1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware, Malware, Virus ---Help me to remove it, please

Discussion in 'Virus & Other Malware Removal' started by lux13, Sep 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    after I restarted my laptop, there is message saying the restore point by erunt was not successful. ?
     
  2. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    also, there is old documents that I deleted from desktop long time ago after the restart.
     
  3. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    In your personal opinion, is malwarebyte's anti-malware better than norton 360? should I try kaspersky?
     
  4. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi lux13, OTL did not run properly. Please follow the instructions again to complete the removal process.



    Running OTL
    • Please right-click on the OTL.exe icon on your desktop and select Run as administrator
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

    • Code:
      :OTL
      MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
      MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
      MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avforma t-52.dll
      MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
      MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32 .dll
      MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dl 
      FF - prefs.js..browser.search.defaultenginename: "Yahoo"
      FF - prefs.js..browser.search.defaulturl: "[URL]http://search.yahoo.com/search?fr=ffsp1&p[/URL]="
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
      O15 - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..Trusted Domains: iu.edu ([ithelplive] https in Trusted sites)
      [2011/08/13 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E199BFA1-ED27-45D3-AFE6-01F995C67618}
      [2011/08/13 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B018335F-7508-47EA-A6F4-B66FBD88B6FE}
      [2011/08/13 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6A4D0D32-3B48-49F8-9F0A-F6BEB5A4608C}
      [2011/08/25 21:47:58 | 000,002,472 | ---- | M] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
      [2011/08/25 21:19:01 | 000,002,296 | ---- | M] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
      [2011/08/18 06:08:25 | 000,002,472 | ---- | M] () -- C:\{98544866-7A41-4361-B14B-331CDC8919CC}
      [2011/08/25 21:47:56 | 000,002,472 | ---- | C] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
      [2011/08/25 21:18:55 | 000,002,296 | ---- | C] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
      @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMPFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
       
      :Files 
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [createrestorepoint] 
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button.
    I use Avira (free version) which is very nice however not everyone will like it as it produces an advert for each update that it performs. I personally just click ok and the update continues. I don't like Norton and I have had a few issues with previous versions and I am quite sure they are all fixed but it is not my cup of tea. Kaspersky is another good piece of software I wouldn't mind using. You made a comparison between MalwareBytes and Norton 360, MalwareBytes is not an antivirus software and is meant as a complementary program that is an additional layer of security. The free version is like an on-demand scanner. If you want realtime-protection then you need to purchase MalwareBytes pro edition. Realtime protection is basically a feature that will provide you with protection in the background without you needing to manually intervene (in most cases). If you are unsure please ask.
     
  5. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    Thanks for the reply. I think I will definitely switch my to Avira or MalwareBytes pro after my Norton 360 contract ends. My laptop always seems to get some kind of infection/malware with Norton 360.

    I tried to run OTL.exe over the weekend. I opened the otl.exe as an administrator and copy pasted the OTL log in your message in the customs and hit run fix. However, it runs for about 3-4 seconds fine and then just becomes unresponsive. What should I do now? I tried to it numerous times already and even after the reboot and restart, I still have the same problem. Is there an other way to make it work?

    Thanks.
     
  6. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi, sorry for the delay.


