\dllcache\msxml6r.dll -> [2010/04/26 06:08:32 | 000,079,872 | ---- | C] (Microsoft Corporation)
     irbus.sys -> C:\WINDOWS\System32\drivers\irbus.sys -> [2010/04/26 06:08:20 | 000,046,592 | ---- | C] (Microsoft Corporation)
     smtpapi.dll -> C:\WINDOWS\System32\smtpapi.dll -> [2010/04/26 06:08:20 | 000,010,752 | ---- | C] (Microsoft Corporation)
     rwnh.dll -> C:\WINDOWS\System32\rwnh.dll -> [2010/04/26 06:08:20 | 000,009,728 | ---- | C] (Microsoft Corporation)
     comsdupd.exe -> C:\WINDOWS\System32\comsdupd.exe -> [2010/04/26 06:08:20 | 000,009,728 | ---- | C] (Microsoft Corporation)
     ati3d1ag.dll -> C:\WINDOWS\System32\ati3d1ag.dll -> [2010/04/26 06:08:17 | 000,870,784 | ---- | C] (ATI Technologies Inc. )
     ati2dvaa.dll -> C:\WINDOWS\System32\ati2dvaa.dll -> [2010/04/26 06:08:17 | 000,377,984 | ---- | C] (ATI Technologies Inc.)
     aaclient.dll -> C:\WINDOWS\System32\aaclient.dll -> [2010/04/26 06:08:17 | 000,136,192 | ---- | C] (Microsoft Corporation)
     ativtmxx.dll -> C:\WINDOWS\System32\ativtmxx.dll -> [2010/04/26 06:08:17 | 000,032,768 | ---- | C] (ATI Technologies Inc.)
     ativmvxx.ax -> C:\WINDOWS\System32\ativmvxx.ax -> [2010/04/26 06:08:17 | 000,023,040 | ---- | C] (ATI Technologies Inc.)
     ativdaxx.ax -> C:\WINDOWS\System32\ativdaxx.ax -> [2010/04/26 06:08:17 | 000,009,728 | ---- | C] (ATI Technologies Inc.)
     azroles.dll -> C:\WINDOWS\System32\azroles.dll -> [2010/04/26 06:08:16 | 000,233,472 | ---- | C] (Microsoft Corporation)
     dhcpqec.dll -> C:\WINDOWS\System32\dhcpqec.dll -> [2010/04/26 06:08:16 | 000,048,640 | ---- | C] (Microsoft Corporation)
     dimsroam.dll -> C:\WINDOWS\System32\dimsroam.dll -> [2010/04/26 06:08:16 | 000,039,936 | ---- | C] (Microsoft Corporation)
     dot3api.dll -> C:\WINDOWS\System32\dot3api.dll -> [2010/04/26 06:08:16 | 000,026,112 | ---- | C] (Microsoft Corporation)
     bitsprx4.dll -> C:\WINDOWS\System32\bitsprx4.dll -> [2010/04/26 06:08:16 | 000,007,168 | ---- | C] (Microsoft Corporation)
     dot3ui.dll -> C:\WINDOWS\System32\dot3ui.dll -> [2010/04/26 06:08:15 | 000,650,752 | ---- | C] (Microsoft Corporation)
     eapp3hst.dll -> C:\WINDOWS\System32\eapp3hst.dll -> [2010/04/26 06:08:15 | 000,184,832 | ---- | C] (Microsoft Corporation)
     eapphost.dll -> C:\WINDOWS\System32\eapphost.dll -> [2010/04/26 06:08:15 | 000,180,224 | ---- | C] (Microsoft Corporation)
     eappcfg.dll -> C:\WINDOWS\System32\eappcfg.dll -> [2010/04/26 06:08:15 | 000,126,976 | ---- | C] (Microsoft Corporation)
     eappgnui.dll -> C:\WINDOWS\System32\eappgnui.dll -> [2010/04/26 06:08:15 | 000,094,208 | ---- | C] (Microsoft Corporation)
     eapqec.dll -> C:\WINDOWS\System32\eapqec.dll -> [2010/04/26 06:08:15 | 000,059,392 | ---- | C] (Microsoft Corporation)
     dot3cfg.dll -> C:\WINDOWS\System32\dot3cfg.dll -> [2010/04/26 06:08:15 | 000,057,856 | ---- | C] (Microsoft Corporation)
     dot3msm.dll -> C:\WINDOWS\System32\dot3msm.dll -> [2010/04/26 06:08:15 | 000,056,320 | ---- | C] (Microsoft Corporation)
     eappprxy.dll -> C:\WINDOWS\System32\eappprxy.dll -> [2010/04/26 06:08:15 | 000,040,960 | ---- | C] (Microsoft Corporation)
     dot3gpclnt.dll -> C:\WINDOWS\System32\dot3gpclnt.dll -> [2010/04/26 06:08:15 | 000,039,936 | ---- | C] (Microsoft Corporation)
     eapolqec.dll -> C:\WINDOWS\System32\eapolqec.dll -> [2010/04/26 06:08:15 | 000,030,720 | ---- | C] (Microsoft Corporation)
     dot3dlg.dll -> C:\WINDOWS\System32\dot3dlg.dll -> [2010/04/26 06:08:15 | 000,009,216 | ---- | C] (Microsoft Corporation)
     hsfcisp2.dll -> C:\WINDOWS\System32\hsfcisp2.dll -> [2010/04/26 06:08:13 | 000,032,285 | ---- | C] (Conexant Systems, Inc.)
     kbdpash.dll -> C:\WINDOWS\System32\kbdpash.dll -> [2010/04/26 06:08:12 | 000,006,144 | ---- | C] (Microsoft Corporation)
     kbdnepr.dll -> C:\WINDOWS\System32\kbdnepr.dll -> [2010/04/26 06:08:12 | 000,006,144 | ---- | C] (Microsoft Corporation)
     kbdiultn.dll -> C:\WINDOWS\System32\kbdiultn.dll -> [2010/04/26 06:08:12 | 000,006,144 | ---- | C] (Microsoft Corporation)
     kbdbhc.dll -> C:\WINDOWS\System32\kbdbhc.dll -> [2010/04/26 06:08:12 | 000,006,144 | ---- | C] (Microsoft Corporation)
     mmcex.dll -> C:\WINDOWS\System32\mmcex.dll -> [2010/04/26 06:08:11 | 000,397,312 | ---- | C] (Microsoft Corporation)
     microsoft.managementconsole.dll -> C:\WINDOWS\System32\microsoft.managementconsole.dll -> [2010/04/26 06:08:11 | 000,184,320 | ---- | C] (Microsoft Corporation)
     mssha.dll -> C:\WINDOWS\System32\mssha.dll -> [2010/04/26 06:08:11 | 000,155,136 | ---- | C] (Microsoft Corporation)
     mmcfxcommon.dll -> C:\WINDOWS\System32\mmcfxcommon.dll -> [2010/04/26 06:08:11 | 000,106,496 | ---- | C] (Microsoft Corporation)
     mdmxsdk.dll -> C:\WINDOWS\System32\mdmxsdk.dll -> [2010/04/26 06:08:11 | 000,086,016 | ---- | C] (Conexant)
     l2gpstore.dll -> C:\WINDOWS\System32\l2gpstore.dll -> [2010/04/26 06:08:11 | 000,037,376 | ---- | C] (Microsoft Corporation)
     mmcperf.exe -> C:\WINDOWS\System32\mmcperf.exe -> [2010/04/26 06:08:11 | 000,033,792 | ---- | C] (Microsoft Corporation)
     nv4_disp.dll -> C:\WINDOWS\System32\nv4_disp.dll -> [2010/04/26 06:08:10 | 004,274,816 | ---- | C] (NVIDIA Corporation)
     mtxparhd.dll -> C:\WINDOWS\System32\mtxparhd.dll -> [2010/04/26 06:08:10 | 001,737,856 | ---- | C] (Matrox Graphics Inc.)
     napmontr.dll -> C:\WINDOWS\System32\napmontr.dll -> [2010/04/26 06:08:10 | 000,193,024 | ---- | C] (Microsoft Corporation)
     napstat.exe -> C:\WINDOWS\System32\napstat.exe -> [2010/04/26 06:08:10 | 000,176,640 | ---- | C] (Microsoft Corporation)
     onex.dll -> C:\WINDOWS\System32\onex.dll -> [2010/04/26 06:08:10 | 000,144,384 | ---- | C] (Microsoft Corporation)
     msshavmsg.dll -> C:\WINDOWS\System32\msshavmsg.dll -> [2010/04/26 06:08:10 | 000,076,800 | ---- | C] (Microsoft Corporation)
     napipsec.dll -> C:\WINDOWS\System32\napipsec.dll -> [2010/04/26 06:08:10 | 000,030,208 | ---- | C] (Microsoft Corporation)
     s3gnb.dll -> C:\WINDOWS\System32\s3gnb.dll -> [2010/04/26 06:08:09 | 000,397,056 | ---- | C] (S3 Graphics, Inc.)
     rhttpaa.dll -> C:\WINDOWS\System32\rhttpaa.dll -> [2010/04/26 06:08:09 | 000,290,304 | ---- | C] (Microsoft Corporation)
     qagent.dll -> C:\WINDOWS\System32\qagent.dll -> [2010/04/26 06:08:09 | 000,150,528 | ---- | C] (Microsoft Corporation)
     qutil.dll -> C:\WINDOWS\System32\qutil.dll -> [2010/04/26 06:08:09 | 000,076,800 | ---- | C] (Microsoft Corporation)
     qcliprov.dll -> C:\WINDOWS\System32\qcliprov.dll -> [2010/04/26 06:08:09 | 000,062,464 | ---- | C] (Microsoft Corporation)
     rasqec.dll -> C:\WINDOWS\System32\rasqec.dll -> [2010/04/26 06:08:09 | 000,061,952 | ---- | C] (Microsoft Corporation)
     slextspk.dll -> C:\WINDOWS\System32\slextspk.dll -> [2010/04/26 06:08:08 | 000,286,792 | ---- | C] (Smart Link)
     slgen.dll -> C:\WINDOWS\System32\slgen.dll -> [2010/04/26 06:08:08 | 000,188,508 | ---- | C] (Smart Link)
     slcoinst.dll -> C:\WINDOWS\System32\slcoinst.dll -> [2010/04/26 06:08:08 | 000,073,832 | ---- | C] (Smart Link)
     slserv.exe -> C:\WINDOWS\System32\slserv.exe -> [2010/04/26 06:08:08 | 000,073,796 | ---- | C] (Smart Link)
     slrundll.exe -> C:\WINDOWS\System32\slrundll.exe -> [2010/04/26 06:08:08 | 000,032,866 | ---- | C] (Smart Link)
     setupn.exe -> C:\WINDOWS\System32\setupn.exe -> [2010/04/26 06:08:08 | 000,032,768 | ---- | C] (Microsoft Corporation)
     tsgqec.dll -> C:\WINDOWS\System32\tsgqec.dll -> [2010/04/26 06:08:07 | 000,053,248 | ---- | C] (Microsoft Corporation)
     wlanapi.dll -> C:\WINDOWS\System32\wlanapi.dll -> [2010/04/26 06:08:06 | 000,069,120 | ---- | C] (Microsoft Corporation)
     slrundll.exe -> C:\WINDOWS\slrundll.exe -> [2010/04/26 06:08:05 | 000,032,866 | ---- | C] (Smart Link)
     scripting -> C:\WINDOWS\System32\scripting -> [2010/04/26 06:08:04 | 000,000,000 | ---D | C]
     msn -> C:\Program Files\msn -> [2010/04/26 06:08:02 | 000,000,000 | ---D | C]