    Access safemode
    • Restart your computer, and just before Windows begins to load, please tap F8, then highlight Safe Mode on the list and press Enter.
      Login as usual.
    • Once in Safe Mode,Right-click on the OTL.exe icon on your desktop and select "Run as administrator"
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
      MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
      MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avforma t-52.dll
      MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
      MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32 .dll
      MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dl 
      FF - prefs.js..browser.search.defaultenginename: "Yahoo"
      FF - prefs.js..browser.search.defaulturl: "[URL]http://search.yahoo.com/search?fr=ffsp1&p[/URL]="
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EX TENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
      O15 - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..Trusted Domains: iu.edu ([ithelplive] https in Trusted sites)
      [2011/08/13 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E199BFA1-ED27-45D3-AFE6-01F995C67618}
      [2011/08/13 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B018335F-7508-47EA-A6F4-B66FBD88B6FE}
      [2011/08/13 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6A4D0D32-3B48-49F8-9F0A-F6BEB5A4608C}
      [2011/08/25 21:47:58 | 000,002,472 | ---- | M] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
      [2011/08/25 21:19:01 | 000,002,296 | ---- | M] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
      [2011/08/18 06:08:25 | 000,002,472 | ---- | M] () -- C:\{98544866-7A41-4361-B14B-331CDC8919CC}
      [2011/08/25 21:47:56 | 000,002,472 | ---- | C] () -- C:\{2248BBA9-ADA1-4BB4-951A-77AC70F105CF}
      [2011/08/25 21:18:55 | 000,002,296 | ---- | C] () -- C:\{C62DBADE-3DD0-4645-A46B-0B355B1AC730}
      @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMPFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O3:64bit: - HKU\S-1-5-21-821222001-2714658270-602336847-1000\..\Toolbar\WebBrowser - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      :Files 
       ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [createrestorepoint] 
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    If you are still experience the same issue with OTL crashing, then please post a new fresh OTL log.
     
  7. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    no worries. I tried it in safe mode, but it kept on freezing. When I started my laptop I got following message :
    "Windows created a temporary paging file on your computer because of a problem that occurred with your paging file configuration when you started your computer. The total paging file size for all disk drives may be somewhat larger than the size you specified."
    What does this mean?
     
  8. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    now the olt scan won't even run. after few second it becomes unresponsive.
     
  9. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    finally made it work. here is the log:

    jjOTL logfile created on: 9/26/2011 5:02:36 PM - Run 6
    OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.97 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 58.58% Memory free
    6.50 Gb Paging File | 3.63 Gb Available in Paging File | 55.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 361.87 Gb Total Space | 0.86 Gb Free Space | 0.24% Space Free | Partition Type: NTFS
    Drive H: | 377.00 Mb Total Space | 345.91 Mb Free Space | 91.75% Space Free | Partition Type: NTFS

    Computer Name: BL-RH-BOERKHEM | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/13 05:50:02 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
    PRC - [2011/09/12 19:11:25 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2011/09/05 13:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
    PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
    PRC - [2009/08/26 17:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
    PRC - [2009/08/26 17:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    PRC - [2009/08/26 17:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    PRC - [2009/08/26 17:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    PRC - [2009/07/17 11:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    PRC - [2009/07/17 11:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    PRC - [2009/07/17 11:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    PRC - [2009/07/17 11:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    PRC - [2009/07/17 11:31:26 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
    PRC - [2009/07/17 11:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    PRC - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/07/14 11:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2009/06/26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    PRC - [2009/05/26 09:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    PRC - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/19 23:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
    MOD - [2011/09/19 23:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
    MOD - [2011/09/19 23:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
    MOD - [2011/09/19 23:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll
    MOD - [2011/09/19 23:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
    MOD - [2011/09/19 20:32:41 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
    MOD - [2011/09/19 20:32:41 | 006,338,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\140835~1.186\gcswf32.dll
    MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/08/13 21:57:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
    MOD - [2011/08/13 21:56:42 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
    MOD - [2011/08/13 21:56:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
    MOD - [2011/08/13 21:56:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
    MOD - [2011/08/13 21:56:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
    MOD - [2011/08/13 21:55:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
    MOD - [2011/08/13 21:55:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
    MOD - [2011/08/13 21:55:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
    MOD - [2011/08/13 21:49:10 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
    MOD - [2011/08/13 21:49:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/04 18:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2011/03/29 18:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 21:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2010/11/04 21:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/08/26 17:11:50 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
    MOD - [2009/08/26 17:11:50 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
    MOD - [2009/08/26 17:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    MOD - [2009/08/26 17:11:50 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
    MOD - [2009/08/26 17:11:50 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
    MOD - [2009/08/26 17:11:50 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
    MOD - [2009/08/26 17:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    MOD - [2009/08/26 17:11:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
    MOD - [2009/08/26 17:11:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
    MOD - [2009/08/26 17:11:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
    MOD - [2009/08/26 17:11:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
    MOD - [2009/08/26 17:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
    MOD - [2009/08/26 17:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
    MOD - [2009/08/26 17:11:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
    MOD - [2009/08/26 17:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    MOD - [2009/08/26 17:11:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
    MOD - [2009/08/26 17:11:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
    MOD - [2009/08/26 17:11:48 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/08/12 16:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2010/06/09 13:00:34 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2009/09/08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2009/09/01 10:15:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/06/26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2008/12/19 17:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/17 11:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/07/17 11:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/07/17 11:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/07/17 11:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/07/17 11:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/07/14 11:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/06/26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2009/06/26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/11 21:07:49 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR200.SYS -- (SMR200)
    DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/07/06 22:23:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2010/07/25 22:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/09/03 15:43:36 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/09/01 12:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/09/01 12:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/09/01 12:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/09/01 12:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/09/01 10:15:16 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 23:52:38 | 005,437,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/10/22 20:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
    DRV:64bit: - [2008/10/22 20:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2011/09/09 13:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110923.030\IDSviA64.sys -- (IDSVia64)
    DRV - [2011/08/18 01:09:29 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110926.003\EX64.SYS -- (NAVEX15)
    DRV - [2011/08/18 01:09:29 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/08/18 01:09:29 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/08/18 01:09:29 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110926.003\ENG64.SYS -- (NAVENG)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.polyvore.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 42 0F 2A 8B 57 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - Reg Error: No CLSID value found. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:0.8.2
    FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
    FF - prefs.js..extensions.enabledItems: [email protected]:3.9.8
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3.5
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
    FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:2.3
    FF - prefs.js..extensions.enabledItems: {20068ab2-1901-4140-9f3c-81207d4dacc4}:0.6
    FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
    FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.5
    FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
    FF - prefs.js..extensions.enabledItems: {c7b204cd-707e-4d13-b5c4-8eb3ce6f3f52}:0.2
    FF - prefs.js..extensions.enabledItems: [email protected]:2.2
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/18 18:10:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/15 21:07:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/07/06 22:32:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/09/26 16:18:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/10 12:47:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 21:07:35 | 000,000,000 | ---D | M]