     l2schemas -> C:\WINDOWS\l2schemas -> [2010/04/26 06:08:02 | 000,000,000 | ---D | C]
     en -> C:\WINDOWS\System32\en -> [2010/04/26 06:08:02 | 000,000,000 | ---D | C]
     bits -> C:\WINDOWS\System32\bits -> [2010/04/26 06:08:01 | 000,000,000 | ---D | C]
     adv01nt5.dll -> C:\WINDOWS\System32\drivers\adv01nt5.dll -> [2010/04/26 06:01:40 | 000,004,255 | ---- | C] (Intel(R) Corporation)
     adv02nt5.dll -> C:\WINDOWS\System32\drivers\adv02nt5.dll -> [2010/04/26 06:01:40 | 000,003,967 | ---- | C] (Intel(R) Corporation)
     adv11nt5.dll -> C:\WINDOWS\System32\drivers\adv11nt5.dll -> [2010/04/26 06:01:40 | 000,003,775 | ---- | C] (Intel(R) Corporation)
     adv09nt5.dll -> C:\WINDOWS\System32\drivers\adv09nt5.dll -> [2010/04/26 06:01:40 | 000,003,711 | ---- | C] (Intel(R) Corporation)
     adv07nt5.dll -> C:\WINDOWS\System32\drivers\adv07nt5.dll -> [2010/04/26 06:01:40 | 000,003,647 | ---- | C] (Intel(R) Corporation)
     adv05nt5.dll -> C:\WINDOWS\System32\drivers\adv05nt5.dll -> [2010/04/26 06:01:40 | 000,003,615 | ---- | C] (Intel(R) Corporation)
     adv08nt5.dll -> C:\WINDOWS\System32\drivers\adv08nt5.dll -> [2010/04/26 06:01:40 | 000,003,135 | ---- | C] (Intel(R) Corporation)
     network diagnostic -> C:\WINDOWS\network diagnostic -> [2010/04/26 06:01:40 | 000,000,000 | ---D | C]
     ati2mtaa.sys -> C:\WINDOWS\System32\drivers\ati2mtaa.sys -> [2010/04/26 06:01:39 | 000,327,040 | ---- | C] (ATI Technologies Inc.)
     atinrvxx.sys -> C:\WINDOWS\System32\drivers\atinrvxx.sys -> [2010/04/26 06:01:39 | 000,104,960 | ---- | C] (ATI Technologies Inc.)
     ati1rvxx.sys -> C:\WINDOWS\System32\drivers\ati1rvxx.sys -> [2010/04/26 06:01:39 | 000,063,663 | ---- | C] (ATI Technologies Inc.)
     atinbtxx.sys -> C:\WINDOWS\System32\drivers\atinbtxx.sys -> [2010/04/26 06:01:39 | 000,057,856 | ---- | C] (ATI Technologies Inc.)
     ati1btxx.sys -> C:\WINDOWS\System32\drivers\ati1btxx.sys -> [2010/04/26 06:01:39 | 000,056,623 | ---- | C] (ATI Technologies Inc.)
     atinraxx.sys -> C:\WINDOWS\System32\drivers\atinraxx.sys -> [2010/04/26 06:01:39 | 000,052,224 | ---- | C] (ATI Technologies Inc.)
     amdagp.sys -> C:\WINDOWS\System32\drivers\amdagp.sys -> [2010/04/26 06:01:39 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.)
     ati1tuxx.sys -> C:\WINDOWS\System32\drivers\ati1tuxx.sys -> [2010/04/26 06:01:39 | 000,036,463 | ---- | C] (ATI Technologies Inc.)
     ati1xsxx.sys -> C:\WINDOWS\System32\drivers\ati1xsxx.sys -> [2010/04/26 06:01:39 | 000,034,735 | ---- | C] (ATI Technologies Inc.)
     ati1raxx.sys -> C:\WINDOWS\System32\drivers\ati1raxx.sys -> [2010/04/26 06:01:39 | 000,030,671 | ---- | C] (ATI Technologies Inc.)
     ati1xbxx.sys -> C:\WINDOWS\System32\drivers\ati1xbxx.sys -> [2010/04/26 06:01:39 | 000,029,455 | ---- | C] (ATI Technologies Inc.)
     atinsnxx.sys -> C:\WINDOWS\System32\drivers\atinsnxx.sys -> [2010/04/26 06:01:39 | 000,028,672 | ---- | C] (ATI Technologies Inc.)
     ati1snxx.sys -> C:\WINDOWS\System32\drivers\ati1snxx.sys -> [2010/04/26 06:01:39 | 000,026,367 | ---- | C] (ATI Technologies Inc.)
     ati1ttxx.sys -> C:\WINDOWS\System32\drivers\ati1ttxx.sys -> [2010/04/26 06:01:39 | 000,021,343 | ---- | C] (ATI Technologies Inc.)
     atinpdxx.sys -> C:\WINDOWS\System32\drivers\atinpdxx.sys -> [2010/04/26 06:01:39 | 000,014,336 | ---- | C] (ATI Technologies Inc.)
     atinttxx.sys -> C:\WINDOWS\System32\drivers\atinttxx.sys -> [2010/04/26 06:01:39 | 000,013,824 | ---- | C] (ATI Technologies Inc.)
     atinmdxx.sys -> C:\WINDOWS\System32\drivers\atinmdxx.sys -> [2010/04/26 06:01:39 | 000,013,824 | ---- | C] (ATI Technologies Inc.)
     ati1pdxx.sys -> C:\WINDOWS\System32\drivers\ati1pdxx.sys -> [2010/04/26 06:01:39 | 000,012,047 | ---- | C] (ATI Technologies Inc.)
     ati1mdxx.sys -> C:\WINDOWS\System32\drivers\ati1mdxx.sys -> [2010/04/26 06:01:39 | 000,011,615 | ---- | C] (ATI Technologies Inc.)
     atintuxx.sys -> C:\WINDOWS\System32\drivers\atintuxx.sys -> [2010/04/26 06:01:38 | 000,073,216 | ---- | C] (ATI Technologies Inc.)
     atinxsxx.sys -> C:\WINDOWS\System32\drivers\atinxsxx.sys -> [2010/04/26 06:01:38 | 000,063,488 | ---- | C] (ATI Technologies Inc.)
     atinxbxx.sys -> C:\WINDOWS\System32\drivers\atinxbxx.sys -> [2010/04/26 06:01:38 | 000,031,744 | ---- | C] (ATI Technologies Inc.)
     atv04nt5.dll -> C:\WINDOWS\System32\drivers\atv04nt5.dll -> [2010/04/26 06:01:38 | 000,025,471 | ---- | C] (Intel(R) Corporation)
     atv01nt5.dll -> C:\WINDOWS\System32\drivers\atv01nt5.dll -> [2010/04/26 06:01:38 | 000,021,183 | ---- | C] (Intel(R) Corporation)
     atv10nt5.dll -> C:\WINDOWS\System32\drivers\atv10nt5.dll -> [2010/04/26 06:01:38 | 000,017,279 | ---- | C] (Intel(R) Corporation)
     atv06nt5.dll -> C:\WINDOWS\System32\drivers\atv06nt5.dll -> [2010/04/26 06:01:38 | 000,014,143 | ---- | C] (Intel(R) Corporation)
     atv02nt5.dll -> C:\WINDOWS\System32\drivers\atv02nt5.dll -> [2010/04/26 06:01:38 | 000,011,359 | ---- | C] (Intel(R) Corporation)
     bthprint.sys -> C:\WINDOWS\System32\drivers\bthprint.sys -> [2010/04/26 06:01:37 | 000,036,480 | ---- | C] (Microsoft Corporation)
     ch7xxnt5.dll -> C:\WINDOWS\System32\drivers\ch7xxnt5.dll -> [2010/04/26 06:01:37 | 000,015,423 | ---- | C] (Intel(R) Corporation)
     mtlstrm.sys -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> [2010/04/26 06:01:35 | 001,309,184 | ---- | C] (Smart Link)
     mtxparhm.sys -> C:\WINDOWS\System32\drivers\mtxparhm.sys -> [2010/04/26 06:01:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.)
     mtlmnt5.sys -> C:\WINDOWS\System32\drivers\mtlmnt5.sys -> [2010/04/26 06:01:35 | 000,126,686 | ---- | C] (Smart Link)
     nv4_mini.sys -> C:\WINDOWS\System32\drivers\nv4_mini.sys -> [2010/04/26 06:01:34 | 001,897,408 | ---- | C] (NVIDIA Corporation)
     ntmtlfax.sys -> C:\WINDOWS\System32\drivers\ntmtlfax.sys -> [2010/04/26 06:01:34 | 000,180,360 | ---- | C] (Smart Link)
     s3gnbm.sys -> C:\WINDOWS\System32\drivers\s3gnbm.sys -> [2010/04/26 06:01:34 | 000,166,912 | ---- | C] (S3 Graphics, Inc.)
     rndismpx.sys -> C:\WINDOWS\System32\drivers\rndismpx.sys -> [2010/04/26 06:01:34 | 000,030,592 | ---- | C] (Microsoft Corporation)
     recagent.sys -> C:\WINDOWS\System32\drivers\recagent.sys -> [2010/04/26 06:01:34 | 000,013,776 | ---- | C] (Smart Link)
     mutohpen.sys -> C:\WINDOWS\System32\drivers\mutohpen.sys -> [2010/04/26 06:01:34 | 000,012,672 | ---- | C] (Microsoft Corporation)
     slntamr.sys -> C:\WINDOWS\System32\drivers\slntamr.sys -> [2010/04/26 06:01:33 | 000,404,990 | ---- | C] (Smart Link)
     slnt7554.sys -> C:\WINDOWS\System32\drivers\slnt7554.sys -> [2010/04/26 06:01:33 | 000,129,535 | ---- | C] (Smart Link)
     slnthal.sys -> C:\WINDOWS\System32\drivers\slnthal.sys -> [2010/04/26 06:01:33 | 000,095,424 | ---- | C] (Smart Link)
     sisagp.sys -> C:\WINDOWS\System32\drivers\sisagp.sys -> [2010/04/26 06:01:33 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation)
     slwdmsup.sys -> C:\WINDOWS\System32\drivers\slwdmsup.sys -> [2010/04/26 06:01:33 | 000,013,240 | ---- | C] (Smart Link)
     smbali.sys -> C:\WINDOWS\System32\drivers\smbali.sys -> [2010/04/26 06:01:33 | 000,005,888 | ---- | C] (Microsoft Corporation)
     siint5.dll -> C:\WINDOWS\System32\drivers\siint5.dll -> [2010/04/26 06:01:33 | 000,003,901 | ---- | C] (Intel(R) Corporation)
     watv10nt.sys -> C:\WINDOWS\System32\drivers\watv10nt.sys -> [2010/04/26 06:01:32 | 000,025,471 | ---- | C] (Intel(R) Corporation)
     watv06nt.sys -> C:\WINDOWS\System32\drivers\watv06nt.sys -> [2010/04/26 06:01:32 | 000,022,271 | ---- | C] (Intel(R) Corporation)
     wadv11nt.sys -> C:\WINDOWS\System32\drivers\wadv11nt.sys -> [2010/04/26 06:01:32 | 000,011,935 | ---- | C] (Intel(R) Corporation)
     wadv09nt.sys -> C:\WINDOWS\System32\drivers\wadv09nt.sys -> [2010/04/26 06:01:32 | 000,011,871 | ---- | C] (Intel(R) Corporation)
     wadv07nt.sys -> C:\WINDOWS\System32\drivers\wadv07nt.sys -> [2010/04/26 06:01:32 | 000,011,807 | ---- | C] (Intel(R) Corporation)
     vchnt5.dll -> C:\WINDOWS\System32\drivers\vchnt5.dll -> [2010/04/26 06:01:32 | 000,011,325 | ---- | C] (Intel(R) Corporation)
     wadv08nt.sys -> C:\WINDOWS\System32\drivers\wadv08nt.sys -> [2010/04/26 06:01:32 | 000,011,295 | ---- | C] (Intel(R) Corporation)
     $NtServicePackUninstall$ -> C:\WINDOWS\$NtServicePackUninstall$ -> [2010/04/26 05:54:33 | 000,000,000 | -H-D | C]
     xpssvcs.dll -> C:\WINDOWS\System32\xpssvcs.dll -> [2010/04/26 05:08:19 | 001,676,288 | ---- | C] (Microsoft Corporation)
     xpssvcs.dll -> C:\WINDOWS\System32\dllcache\xpssvcs.dll -> [2010/04/26 05:08:19 | 001,676,288 | ---- | C] (Microsoft Corporation)
     printfilterpipelinesvc.exe -> C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe -> [2010/04/26 05:08:19 | 000,597,504 | ---- | C] (Microsoft Corporation)
     xpsshhdr.dll -> C:\WINDOWS\System32\dllcache\xpsshhdr.dll -> [2010/04/26 05:08:19 | 000,575,488 | ---- | C] (Microsoft Corporation)
     prntvpt.dll -> C:\WINDOWS\System32\prntvpt.dll -> [2010/04/26 05:08:19 | 000,117,760 | ---- | C] (Microsoft Corporation)
     filterpipelineprintproc.dll -> C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll -> [2010/04/26 05:08:19 | 000,089,088 | ---- | C] (Microsoft Corporation)
     f4ec63edd9d733cfb1c619476f -> C:\f4ec63edd9d733cfb1c619476f -> [2010/04/26 05:08:18 | 000,000,000 | ---D | C]
     ie7updates -> C:\WINDOWS\ie7updates -> [2010/04/25 06:29:07 | 000,000,000 | ---D | C]
     Threat Expert -> C:\Documents and Settings\Chris\Local Settings\Application Data\Threat Expert -> [2010/04/25 00:32:23 | 000,000,000 | ---D | C]
     Recent -> C:\Documents and Settings\Chris\Recent -> [2010/04/23 19:11:25 | 000,000,000 | RH-D | C]
     WBEM -> C:\WINDOWS\WBEM -> [2010/04/23 18:44:29 | 000,000,000 | ---D | C]
     ie7 -> C:\WINDOWS\ie7 -> [2010/04/23 18:42:44 | 000,000,000 | -H-D | C]
     $NtServicePackUninstallIDNMitigationAPIs$ -> C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ -> [2010/04/23 18:42:15 | 000,000,000 | -H-D | C]
     $NtServicePackUninstallNLSDownlevelMapping$ -> C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ -> [2010/04/23 18:41:32 | 000,000,000 | -H-D | C]
     FCTB000062133 -> C:\Documents and Settings\Chris\Application Data\FCTB000062133 -> [2010/04/20 11:30:59 | 000,000,000 | ---D | C]
     Sammsoft -> C:\Documents and Settings\Chris\Application Data\Sammsoft -> [2010/04/20 11:26:59 | 000,000,000 | ---D | C]
     Advanced Registry Optimizer -> C:\Program Files\Advanced Registry Optimizer -> [2010/04/20 11:26:45 | 000,000,000 | ---D | C]
     The Weather Channel FW -> C:\Program Files\The Weather Channel FW -> [2010/04/20 11:25:10 | 000,000,000 | ---D | C]
     The Weather Channel -> C:\Documents and Settings\Chris\Local Settings\Application Data\The Weather Channel -> [2010/04/20 11:24:56 | 000,000,000 | ---D | C]
     AdobeUM -> C:\Documents and Settings\Chris\Application Data\AdobeUM -> [2010/04/20 11:01:38 | 000,000,000 | ---D | C]
     Hitman Pro -> C:\Documents and Settings\All Users\Application Data\Hitman Pro -> [2010/04/20 01:57:47 | 000,000,000 | ---D | C]
     Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2010/04/20 01:57:44 | 000,000,000 | ---D | C]
     mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/04/19 23:10:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
     mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/04/19 23:10:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
     Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2010/04/19 21:04:19 | 000,000,000 | ---D | C]
     LimeWire -> C:\Program Files\LimeWire -> [2010/04/19 20:50:28 | 000,000,000 | ---D | C]
     InboxDollars -> C:\Program Files\InboxDollars -> [2010/04/19 18:38:05 | 000,000,000 | ---D | C]
     XPSViewer -> C:\WINDOWS\System32\XPSViewer -> [2010/04/19 04:55:07 | 000,000,000 | ---D | C]
     MSBuild -> C:\Program Files\MSBuild -> [2010/04/19 04:55:03 | 000,000,000 | ---D | C]
     en-US -> C:\WINDOWS\System32\en-US -> [2010/04/19 04:55:01 | 000,000,000 | ---D | C]
     Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2010/04/19 04:54:55 | 000,000,000 | ---D | C]
     MSXML 6.0 -> C:\Program Files\MSXML 6.0 -> [2010/04/19 04:50:20 | 000,000,000 | ---D | C]
     58510b6b1fe7d70a85 -> C:\58510b6b1fe7d70a85 -> [2010/04/19 04:49:36 | 000,000,000 | ---D | C]
     d4bdb14e3502038fff687c1c42 -> C:\d4bdb14e3502038fff687c1c42 -> [2010/04/19 04:49:32 | 000,000,000 | ---D | C]
     Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2010/04/19 02:21:03 | 000,000,000 | ---D | C]
     Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/04/18 11:55:02 | 000,000,000 | ---D | C]
     mrxsmb.sys -> C:\WINDOWS\System32\dllcache\mrxsmb.sys -> [2010/04/17 14:37:17 | 000,455,680 | ---- | C] (Microsoft Corporation)
     Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/04/17 11:57:15 | 000,000,000 | ---D | C]
     Downloads -> C:\Documents and Settings\Chris\My Documents\Downloads -> [2010/04/16 02:44:18 | 000,000,000 | ---D | C]
     64af206709a094754f14a318d3 -> C:\64af206709a094754f14a318d3 -> [2010/04/16 02:01:38 | 000,000,000 | ---D | C]
     EMBARQTOOLBAR -> C:\Documents and Settings\NetworkService\Application Data\EMBARQTOOLBAR -> [2010/04/12 12:32:23 | 000,000,000 | ---D | C]
     Sun -> C:\Documents and Settings\Chris\Application Data\Sun -> [2010/04/11 18:34:38 | 000,000,000 | ---D | C]
     Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/04/10 22:31:07 | 000,000,000 | ---D | C]
     Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/04/10 22:31:03 | 000,000,000 | ---D | C]
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/04/27 12:18:00 | 000,000,338 | ---- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/27 12:09:01 | 000,000,886 | ---- | M] ()
     At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/04/27 12:00:00 | 000,000,416 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/27 11:27:47 | 000,000,882 | ---- | M] ()
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/27 11:27:41 | 000,000,006 | -H-- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/27 11:27:39 | 000,002,048 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/04/27 11:27:36 | 1072,480,256 | -HS- | M] ()
     ntuser.dat -> C:\Documents and Settings\Chris\ntuser.dat -> [2010/04/27 11:25:22 | 002,621,440 | -H-- | M] ()
     ntuser.ini -> C:\Documents and Settings\Chris\ntuser.ini -> [2010/04/27 11:25:22 | 000,000,278 | -HS- | M] ()
     c7vdif -> C:\Documents and Settings\All Users\Application Data\c7vdif -> [2010/04/27 11:24:41 | 000,006,260 | -HS- | M] ()
     c7vdif -> C:\Documents and Settings\Chris\Local Settings\Application Data\c7vdif -> [2010/04/27 11:24:40 | 000,006,260 | -HS- | M] ()
     hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2010/04/27 11:23:16 | 000,015,944 | ---- | M] ()
     At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/04/27 11:18:00 | 000,000,338 | ---- | M] ()
     perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/04/27 11:03:14 | 000,475,076 | ---- | M] ()
     perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/04/27 11:03:14 | 000,084,920 | ---- | M] ()
     PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/04/27 11:03:13 | 000,570,046 | ---- | M] ()
     At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/04/27 11:00:00 | 000,000,416 | ---- | M] ()
     At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/04/27 10:18:00 | 000,000,338 | ---- | M] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/04/27 10:14:46 | 000,001,374 | ---- | M] ()
     At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/04/27 10:00:00 | 000,000,416 | ---- | M] ()
     Clean Registry for Free!.lnk -> C:\Documents and Settings\Chris\Desktop\Clean Registry for Free!.lnk -> [2010/04/27 09:56:42 | 000,001,594 | ---- | M] ()