    [2010/09/18 18:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2010/07/07 16:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
    [2011/09/24 23:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions
    [2011/09/24 23:58:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2011/09/24 23:58:47 | 000,000,000 | ---D | M] (Reader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
    [2010/09/18 18:37:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(38)
    [2011/09/10 12:47:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/09/02 05:39:04 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\[email protected]
    [2011/06/18 19:05:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\[email protected]
    [2010/09/18 18:37:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mvuqe872.default\extensions\isreaditlater@ideashower(37).com
    [2010/10/18 21:36:46 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\searchplugins\bing-zugo.xml
    [2010/04/30 04:05:25 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\searchplugins\bing.xml
    [2009/09/18 13:02:51 | 000,001,626 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\searchplugins\mozilla-add-ons.xml
    [2011/07/07 04:18:57 | 000,002,469 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mvuqe872.default\searchplugins\safesearch.xml
    [2011/09/16 14:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/09/18 18:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/18 18:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/09/15 21:07:22 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
    [2010/09/18 18:10:03 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
    [2011/09/26 16:18:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
    [2011/07/06 22:32:11 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{45D8FF86-D909-11DB-9705-005056C00008}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVUQE872.DEFAULT\EXTENSIONS\[email protected]
    [2010/09/18 18:16:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/09/10 12:47:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2010/01/18 15:32:50 | 000,000,743 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E97869-E04A-40FB-8B3D-BA2ED36C4490}: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E3E8E2-C58E-4C65-9B42-3369F7A5B0CA}: DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/25 00:03:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/09/17 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
    [2011/09/16 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2011/09/15 17:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/15 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/09/15 08:34:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/09/15 08:30:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/15 08:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/09/15 08:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2011/09/14 17:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2011/09/12 19:11:24 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/09/05 23:50:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/09/05 23:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/09/05 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2011/09/05 22:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