     At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/04/27 09:18:00 | 000,000,338 | ---- | M] ()
     At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/04/27 09:00:00 | 000,000,416 | ---- | M] ()
     At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/04/27 08:18:00 | 000,000,338 | ---- | M] ()
     At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/04/27 08:00:00 | 000,000,416 | ---- | M] ()
     At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/04/27 07:18:00 | 000,000,338 | ---- | M] ()
     At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/04/27 07:00:00 | 000,000,416 | ---- | M] ()
     At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/04/27 06:18:00 | 000,000,338 | ---- | M] ()
     At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/04/27 06:00:00 | 000,000,416 | ---- | M] ()
     At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/04/27 05:18:00 | 000,000,338 | ---- | M] ()
     At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/04/27 05:00:00 | 000,000,416 | ---- | M] ()
     At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/04/27 04:18:00 | 000,000,338 | ---- | M] ()
     At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/04/27 04:00:00 | 000,000,416 | ---- | M] ()
     At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/04/27 03:18:00 | 000,000,338 | ---- | M] ()
     At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/04/27 03:00:00 | 000,000,416 | ---- | M] ()
     At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/04/27 02:18:00 | 000,000,338 | ---- | M] ()
     At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/04/27 02:00:00 | 000,000,416 | ---- | M] ()
     At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/04/27 01:18:00 | 000,000,338 | ---- | M] ()
     At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/04/27 01:00:00 | 000,000,416 | ---- | M] ()
     At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/04/27 00:42:00 | 000,000,416 | ---- | M] ()
     At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/04/27 00:18:00 | 000,000,338 | ---- | M] ()
     SBRC.dat -> C:\WINDOWS\System32\SBRC.dat -> [2010/04/27 00:06:30 | 000,000,208 | ---- | M] ()
     At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/04/26 23:18:00 | 000,000,338 | ---- | M] ()
     At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/04/26 23:00:00 | 000,000,416 | ---- | M] ()
     At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/04/26 22:18:00 | 000,000,338 | ---- | M] ()
     At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/04/26 22:00:00 | 000,000,416 | ---- | M] ()
     At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/04/26 21:18:00 | 000,000,338 | ---- | M] ()
     At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/04/26 21:00:00 | 000,000,416 | ---- | M] ()
     At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/04/26 20:18:00 | 000,000,338 | ---- | M] ()
     At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/04/26 20:00:00 | 000,000,416 | ---- | M] ()
     At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/04/26 19:18:00 | 000,000,338 | ---- | M] ()
     At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/04/26 19:00:00 | 000,000,416 | ---- | M] ()
     At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/04/26 18:18:01 | 000,000,338 | ---- | M] ()
     At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/04/26 18:00:00 | 000,000,416 | ---- | M] ()
     At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/04/26 17:18:00 | 000,000,338 | ---- | M] ()
     At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/04/26 17:00:00 | 000,000,416 | ---- | M] ()
     At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/04/26 16:18:00 | 000,000,338 | ---- | M] ()
     At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/04/26 16:00:00 | 000,000,416 | ---- | M] ()
     At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/04/26 15:18:00 | 000,000,338 | ---- | M] ()
     At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/04/26 15:00:00 | 000,000,416 | ---- | M] ()
     At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/04/26 14:18:00 | 000,000,338 | ---- | M] ()
     At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/04/26 14:00:00 | 000,000,416 | ---- | M] ()
     At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/04/26 13:18:00 | 000,000,338 | ---- | M] ()
     At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/04/26 13:00:00 | 000,000,416 | ---- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/04/26 08:36:36 | 000,176,264 | ---- | M] ()
     .crusader -> C:\WINDOWS\System32\.crusader -> [2010/04/26 08:34:42 | 000,000,540 | ---- | M] ()
     b08620CF7A25y -> C:\Documents and Settings\Chris\Local Settings\Application Data\b08620CF7A25y -> [2010/04/26 08:29:33 | 000,015,552 | -HS- | M] ()
     b08620CF7A25y -> C:\Documents and Settings\All Users\Application Data\b08620CF7A25y -> [2010/04/26 08:29:33 | 000,015,552 | -HS- | M] ()
     GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/04/26 08:23:56 | 000,038,784 | ---- | M] ()
     intelide.sys -> C:\WINDOWS\System32\dllcache\intelide.sys -> [2010/04/26 06:38:29 | 000,005,504 | ---- | M] (Microsoft Corporation)
     WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2010/04/26 06:29:29 | 000,316,640 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/26 06:23:59 | 000,001,158 | ---- | M] ()
     ntldr -> C:\ntldr -> [2010/04/26 06:00:57 | 000,250,048 | RHS- | M] ()
     intro.zip -> C:\Documents and Settings\Chris\My Documents\intro.zip -> [2010/04/25 19:33:25 | 024,727,124 | ---- | M] ()
     boot.ini -> C:\boot.ini -> [2010/04/25 06:17:16 | 000,000,209 | RHS- | M] ()
     win.ini -> C:\WINDOWS\win.ini -> [2010/04/25 06:17:14 | 000,000,609 | ---- | M] ()
     system.ini -> C:\WINDOWS\system.ini -> [2010/04/25 06:17:14 | 000,000,227 | ---- | M] ()
     template-9142655936807084955.xml -> C:\Documents and Settings\Chris\My Documents\template-9142655936807084955.xml -> [2010/04/24 03:38:13 | 000,044,018 | ---- | M] ()
     0D2HvP -> C:\Documents and Settings\Chris\Local Settings\Application Data\0D2HvP -> [2010/04/23 17:30:09 | 000,012,744 | -HS- | M] ()
     0D2HvP -> C:\Documents and Settings\All Users\Application Data\0D2HvP -> [2010/04/23 17:30:09 | 000,012,744 | -HS- | M] ()
     Live PC Help.lnk -> C:\Documents and Settings\Chris\Desktop\Live PC Help.lnk -> [2010/04/23 10:22:18 | 000,001,148 | ---- | M] ()
     Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/20 12:46:10 | 000,001,602 | ---- | M] ()
     The Weather Channel Desktop .lnk -> C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk -> [2010/04/20 11:25:23 | 000,000,910 | ---- | M] ()
     Hitman Pro 3.5.lnk -> C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk -> [2010/04/20 01:57:46 | 000,001,684 | ---- | M] ()
     Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 23:10:34 | 000,000,696 | ---- | M] ()
     yaG3YsQ4geFa -> C:\Documents and Settings\All Users\Application Data\yaG3YsQ4geFa -> [2010/04/19 09:43:35 | 000,014,420 | -HS- | M] ()
     1LKwMuQ -> C:\Documents and Settings\All Users\Application Data\1LKwMuQ -> [2010/04/19 01:10:25 | 000,013,484 | -HS- | M] ()
     477HVAd60yj -> C:\Documents and Settings\All Users\Application Data\477HVAd60yj -> [2010/04/18 12:53:55 | 000,011,190 | -HS- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/14 17:38:05 | 000,000,284 | ---- | M] ()
     358G0OH34.dat -> C:\Documents and Settings\All Users\Application Data\358G0OH34.dat -> [2010/04/13 16:54:28 | 000,000,112 | ---- | M] ()
     RmCrBKDhmG5b -> C:\Documents and Settings\Chris\Local Settings\Application Data\RmCrBKDhmG5b -> [2010/04/11 18:42:25 | 000,016,880 | -HS- | M] ()
     RmCrBKDhmG5b -> C:\Documents and Settings\All Users\Application Data\RmCrBKDhmG5b -> [2010/04/11 18:42:25 | 000,016,880 | -HS- | M] ()
     IconCache.db -> C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db -> [2010/04/11 17:52:47 | 004,288,748 | -H-- | M] ()
     intelide(2).sys -> C:\WINDOWS\System32\dllcache\intelide(2).sys -> [2010/04/11 14:39:03 | 000,005,504 | ---- | M] (Microsoft Corporation)
     intelide(3).sys -> C:\WINDOWS\System32\dllcache\intelide(3).sys -> [2010/04/10 23:32:16 | 000,005,504 | ---- | M] (Microsoft Corporation)
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/04/10 09:28:28 | 000,000,664 | ---- | M] ()
     mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files - No Company Name]
     c7vdif -> C:\Documents and Settings\Chris\Local Settings\Application Data\c7vdif -> [2010/04/27 11:16:34 | 000,006,260 | -HS- | C] ()
     c7vdif -> C:\Documents and Settings\All Users\Application Data\c7vdif -> [2010/04/27 11:16:34 | 000,006,260 | -HS- | C] ()
     Clean Registry for Free!.lnk -> C:\Documents and Settings\Chris\Desktop\Clean Registry for Free!.lnk -> [2010/04/27 09:56:41 | 000,001,594 | ---- | C] ()
     b08620CF7A25y -> C:\Documents and Settings\Chris\Local Settings\Application Data\b08620CF7A25y -> [2010/04/26 08:23:47 | 000,015,552 | -HS- | C] ()
     b08620CF7A25y -> C:\Documents and Settings\All Users\Application Data\b08620CF7A25y -> [2010/04/26 08:23:47 | 000,015,552 | -HS- | C] ()
     ativmc20.cod -> C:\WINDOWS\System32\drivers\ativmc20.cod -> [2010/04/26 06:01:38 | 000,064,352 | ---- | C] ()
     cxthsfs2.cty -> C:\WINDOWS\System32\drivers\cxthsfs2.cty -> [2010/04/26 06:01:37 | 000,129,045 | ---- | C] ()
     netwlan5.img -> C:\WINDOWS\System32\drivers\netwlan5.img -> [2010/04/26 06:01:34 | 000,067,866 | ---- | C] ()
     intro.zip -> C:\Documents and Settings\Chris\My Documents\intro.zip -> [2010/04/25 19:33:22 | 024,727,124 | ---- | C] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/04/25 06:29:33 | 000,001,374 | ---- | C] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/04/25 05:05:45 | 1072,480,256 | -HS- | C] ()
     template-9142655936807084955.xml -> C:\Documents and Settings\Chris\My Documents\template-9142655936807084955.xml -> [2010/04/24 00:59:35 | 000,044,018 | ---- | C] ()
     0D2HvP -> C:\Documents and Settings\Chris\Local Settings\Application Data\0D2HvP -> [2010/04/23 14:29:43 | 000,012,744 | -HS- | C] ()
     0D2HvP -> C:\Documents and Settings\All Users\Application Data\0D2HvP -> [2010/04/23 14:29:43 | 000,012,744 | -HS- | C] ()
     Live PC Help.lnk -> C:\Documents and Settings\Chris\Desktop\Live PC Help.lnk -> [2010/04/23 10:22:18 | 000,001,148 | ---- | C] ()
     Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/20 12:46:10 | 000,001,602 | ---- | C] ()
     The Weather Channel Desktop .lnk -> C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk -> [2010/04/20 11:25:23 | 000,000,910 | ---- | C] ()
     .crusader -> C:\WINDOWS\System32\.crusader -> [2010/04/20 02:22:28 | 000,000,540 | ---- | C] ()
     hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2010/04/20 01:58:15 | 000,015,944 | ---- | C] ()
     Hitman Pro 3.5.lnk -> C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk -> [2010/04/20 01:57:46 | 000,001,684 | ---- | C] ()
     Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 23:10:34 | 000,000,696 | ---- | C] ()
     yaG3YsQ4geFa -> C:\Documents and Settings\All Users\Application Data\yaG3YsQ4geFa -> [2010/04/19 09:39:48 | 000,014,420 | -HS- | C] ()
     1LKwMuQ -> C:\Documents and Settings\All Users\Application Data\1LKwMuQ -> [2010/04/18 17:31:41 | 000,013,484 | -HS- | C] ()
     477HVAd60yj -> C:\Documents and Settings\All Users\Application Data\477HVAd60yj -> [2010/04/18 11:14:23 | 000,011,190 | -HS- | C] ()
     At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/04/12 12:31:50 | 000,000,416 | ---- | C] ()
     358G0OH34.dat -> C:\Documents and Settings\All Users\Application Data\358G0OH34.dat -> [2010/04/12 12:31:49 | 000,000,112 | ---- | C] ()
     At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/04/12 12:29:44 | 000,000,338 | ---- | C] ()
     RmCrBKDhmG5b -> C:\Documents and Settings\All Users\Application Data\RmCrBKDhmG5b -> [2010/04/11 18:40:15 | 000,016,880 | -HS- | C] ()
     RmCrBKDhmG5b -> C:\Documents and Settings\Chris\Local Settings\Application Data\RmCrBKDhmG5b -> [2010/04/11 18:40:14 | 000,016,880 | -HS- | C] ()
     MSDraw.ini -> C:\WINDOWS\MSDraw.ini -> [2009/09/21 09:59:13 | 000,000,000 | ---- | C] ()
     cvgqptyh.ini -> C:\WINDOWS\System32\cvgqptyh.ini -> [2008/01/02 22:25:20 | 000,000,714 | -HS- | C] ()
     nqdfioqu.ini -> C:\WINDOWS\System32\nqdfioqu.ini -> [2008/01/02 22:22:39 | 000,000,294 | -HS- | C] ()
     ghkmp.ini2 -> C:\WINDOWS\System32\ghkmp.ini2 -> [2007/12/30 18:44:32 | 000,725,183 | -HS- | C] ()
     ghkmp.ini -> C:\WINDOWS\System32\ghkmp.ini -> [2007/12/30 18:44:31 | 000,725,183 | -HS- | C] ()
     VAIOUpdt.INI -> C:\WINDOWS\VAIOUpdt.INI -> [2007/12/03 22:42:05 | 000,000,000 | ---- | C] ()
     xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2007/05/21 21:33:15 | 000,552,960 | ---- | C] ()
     xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2007/05/21 21:33:15 | 000,159,744 | ---- | C] ()
     hpdj3600.ini -> C:\WINDOWS\hpdj3600.ini -> [2007/01/15 18:00:11 | 000,002,300 | ---- | C] ()
     iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2006/08/09 21:27:32 | 000,000,000 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
     msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/03/01 00:03:43 | 000,000,002 | ---- | C] ()
     avtemp.ini -> C:\WINDOWS\avtemp.ini -> [2005/11/07 17:35:11 | 000,000,017 | ---- | C] ()
     etel9.ini -> C:\WINDOWS\etel9.ini -> [2005/11/05 02:16:57 | 000,000,591 | ---- | C] ()
     etel5.ini -> C:\WINDOWS\etel5.ini -> [2005/11/05 02:10:05 | 000,000,599 | ---- | C] ()
     jestertb.dll -> C:\WINDOWS\jestertb.dll -> [2005/09/19 17:28:26 | 000,020,992 | ---- | C] ()
     ssmute.ini -> C:\WINDOWS\System32\ssmute.ini -> [2005/02/17 11:47:29 | 000,002,154 | ---- | C] ()
     Quicken.ini -> C:\WINDOWS\Quicken.ini -> [2005/02/17 11:41:43 | 000,000,225 | ---- | C] ()
     IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2005/02/17 11:40:59 | 000,204,800 | ---- | C] ()
     IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2005/02/17 11:40:59 | 000,200,704 | ---- | C] ()
     IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2005/02/17 11:40:59 | 000,192,512 | ---- | C] ()
     IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2005/02/17 11:40:59 | 000,192,512 | ---- | C] ()
     IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2005/02/17 11:40:59 | 000,188,416 | ---- | C] ()
     IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2005/02/17 11:40:59 | 000,020,480 | ---- | C] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/02/17 11:40:17 | 000,000,376 | ---- | C] ()
     Cpuinf32.dll -> C:\WINDOWS\System32\Cpuinf32.dll -> [2005/02/17 11:35:08 | 000,019,968 | ---- | C] ()
     smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/12/01 14:43:00 | 000,000,061 | ---- | C] ()
     RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2004/12/01 14:16:58 | 000,156,672 | ---- | C] ()
     orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/12/01 12:51:57 | 000,000,811 | ---- | C] ()
     e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2004/12/01 11:29:23 | 000,012,288 | ---- | C] ()
     oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/12/01 11:28:46 | 000,000,790 | ---- | C] ()
     quartz(2).dll -> C:\WINDOWS\System32\quartz(2).dll -> [2004/12/01 11:28:14 | 001,290,752 | ---- | C] ()
     px.ini -> C:\WINDOWS\System32\px.ini -> [2004/10/22 17:10:08 | 000,000,000 | ---- | C] ()
     OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 000,002,695 | ---- | C] ()
     winchip.dll -> C:\WINDOWS\System32\winchip.dll -> [2002/06/12 14:21:12 | 000,049,152 | R--- | C] ()
     TDI-SonyOMG.dll -> C:\WINDOWS\System32\TDI-SonyOMG.dll -> [2001/10/24 17:00:40 | 000,524,288 | ---- | C] ()
     