    ========== Files - Modified Within 30 Days ==========

    [2011/09/26 17:24:14 | 000,104,155 | ---- | M] () -- C:\test.xml
    [2011/09/26 16:55:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821222001-2714658270-602336847-1000UA.job
    [2011/09/26 16:55:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/26 16:27:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/26 16:27:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/26 16:18:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/26 16:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/26 16:17:30 | 510,935,039 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/26 08:43:41 | 000,377,732 | ---- | M] () -- C:\Users\Owner\Desktop\E Fall 2011 box copy.pdf
    [2011/09/26 04:04:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821222001-2714658270-602336847-1000Core.job
    [2011/09/25 00:29:13 | 011,272,192 | ---- | M] () -- C:\Users\Owner\ntuser.bak
    [2011/09/25 00:03:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/09/22 13:01:48 | 000,002,472 | ---- | M] () -- C:\{86FCE3C9-44A2-4736-A4CF-E091FD07D95A}
    [2011/09/22 12:44:21 | 000,001,768 | ---- | M] () -- C:\{8ECC3900-1959-4E3A-96C5-6D824AECEE94}
    [2011/09/16 14:00:02 | 026,309,259 | ---- | M] () -- C:\Users\Owner\Documents\Upper Body Workout - Part 4_7.flv
    [2011/09/16 00:05:58 | 000,407,409 | ---- | M] () -- C:\Users\Owner\Desktop\b03.pdf
    [2011/09/15 17:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/15 08:29:56 | 000,001,104 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/15 08:29:53 | 000,000,924 | ---- | M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
    [2011/09/15 08:29:53 | 000,000,905 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
    [2011/09/14 23:10:04 | 000,002,472 | ---- | M] () -- C:\{72127A2A-52CF-4BEC-9D24-C16662357BB8}
    [2011/09/14 22:58:23 | 000,001,872 | ---- | M] () -- C:\{7BDF7739-D56C-40D4-98C6-5E65F26184D3}
    [2011/09/14 17:17:19 | 000,001,135 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/09/12 19:11:25 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/09/06 21:30:52 | 001,390,108 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2011/09/04 16:30:05 | 000,004,265 | ---- | M] () -- C:\Users\Owner\AppData\Local\devcpp.ini
    [2011/09/04 16:30:05 | 000,000,273 | ---- | M] () -- C:\Users\Owner\AppData\Local\devcpp.cfg
    [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011/09/22 13:01:46 | 000,002,472 | ---- | C] () -- C:\{86FCE3C9-44A2-4736-A4CF-E091FD07D95A}
    [2011/09/22 12:44:18 | 000,001,768 | ---- | C] () -- C:\{8ECC3900-1959-4E3A-96C5-6D824AECEE94}
    [2011/09/16 13:52:33 | 026,309,259 | ---- | C] () -- C:\Users\Owner\Documents\Upper Body Workout - Part 4_7.flv
    [2011/09/16 00:06:05 | 000,407,409 | ---- | C] () -- C:\Users\Owner\Desktop\b03.pdf
    [2011/09/15 17:11:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/15 08:29:55 | 000,001,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/15 08:29:53 | 000,000,924 | ---- | C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
    [2011/09/15 08:29:53 | 000,000,905 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
    [2011/09/14 23:10:02 | 000,002,472 | ---- | C] () -- C:\{72127A2A-52CF-4BEC-9D24-C16662357BB8}
    [2011/09/14 22:58:22 | 000,001,872 | ---- | C] () -- C:\{7BDF7739-D56C-40D4-98C6-5E65F26184D3}
    [2011/09/14 17:17:19 | 000,001,135 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/09/05 22:44:45 | 001,390,108 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2011/08/30 07:48:22 | 000,377,732 | ---- | C] () -- C:\Users\Owner\Desktop\E Fall 2011 box copy.pdf
    [2011/08/17 18:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\defaultcode.cfg
    [2011/08/17 18:49:29 | 000,000,273 | ---- | C] () -- C:\Users\Owner\AppData\Local\devcpp.cfg
    [2011/08/17 18:48:53 | 000,004,265 | ---- | C] () -- C:\Users\Owner\AppData\Local\devcpp.ini
    [2011/08/11 23:02:12 | 000,000,770 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SMRBackup200.dat
    [2011/06/03 14:18:40 | 000,000,021 | RHS- | C] () -- C:\ProgramData\ExpPDFSAMSystem.kje
    [2011/04/30 12:19:44 | 000,202,792 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/01/20 18:08:48 | 000,747,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/09/26 01:33:52 | 000,026,112 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/19 01:32:50 | 000,000,344 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2010/09/18 21:48:28 | 000,000,033 | ---- | C] () -- C:\Windows\WININIT.INI
    [2010/09/18 18:03:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/15 02:42:59 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2010/06/10 01:27:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/12/03 00:03:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/30 19:58:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/05/08 10:41:50 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2009/05/08 09:52:22 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2009/04/20 16:01:11 | 000,002,763 | ---- | C] () -- C:\Windows\bthservsdp.dat

    ========== Files - Unicode (All) ==========
    [2011/07/25 15:03:44 | 000,019,014 | ---- | M] ()(C:\Users\Owner\Desktop\??????? ??? ??????.docx) -- C:\Users\Owner\Desktop\Хэвшсэн нэр томьёо.docx
    [2011/07/24 16:17:16 | 000,019,014 | ---- | C] ()(C:\Users\Owner\Desktop\??????? ??? ??????.docx) -- C:\Users\Owner\Desktop\Хэвшсэн нэр томьёо.docx

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  10. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
  11. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi. The OTL fix run successfully this time.

    Please update the following programs to enhance system security and to minimise malware infection.

    Update Java




    It is critical to have the latest version of Java installed, because older versions are a security risk that malware often exploits.
    • To get the latest version of Java please go here.
    • Please select "Agree and Start Free Download".
    • Once downloaded please follow the on screen wizard to install it.
    • When installed, please go to Start -> Control Panel -> Programs and Features.
    • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
      They should have this icon next to any that are there: [​IMG]
      Select any found and choose Uninstall.
    Next:

    Update Adobe Reader

    Adobe Acrobat 10.0 is outdated and contains security vulnerabilities. To update to the latest version of Adobe Reader 10.1.1, please do the following:

    • Please download Adobe Reader 10.1.1 from here and install it.
    • Once Adobe is installed, please navigate to Start >> Control Panel >> Add or Remove Programs.
    • Please remove Adobe Acrobat 10.0.
    Note: I recommend you uncheck any optional installs (For example, Free McAfee Security Scan, Free Google Toolbar, Free Ask Toolbar, etc).

    Next:




    Run ESET Online Scan
    1. Right click on Internet Explorer, and choose Run as administrator.

    2. Then please copy this url to the new window you just opened. ESET OnlineScan
    3. Click the [​IMG] button.
    4. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    5. Check [​IMG]
    6. Click the [​IMG] button.
    7. Accept any security warnings from your browser.
    8. Check [​IMG]
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    13. Push the [​IMG] button.
    14. Push [​IMG]
    You can refer to this animation by neomage if needed.

    Could you please tell me what this link is? I tried opening it but it is incorrect.


    In your next reply, please include the following
    - EESET log.
    - Please note any remaining problems.
     
  12. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
  13. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    also, I always get a message saying that my laptop has low disk space. I didn't set it up my laptop when I bought, so instead of 2 disk which I prefer I have only 1. If I want to set 2 disk spaces, how do I do that? also, should I format laptop since it seems to be always freezing up and kinda getting slower?
     
  14. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hello there. The ESET scan indicates the machine is clean and you may no longer have any malware present in your machine.
    The error message is an early warning. You have a lot of data stored in your C: drive, please try to remove some of it now. If you keep adding data to this drive, soon your computer will become unusable. I belive the crashes are because of this. You want to create two disks, this is known as partitioning. You need a piece of software to do this. I will give you the link for the software but first, we need to remove unnecessary data.

    A few tips that will help you.
    • Uninstall any program you no longer use or need, all of these use unnecessary storage.
    • Navigate to Documents / Pictures / Music, find anything you no longer need and remove it.
    • Empty your recycle bin.
    If you have data that you do not want to remove, then perhaps you can back this data up to another external source of media. At the moment, you have 0.24% free, you need to get this to atleast 10 - 15% free.
     
  15. lux13

    lux13 Thread Starter

    Joined:
    Sep 5, 2011
    Messages:
    25
    Thanks for the reply.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1016205