    [File - Lop Check]
     Avanquest -> C:\Documents and Settings\Administrator\Application Data\Avanquest -> [2010/04/25 03:22:17 | 000,000,000 | ---D | M]
     Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/01/31 08:55:19 | 000,000,000 | ---D | M]
     Avanquest -> C:\Documents and Settings\All Users\Application Data\Avanquest -> [2010/04/17 14:59:27 | 000,000,000 | ---D | M]
     BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2010/02/18 16:40:51 | 000,000,000 | ---D | M]
     Citrix -> C:\Documents and Settings\All Users\Application Data\Citrix -> [2008/05/17 09:17:21 | 000,000,000 | ---D | M]
     Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2007/12/31 18:29:50 | 000,000,000 | ---D | M]
     Hitman Pro -> C:\Documents and Settings\All Users\Application Data\Hitman Pro -> [2010/04/20 02:14:53 | 000,000,000 | ---D | M]
     Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2009/01/22 22:46:03 | 000,000,000 | ---D | M]
     PCSettings -> C:\Documents and Settings\All Users\Application Data\PCSettings -> [2009/04/13 23:53:52 | 000,000,000 | ---D | M]
     PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2008/03/02 15:14:28 | 000,000,000 | ---D | M]
     TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/25 03:34:15 | 000,000,000 | ---D | M]
     Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/03/09 22:40:49 | 000,000,000 | ---D | M]
     {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/26 03:17:18 | 000,000,000 | ---D | M]
     {7B6BA59A-FB0E-4499-8536-A7420338BF3B} -> C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} -> [2009/08/21 00:25:17 | 000,000,000 | ---D | M]
     Avanquest -> C:\Documents and Settings\Chris\Application Data\Avanquest -> [2010/03/05 02:53:01 | 000,000,000 | ---D | M]
     EMBARQTOOLBAR -> C:\Documents and Settings\Chris\Application Data\EMBARQTOOLBAR -> [2010/04/20 12:56:31 | 000,000,000 | ---D | M]
     FCTB000062133 -> C:\Documents and Settings\Chris\Application Data\FCTB000062133 -> [2010/04/20 11:30:59 | 000,000,000 | ---D | M]
     InterMute -> C:\Documents and Settings\Chris\Application Data\InterMute -> [2008/04/14 19:57:59 | 000,000,000 | ---D | M]
     Sammsoft -> C:\Documents and Settings\Chris\Application Data\Sammsoft -> [2010/04/20 11:26:59 | 000,000,000 | ---D | M]
     Skinux -> C:\Documents and Settings\Chris\Application Data\Skinux -> [2009/11/27 21:30:53 | 000,000,000 | ---D | M]
     Avanquest -> C:\Documents and Settings\Jody\Application Data\Avanquest -> [2010/02/01 02:34:39 | 000,000,000 | ---D | M]
     BearShare -> C:\Documents and Settings\Jody\Application Data\BearShare -> [2007/09/03 15:06:29 | 000,000,000 | ---D | M]
     EMBARQTOOLBAR -> C:\Documents and Settings\Jody\Application Data\EMBARQTOOLBAR -> [2010/04/23 09:07:15 | 000,000,000 | ---D | M]
     EuroTalk -> C:\Documents and Settings\Jody\Application Data\EuroTalk -> [2009/05/28 21:26:31 | 000,000,000 | ---D | M]
     FCTB000062133 -> C:\Documents and Settings\Jody\Application Data\FCTB000062133 -> [2010/04/19 18:38:26 | 000,000,000 | ---D | M]
     FrostWire -> C:\Documents and Settings\Jody\Application Data\FrostWire -> [2010/04/17 12:14:46 | 000,000,000 | ---D | M]
     Grisoft -> C:\Documents and Settings\Jody\Application Data\Grisoft -> [2007/12/31 18:33:22 | 000,000,000 | ---D | M]
     gtk-2.0 -> C:\Documents and Settings\Jody\Application Data\gtk-2.0 -> [2008/03/05 14:06:55 | 000,000,000 | ---D | M]
     InterMute -> C:\Documents and Settings\Jody\Application Data\InterMute -> [2005/09/19 17:26:16 | 000,000,000 | ---D | M]
     InterVideo -> C:\Documents and Settings\Jody\Application Data\InterVideo -> [2005/09/20 21:45:47 | 000,000,000 | ---D | M]
     KewlBoxPrefs -> C:\Documents and Settings\Jody\Application Data\KewlBoxPrefs -> [2006/07/02 07:57:28 | 000,000,000 | ---D | M]
     Leadertech -> C:\Documents and Settings\Jody\Application Data\Leadertech -> [2006/04/10 22:21:19 | 000,000,000 | ---D | M]
     Microgaming -> C:\Documents and Settings\Jody\Application Data\Microgaming -> [2007/01/14 21:09:46 | 000,000,000 | ---D | M]
     Skinux -> C:\Documents and Settings\Jody\Application Data\Skinux -> [2008/12/10 23:20:37 | 000,000,000 | ---D | M]
     Smilebox -> C:\Documents and Settings\Jody\Application Data\Smilebox -> [2010/02/18 16:38:44 | 000,000,000 | ---D | M]
     Template -> C:\Documents and Settings\Jody\Application Data\Template -> [2006/03/17 21:49:14 | 000,000,000 | ---D | M]
     uTorrent -> C:\Documents and Settings\Jody\Application Data\uTorrent -> [2010/01/31 08:42:44 | 000,000,000 | ---D | M]
     Viewpoint -> C:\Documents and Settings\Jody\Application Data\Viewpoint -> [2007/03/09 22:40:57 | 000,000,000 | ---D | M]
     Windows Live Writer -> C:\Documents and Settings\Jody\Application Data\Windows Live Writer -> [2009/12/29 01:41:17 | 000,000,000 | ---D | M]
     Avanquest -> C:\Documents and Settings\LocalService\Application Data\Avanquest -> [2010/02/01 02:32:49 | 000,000,000 | ---D | M]
     EMBARQTOOLBAR -> C:\Documents and Settings\NetworkService\Application Data\EMBARQTOOLBAR -> [2010/04/13 10:35:11 | 000,000,000 | ---D | M]
     At1.job -> C:\WINDOWS\Tasks\At1.job -> [2010/04/27 00:18:00 | 000,000,338 | ---- | M] ()
     At10.job -> C:\WINDOWS\Tasks\At10.job -> [2010/04/27 09:18:00 | 000,000,338 | ---- | M] ()
     At11.job -> C:\WINDOWS\Tasks\At11.job -> [2010/04/27 10:18:00 | 000,000,338 | ---- | M] ()
     At12.job -> C:\WINDOWS\Tasks\At12.job -> [2010/04/27 11:18:00 | 000,000,338 | ---- | M] ()
     At13.job -> C:\WINDOWS\Tasks\At13.job -> [2010/04/27 12:18:00 | 000,000,338 | ---- | M] ()
     At14.job -> C:\WINDOWS\Tasks\At14.job -> [2010/04/26 13:18:00 | 000,000,338 | ---- | M] ()
     At15.job -> C:\WINDOWS\Tasks\At15.job -> [2010/04/26 14:18:00 | 000,000,338 | ---- | M] ()
     At16.job -> C:\WINDOWS\Tasks\At16.job -> [2010/04/26 15:18:00 | 000,000,338 | ---- | M] ()
     At17.job -> C:\WINDOWS\Tasks\At17.job -> [2010/04/26 16:18:00 | 000,000,338 | ---- | M] ()
     At18.job -> C:\WINDOWS\Tasks\At18.job -> [2010/04/26 17:18:00 | 000,000,338 | ---- | M] ()
     At19.job -> C:\WINDOWS\Tasks\At19.job -> [2010/04/26 18:18:01 | 000,000,338 | ---- | M] ()
     At2.job -> C:\WINDOWS\Tasks\At2.job -> [2010/04/27 01:18:00 | 000,000,338 | ---- | M] ()
     At20.job -> C:\WINDOWS\Tasks\At20.job -> [2010/04/26 19:18:00 | 000,000,338 | ---- | M] ()
     At21.job -> C:\WINDOWS\Tasks\At21.job -> [2010/04/26 20:18:00 | 000,000,338 | ---- | M] ()
     At22.job -> C:\WINDOWS\Tasks\At22.job -> [2010/04/26 21:18:00 | 000,000,338 | ---- | M] ()
     At23.job -> C:\WINDOWS\Tasks\At23.job -> [2010/04/26 22:18:00 | 000,000,338 | ---- | M] ()
     At24.job -> C:\WINDOWS\Tasks\At24.job -> [2010/04/26 23:18:00 | 000,000,338 | ---- | M] ()
     At25.job -> C:\WINDOWS\Tasks\At25.job -> [2010/04/27 00:42:00 | 000,000,416 | ---- | M] ()
     At26.job -> C:\WINDOWS\Tasks\At26.job -> [2010/04/27 01:00:00 | 000,000,416 | ---- | M] ()
     At27.job -> C:\WINDOWS\Tasks\At27.job -> [2010/04/27 02:00:00 | 000,000,416 | ---- | M] ()
     At28.job -> C:\WINDOWS\Tasks\At28.job -> [2010/04/27 03:00:00 | 000,000,416 | ---- | M] ()
     At29.job -> C:\WINDOWS\Tasks\At29.job -> [2010/04/27 04:00:00 | 000,000,416 | ---- | M] ()
     At3.job -> C:\WINDOWS\Tasks\At3.job -> [2010/04/27 02:18:00 | 000,000,338 | ---- | M] ()
     At30.job -> C:\WINDOWS\Tasks\At30.job -> [2010/04/27 05:00:00 | 000,000,416 | ---- | M] ()
     At31.job -> C:\WINDOWS\Tasks\At31.job -> [2010/04/27 06:00:00 | 000,000,416 | ---- | M] ()
     At32.job -> C:\WINDOWS\Tasks\At32.job -> [2010/04/27 07:00:00 | 000,000,416 | ---- | M] ()
     At33.job -> C:\WINDOWS\Tasks\At33.job -> [2010/04/27 08:00:00 | 000,000,416 | ---- | M] ()
     At34.job -> C:\WINDOWS\Tasks\At34.job -> [2010/04/27 09:00:00 | 000,000,416 | ---- | M] ()
     At35.job -> C:\WINDOWS\Tasks\At35.job -> [2010/04/27 10:00:00 | 000,000,416 | ---- | M] ()
     At36.job -> C:\WINDOWS\Tasks\At36.job -> [2010/04/27 11:00:00 | 000,000,416 | ---- | M] ()
     At37.job -> C:\WINDOWS\Tasks\At37.job -> [2010/04/27 12:00:00 | 000,000,416 | ---- | M] ()
     At38.job -> C:\WINDOWS\Tasks\At38.job -> [2010/04/26 13:00:00 | 000,000,416 | ---- | M] ()
     At39.job -> C:\WINDOWS\Tasks\At39.job -> [2010/04/26 14:00:00 | 000,000,416 | ---- | M] ()
     At4.job -> C:\WINDOWS\Tasks\At4.job -> [2010/04/27 03:18:00 | 000,000,338 | ---- | M] ()
     At40.job -> C:\WINDOWS\Tasks\At40.job -> [2010/04/26 15:00:00 | 000,000,416 | ---- | M] ()
     At41.job -> C:\WINDOWS\Tasks\At41.job -> [2010/04/26 16:00:00 | 000,000,416 | ---- | M] ()
     At42.job -> C:\WINDOWS\Tasks\At42.job -> [2010/04/26 17:00:00 | 000,000,416 | ---- | M] ()
     At43.job -> C:\WINDOWS\Tasks\At43.job -> [2010/04/26 18:00:00 | 000,000,416 | ---- | M] ()
     At44.job -> C:\WINDOWS\Tasks\At44.job -> [2010/04/26 19:00:00 | 000,000,416 | ---- | M] ()
     At45.job -> C:\WINDOWS\Tasks\At45.job -> [2010/04/26 20:00:00 | 000,000,416 | ---- | M] ()
     At46.job -> C:\WINDOWS\Tasks\At46.job -> [2010/04/26 21:00:00 | 000,000,416 | ---- | M] ()
     At47.job -> C:\WINDOWS\Tasks\At47.job -> [2010/04/26 22:00:00 | 000,000,416 | ---- | M] ()
     At48.job -> C:\WINDOWS\Tasks\At48.job -> [2010/04/26 23:00:00 | 000,000,416 | ---- | M] ()
     At5.job -> C:\WINDOWS\Tasks\At5.job -> [2010/04/27 04:18:00 | 000,000,338 | ---- | M] ()
     At6.job -> C:\WINDOWS\Tasks\At6.job -> [2010/04/27 05:18:00 | 000,000,338 | ---- | M] ()
     At7.job -> C:\WINDOWS\Tasks\At7.job -> [2010/04/27 06:18:00 | 000,000,338 | ---- | M] ()
     At8.job -> C:\WINDOWS\Tasks\At8.job -> [2010/04/27 07:18:00 | 000,000,338 | ---- | M] ()
     At9.job -> C:\WINDOWS\Tasks\At9.job -> [2010/04/27 08:18:00 | 000,000,338 | ---- | M] ()
     Registration reminder 1.job -> C:\WINDOWS\Tasks\Registration reminder 1.job -> [2005/09/19 17:24:31 | 000,000,258 | ---- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.exe >
     ACRTemp.exe -> C:\ACRTemp.exe -> [2008/03/11 01:36:41 | 004,441,336 | ---- | M] ()
    < MD5 Scans Start>
    < %systemdrive%\AGP440.SYS  /md5 /s >
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\I386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\i386\sp3.cab:AGP440.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation)
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\ATAPI.SYS  /md5 /s >
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\I386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\i386\sp3.cab:atapi.sys -> [2008/04/14 06:51:44 | 020,056,462 | ---- | M] ()
     atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys -> [2004/08/10 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys -> [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\EVENTLOG.DLL  /md5 /s >
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\NETLOGON.DLL  /md5 /s >
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=6C476D33D82F1054849790181E8F7772 -> C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll -> [2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=6C476D33D82F1054849790181E8F7772 -> C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll -> [2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\SCECLI.DLL  /md5 /s >
     scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation)
    < MD5 Scans End>
    < %systemroot%\*. /mp /s >
    Restore point Set: OTS Restore Point (0)
    < %systemroot%\system32\*.dll /lockedfiles >
     comsvcs.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\comsvcs.dll -> [2008/04/14 06:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation)
     dxtmsft.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\dxtmsft.dll -> [2010/03/11 05:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation)
     dxtrans.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\dxtrans.dll -> [2010/03/11 05:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation)
     expsrv.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\expsrv.dll -> [2008/04/14 06:41:54 | 000,380,445 | ---- | M] (Microsoft Corporation)
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    < %systemroot%\System32\config\*.sav >
     default.sav -> C:\WINDOWS\system32\config\default.sav -> [2004/12/01 04:33:52 | 000,094,208 | ---- | M] ()
     software.sav -> C:\WINDOWS\system32\config\software.sav -> [2004/12/01 04:33:52 | 000,663,552 | ---- | M] ()
     system.sav -> C:\WINDOWS\system32\config\system.sav -> [2004/12/01 04:33:52 | 000,913,408 | ---- | M] ()
     
    [Files/Folders - Unicode - All]
    C:\Program Files\Common Files\?dobe -> C:\Program Files\Common Files\&#913;dobe -> 
    C:\Program Files\Common Files\?dobe -> C:\Program Files\Common Files\&#913;dobe -> [2008/01/04 04:04:49 | 000,000,000 | ---D | M]
     
    [Alternate Data Streams]
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
    




    please please help. i am going crazy
     
  2. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hello there :cool: Welcome to the TSG Forums.
    My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


    Please note the following:
    • The fixes are specific to your problem and should only be used on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
    • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    Please let me know what symptoms you are talking about. I have no idea what thread you were referring to.

    Step 1

    Please attach the results of the OTS scan you ran instead of just copy and pasting them so that we don't have to scroll so far down the page.


    Step 2

    [​IMG] GMER Rootkit Scanner
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable your security programs when done.


    If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

    If you continue to have trouble with it, try running it without the "Files" scan checked.



    Again, if the results are really long, please attach them using the instructions I gave you at the end of step 1. This is to avoid having to scroll down the page too much make the space cleaner.
     
  3. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    here are the results from the gmer scan
     

    Attached Files:

  4. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    oh, and these are my problems. i definitely have the google redirect virus. the xp security virus too. i get a lot of pop ups and fairly often all my pages will close for no reason. i have tried mawarebytes anti-malware, hitman 3.5 and fix-it utilities. i have also repeatedly ran ccleaner. if i am away from the computer for awhile the computer often shuts off on its own or will go into a screensaver. but it stays in the screensaver unless i shut off the computer. i also keep getting an ave.ex which i guess is not good. also as of this moment explorer isnt opening at all. i have to use mozilla. also things like hotmail are messed up. it used to have all my passwords saved for easy log in. now i need to type the password every time
     
  5. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Alright. I can see what's going on. Please do the following:

    STEP 1

    Please download exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    STEP 2



    NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop



    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
    • Double click on ComboFix.exe & follow the prompts.

      Note: Combofix will run without the Recovery Console installed.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  6. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    here is the exehelper log

    exeHelper by Raktor
    Build 20100414
    Run at 23:48:09 on 04/27/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Removing HKCR\secfile
    Resetting filetype association for .com
    Removing HKCR\secfile
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 00:50:35 on 04/28/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    here is the other. thanks again for helping
     

    Attached Files:

  7. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Goodjob. I'm going to bed now, but could you do the following for me?

    Note! To use this tool read the following instructions thoroughly first. Dell users pay attention to the last note.

    Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
    • Close out all other open programs and windows.
    • Double click the file to run it and follow any prompts.
      From here there are two different routes
    1. If the tool detects an mbr infection
      • Please allow it to run mbr -f and shutdown your computer.
      • Upon restarting, please wait about 5 minutes
      • Click Start>Run and type the following bolded command, then hit Enter.
        Note! Make sure you leave a space between helpasst and -mbrt
        helpasst -mbrt
      • When it completes, a log will open.
      • Please post the contents of that log.

    2. In the event the tool does not detect an mbr infection and completes
      • click Start>Run and type the following bolded command, then hit Enter.
        Note! Make sure you leave a space between mbr and -f
        mbr -f
      • Now, please do the Start>Run>mbr -f command a second time.
      • Now shut down the computer (do not restart, but shut it down),
      • Wait a few minutes then start it back up.
      • Wait about 5 minutes
      • Click Start>Run and type the following bolded command, then hit Enter.
        Note! Make sure you leave a space between helpasst and -mbrt
        helpasst -mbrt
      • When it completes, a log will open.
      • Please post the contents of that log.

    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
  8. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    what? you are going to sleep when i have a problem! haha, j/k. i really appreciate the help. anyway, i did this. it said "Help Asst. profile not found
    user & kernel MBR ok.
    tool completed

    i guess that means that i was not infected, so i followed those instructions. not sure if it matters, but upon closing, windows installed 21 updates.

    here is the log from the helpasst-

    C:\Documents and Settings\Chris\My Documents\Downloads\HelpAsst_mebroot_fix.exe
    Wed 04/28/2010 at 1:48:47.67

    HelpAssistant account Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Wed 04/28/2010 at 2:11:09.42

    Account active No
    Local Group Memberships *Administrators

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 0x01D1C4581
    malicious code @ sector 0x01D1C4584 !
    PE file found in sector at 0x01D1C459A !

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    HelpAssistant
    HelpAssistant.KOHN

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
  9. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    You did have that infection in the past though and that's why I wanted to run that. It was just to make sure any leftovers were removed.

    I'll need to remove the Freecause Toolbar from your system. See HERE.


    Please do the following:

    1. Close any open open programs before running the fix.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

    Code:
    Folder::
    c:\program files\InboxDollars
    c:\documents and settings\Jody\Application Data\FCTB000062133
    C:\Program Files\mywebsearch
    
    File::
    C:\Windows\memrun32.exe
    C:\Windows\System32\memrun32.exe
    
    DDS::
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
    
    RenV::
    c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\Symantec Shared\ccApp .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01 .exe
    c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
    c:\program files\HP\hpcoretech\hpcmpmgr .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Java\jre1.5.0\bin\jusched .exe
    c:\program files\MSN Messenger\MsnMsgr .Exe
    c:\program files\MySpace\IM\MySpaceIM .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\Real\RealPlayer\RealPlay .exe
    c:\program files\Skype\Phone\Skype .exe
    c:\program files\Sony\VAIO Update 2\VAIOUpdt .exe
    c:\program files\Virtual Assistant\SmartBridge\SprintDSLAlert .exe
    c:\program files\Yahoo!\Messenger\ypager .exe
    c:\windows\ehome\ehtray .exe
    c:\windows\SONYSYS\VAIO Recovery\PartSeal .exe
    c:\windows\SONYSYS\VAIO Recovery\reminder .exe
    c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600}"=-
    [-HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [-HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [-HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3190556429-677033014-1943261468-1005\Scripts\Logon\0\0]
    "Script"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Memory Running Services]
    NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



    Then do this:


    [​IMG] Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
  10. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    i hit a couple of snags. first, i dont see where i have this freecause toolbar. i followed the instructions in the link and it doesnt say i have it.

    also, i cant run the scan because of my annoying fix it utilities from avanquest. after trying to figure out how to disable it for a couple hours, i decided to uninstall it. it sat there doing nothing for over an hour, so i thought it was froze. so i turned of the computer hoping to try it again. now it is not on my list of installed programs, yet it is still in the bottom right of my computer and opens.
     
  11. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    We can remove that later as well. Try running this CFScript. I added the "KillAll::" line which will tell ComboFix to kill everything else that's running.

    Code:
    KillAll::
    
    Folder::
    c:\program files\InboxDollars
    c:\documents and settings\Jody\Application Data\FCTB000062133
    C:\Program Files\mywebsearch
    
    File::
    C:\Windows\memrun32.exe
    C:\Windows\System32\memrun32.exe
    
    DDS::
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
    
    RenV::
    c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\Symantec Shared\ccApp .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01 .exe
    c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
    c:\program files\HP\hpcoretech\hpcmpmgr .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Java\jre1.5.0\bin\jusched .exe
    c:\program files\MSN Messenger\MsnMsgr .Exe
    c:\program files\MySpace\IM\MySpaceIM .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\Real\RealPlayer\RealPlay .exe
    c:\program files\Skype\Phone\Skype .exe
    c:\program files\Sony\VAIO Update 2\VAIOUpdt .exe
    c:\program files\Virtual Assistant\SmartBridge\SprintDSLAlert .exe
    c:\program files\Yahoo!\Messenger\ypager .exe
    c:\windows\ehome\ehtray .exe
    c:\windows\SONYSYS\VAIO Recovery\PartSeal .exe
    c:\windows\SONYSYS\VAIO Recovery\reminder .exe
    c:\windows\system32\spool\drivers\w32x86\3\hpztsb09 .exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600}"=-
    [-HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [-HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [-HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3190556429-677033014-1943261468-1005\Scripts\Logon\0\0]
    "Script"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Memory Running Services]
     
  12. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Oh and to clarify, I'm removing the freecause toolbar with my CFScript. I was just notifying you of that fact.
     
  13. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    i got fix it to shut off. here are the scan results...
     

    Attached Files:

    • log.txt
      File size:
      110.4 KB
      Views:
      2
  14. dakota5369

    dakota5369 Thread Starter

    Joined:
    Apr 27, 2010
    Messages:
    104
    here is the scan after i ran the kill all. and i wanted to thank you again. this is really awesome of you
     

    Attached Files:

  15. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Alright. Let me know how the MalwareBytes scan goes.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijacked Desperate help
  1. genubi
    Replies:
    0
    Views:
    320
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919640

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice