Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot sector problem, strange taskmgr.exe behavior

Started by blues71 , Sep 20 2011 11:40 AM

  • Please log in to reply

#1
blues71
Posted 20 September 2011 - 11:40 AM

blues71

    Member

  • Member
  • PipPip
  • 57 posts
I have a 3-week-old Sony Vaio S Series, with an I5 and 4GB Ram, running Windows 7. Last week I allowed my firewall to install what looked like a java update and got a blue screen of death (forgot to write the codes), after which the PC would not boot. I attempted multiple system restores and startup repairs using the included utilities, and tried several fixes offered in forums like this. I believe the one that made the difference was a command-line boot sector restoration. I did not consider at first the possibility of malware, as I have not had any sort of infection in years on my previous computers, but once the computer started again I ran GMER and TDSSKILLER and the Kapersky 2011 Virus Removal tool and Avast Antivirus, which is my standard protection. I found nothing I could recognize and moved on.

Several days passed in which all seemed fine. Yesterday I was having trouble connecting to a wireless network, when an instance of taskmgr.exe identified with the /User/ folder (not the windows or system folders) asked for administrator authorization to change other files. Every time I denied, the request immediately came back up. By calling up task manager with ctrl-alt-del I was able to close my other programs and shut down the computer. In safe mode, I ran the Kapersky 2011 Virus Removal tool and Avast. I ran GMER in safe mode and TDSSKILLER and HijackThis, RUBotted and Prevx (which seems to have installed itself). Then I found this forum, downloaded and ran OTL with the results below. Please help me to read this!

Thanks!!


------------

OTL logfile created on: 9/20/2011 11:20:55 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Smash\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.78% Memory free
7.83 Gb Paging File | 5.37 Gb Available in Paging File | 68.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.75 Gb Total Space | 323.46 Gb Free Space | 71.13% Space Free | Partition Type: NTFS

Computer Name: SIDEKICK | User Name: Smash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/20 11:20:26 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Smash\Downloads\OTL.exe
PRC - [2011/09/06 22:45:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/12 14:06:46 | 000,437,272 | ---- | M] (Sophos Group) -- C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2011/01/07 14:16:30 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/01/05 00:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/05 00:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/23 17:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/12/23 17:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/11/27 01:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 01:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/17 19:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/23 06:39:54 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/06 22:45:38 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/01 23:00:47 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/01 15:30:39 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/09/01 15:30:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/01 15:30:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/09/01 15:30:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4655321f01d2564f3c7acda08636ecc6\IAStorCommon.ni.dll
MOD - [2011/09/01 15:30:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3dd77b6d66cda1f160a7adbe7c0e01af\IAStorUtil.ni.dll
MOD - [2011/09/01 15:30:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/09/01 15:30:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/01 15:30:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/01 15:30:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/01 15:30:18 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/01 15:30:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 01:50:33 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/24 07:00:00 | 000,655,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/04/20 10:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/14 01:01:51 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/09 17:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/12/06 10:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/11/18 18:27:32 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/11/18 18:20:02 | 000,869,376 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/11/02 14:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 14:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 14:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 18:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/29 20:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2011/01/05 00:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/05 00:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/30 11:28:38 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/12/23 17:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/11/27 01:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/10/12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/23 06:39:54 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/20 01:50:34 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/09/20 01:50:34 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/09/20 01:50:33 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2011/09/06 14:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 14:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 14:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 14:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 14:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 14:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/09/02 00:20:24 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\17E5.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/29 19:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/01/17 08:11:12 | 000,179,976 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2011/01/14 01:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/14 01:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/14 01:02:02 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/14 01:02:02 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/14 00:59:48 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/01/12 10:35:40 | 000,119,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2011/01/05 00:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/12/21 14:09:15 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/10 03:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/06 14:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/18 18:11:36 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/11/18 18:11:28 | 000,081,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2010/11/18 18:11:26 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino®
DRV:64bit: - [2010/11/09 04:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/03 16:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/03 16:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/11/03 16:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/11/03 16:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/03 16:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/11/01 14:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/01 14:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/08 08:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdisMP)
DRV:64bit: - [2010/07/08 08:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdis)
DRV:64bit: - [2010/04/26 14:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/10/20 12:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.5
FF - prefs.js..extensions.enabledItems: {c2d0e930-64de-11db-bd13-0800200c9a66}:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {57E72829-C158-4341-BBED-58F0AD1740FD}:3.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {68E5DD30-A659-4987-99F9-EAF21F9D4140}:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: {3541c267-2580-4144-854e-2e05c8670121}:1.5.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..extensions.enabledItems: {97c7d43c-4182-49b8-9b04-b78fed89d7fb}:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.02
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.20101102
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.0
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4
FF - prefs.js..keyword.URL: "http://search.newtab...ng.com/?t=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Smash\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Smash\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/09/02 10:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/16 00:05:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/06 22:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/02 10:39:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/09/01 16:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smash\AppData\Roaming\Mozilla\Extensions
[2011/09/16 08:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 19:28:39 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] ("OpenBook") -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (FAYT) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/09/01 22:09:18 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (Generic chrome CSS loader) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\[email protected]
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\[email protected]
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\foxmarks@kei(62).com
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (RECAP) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\[email protected]
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (ScribbliesBrite) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\ScribbliesBrite
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\temp
[2011/09/01 22:09:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\extensions\vshare@toolbar
[2010/04/09 15:21:18 | 000,002,273 | ---- | M] () -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\searchplugins\ask.xml
[2010/04/09 15:21:18 | 000,001,028 | ---- | M] () -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\searchplugins\bing.xml
[2007/04/09 15:42:28 | 000,002,386 | ---- | M] () -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\searchplugins\siteadvisor.xml
[2009/02/24 12:13:12 | 000,001,898 | ---- | M] () -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\searchplugins\surf-canyon.xml
[2008/06/20 12:03:30 | 000,001,108 | ---- | M] () -- C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\eucu3gfb.default\searchplugins\wikipedia-en.xml
[2011/09/01 16:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/02 10:13:23 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/09/16 00:05:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\{3541C267-2580-4144-854E-2E05C8670121}.XPI
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\{68E5DD30-A659-4987-99F9-EAF21F9D4140}.XPI
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SMASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EUCU3GFB.DEFAULT\EXTENSIONS\[email protected]
[2011/09/06 22:45:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/30 13:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Smash\AppData\Local\Google\Chrome\Application\13.0.782.218\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Smash\AppData\Local\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Smash\AppData\Local\Google\Chrome\Application\13.0.782.218\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Smash\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Freemake Video Converter = C:\Users\Smash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PCTD Service Activation] C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe (OakTree Digital)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79CBB78-8331-4E42-9632-5EBFF92885AF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/20 02:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/09/20 02:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/09/20 01:50:34 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/09/20 01:50:34 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/09/20 01:50:34 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/09/20 01:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2011/09/20 01:50:33 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/09/20 01:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/09/20 01:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/09/20 01:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/09/20 01:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/09/20 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/09/20 01:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/09/20 01:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/20 01:33:16 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/19 19:01:45 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Smash\taskmgr.exe
[2011/09/16 09:52:13 | 000,000,000 | ---D | C] -- C:\Users\Smash\Resources
[2011/09/16 01:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/15 11:02:32 | 000,000,000 | ---D | C] -- C:\Users\Smash\Documents\Freemake
[2011/09/14 21:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/14 21:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/14 21:54:17 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Macroplant
[2011/09/13 12:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IPRO Tech
[2011/09/13 12:06:20 | 000,000,000 | ---D | C] -- C:\Users\Smash\Desktop\Drinker's Guide
[2011/09/13 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\IPublish
[2011/09/13 09:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IPRO Tech
[2011/09/12 11:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/09/12 11:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\WDCSAM
[2011/09/09 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
[2011/09/09 15:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celtx
[2011/09/09 15:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe
[2011/09/09 15:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/09/09 15:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/09/09 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\NCH Software
[2011/09/09 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/09 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/09 13:54:46 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Leadertech
[2011/09/06 22:46:43 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 22:46:43 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/06 22:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/06 22:46:42 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 22:46:42 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 22:46:42 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 22:46:41 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 22:46:41 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 22:46:33 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 22:46:32 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 22:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/06 22:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/06 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\ElevatedDiagnostics
[2011/09/06 18:56:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/06 10:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/09/03 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\FeedDemon
[2011/09/03 00:44:04 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\CrashDumps
[2011/09/02 13:48:47 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Adobe
[2011/09/02 13:22:12 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\OpenOffice.org
[2011/09/02 10:40:38 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Apple Computer
[2011/09/02 10:40:38 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Apple Computer
[2011/09/02 10:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/02 10:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/09/02 10:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/09/02 10:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/02 10:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/02 10:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/02 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Apple
[2011/09/02 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/02 10:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/02 10:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/02 10:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/09/02 10:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/02 10:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/09/02 10:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/09/02 10:21:36 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Winamp
[2011/09/02 10:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/09/02 10:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/09/02 10:15:51 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Paint.NET
[2011/09/02 10:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/09/02 10:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/09/02 10:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011/09/02 10:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2011/09/02 10:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2011/09/02 10:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/02 10:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/02 00:58:25 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\TrueCrypt
[2011/09/02 00:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2011/09/02 00:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/09/02 00:20:24 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/09/02 00:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011/09/02 00:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedDemon
[2011/09/02 00:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FeedDemon
[2011/09/02 00:17:30 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\PCToolsFirewallPlus
[2011/09/02 00:17:17 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/09/02 00:17:16 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/09/02 00:17:16 | 000,140,800 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/09/02 00:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus
[2011/09/02 00:16:51 | 000,119,688 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2011/09/02 00:16:51 | 000,079,000 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2011/09/02 00:16:51 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2011/09/02 00:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/02 00:16:50 | 000,179,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2011/09/02 00:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Firewall Plus
[2011/09/01 23:54:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/01 23:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/09/01 23:49:26 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Panda Security
[2011/09/01 23:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/09/01 23:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/09/01 23:48:43 | 000,000,000 | ---D | C] -- C:\temp
[2011/09/01 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Thunderbird
[2011/09/01 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Thunderbird
[2011/09/01 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2011/09/01 22:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2011/09/01 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/09/01 21:55:52 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Spotify
[2011/09/01 21:55:52 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Spotify
[2011/09/01 21:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotify
[2011/09/01 16:48:23 | 000,155,648 | ---- | C] (Paradigm Matrix San Jose CA and Jan Bottorff) -- C:\Windows\SysWow64\pzjpeg32.dll
[2011/09/01 16:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verint Video Solutions
[2011/09/01 16:48:22 | 000,565,248 | ---- | C] (Axis Communications AB) -- C:\Windows\SysWow64\AxMP4Dec.dll
[2011/09/01 16:48:22 | 000,331,776 | ---- | C] (Axis Communications AB) -- C:\Windows\SysWow64\AxisMediaViewer.dll
[2011/09/01 16:48:22 | 000,319,488 | ---- | C] (Axis Communications) -- C:\Windows\SysWow64\axaacdec.dll
[2011/09/01 16:48:22 | 000,294,912 | ---- | C] (Axis Communications) -- C:\Windows\SysWow64\Audio.dll
[2011/09/01 16:48:22 | 000,258,048 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\SN4Codec.dll
[2011/09/01 16:48:22 | 000,212,992 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\WavLor.dll
[2011/09/01 16:48:22 | 000,212,992 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\AxisMpg4.dll
[2011/09/01 16:48:22 | 000,094,208 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\WaveT2.dll
[2011/09/01 16:48:22 | 000,081,920 | ---- | C] (Verint) -- C:\Windows\SysWow64\LrxTextOV.ax
[2011/09/01 16:48:22 | 000,065,536 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\VerintMpg4.dll
[2011/09/01 16:48:22 | 000,045,056 | ---- | C] (Verint, Inc.) -- C:\Windows\SysWow64\LRXHcodec.dll
[2011/09/01 16:48:05 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\InstallShield
[2011/09/01 16:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Dub
[2011/09/01 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Mozilla
[2011/09/01 16:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/01 15:21:32 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\WinFF
[2011/09/01 15:18:58 | 000,000,000 | ---D | C] -- C:\Users\Smash\fontconfig
[2011/09/01 15:18:07 | 000,000,000 | ---D | C] -- C:\Users\Smash\.smplayer
[2011/09/01 15:14:41 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/01 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\vlc
[2011/09/01 15:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/01 15:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/01 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Google
[2011/09/01 15:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSpot
[2011/09/01 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic
[2011/09/01 14:44:16 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Media Player Classic
[2011/09/01 14:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/09/01 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Smash\Desktop\Investigation
[2011/09/01 12:54:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/09/01 12:54:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/09/01 12:17:20 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Diagnostics
[2011/09/01 08:21:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/01 08:21:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/01 08:18:31 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/09/01 08:18:14 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/09/01 07:45:24 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Tific
[2011/09/01 07:45:23 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Symantec
[2011/09/01 01:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
[2011/09/01 01:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/08/31 21:37:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2011/08/31 19:34:19 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Best Buy pc app
[2011/08/31 19:16:32 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Intel Wireless Display
[2011/08/31 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Mozilla
[2011/08/31 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Macromedia
[2011/08/31 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Adobe
[2011/08/31 18:54:25 | 000,000,000 | ---D | C] -- C:\Update
[2011/08/31 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\OakTree_Digital
[2011/08/31 18:49:03 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Intel Corporation
[2011/08/31 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\ATI
[2011/08/31 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\ATI
[2011/08/31 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Broadcom
[2011/08/31 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Smash\Documents\Bluetooth Exchange Folder
[2011/08/31 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Deployment
[2011/08/31 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Apps
[2011/08/31 18:48:40 | 000,000,000 | R--D | C] -- C:\Users\Smash\Searches
[2011/08/31 18:48:40 | 000,000,000 | R--D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/31 18:48:40 | 000,000,000 | -H-D | C] -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/31 18:48:33 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Identities
[2011/08/31 18:48:32 | 000,000,000 | R--D | C] -- C:\Users\Smash\Contacts
[2011/08/31 18:48:30 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\VirtualStore
[2011/08/31 18:46:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2011/08/31 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Sony Corporation
[2011/08/31 18:46:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/31 18:46:38 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Intel
[2011/08/31 18:46:37 | 000,000,000 | --SD | C] -- C:\Users\Smash\AppData\Roaming\Microsoft
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Videos
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Saved Games
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Pictures
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Music
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Links
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Favorites
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Downloads
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Documents
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\Desktop
[2011/08/31 18:46:37 | 000,000,000 | R--D | C] -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\AppData\Local\Temporary Internet Files
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Templates
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Start Menu
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\SendTo
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Recent
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\PrintHood
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\NetHood
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Documents\My Videos
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Documents\My Pictures
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Documents\My Music
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\My Documents
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Local Settings
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\AppData\Local\History
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Cookies
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\Application Data
[2011/08/31 18:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Smash\AppData\Local\Application Data
[2011/08/31 18:46:37 | 000,000,000 | -H-D | C] -- C:\Users\Smash\AppData
[2011/08/31 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Temp
[2011/08/31 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Smash\Roaming
[2011/08/31 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Local\Microsoft
[2011/08/31 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Smash\AppData\Roaming\Media Center Programs
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/20 11:16:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/20 11:16:18 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/20 11:16:18 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/20 11:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933669382-2066110312-4194297450-1001UA.job
[2011/09/20 11:13:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/20 01:50:34 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/09/20 01:50:34 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/09/20 01:50:34 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/09/20 01:50:33 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/09/20 01:33:16 | 000,002,975 | ---- | M] () -- C:\Users\Smash\Desktop\HiJackThis.lnk
[2011/09/20 01:32:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/20 01:32:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/20 01:25:20 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/19 19:01:45 | 000,005,632 | -HS- | M] () -- C:\Users\Smash\wevtapi.dll
[2011/09/19 16:12:15 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933669382-2066110312-4194297450-1001Core.job
[2011/09/17 18:30:27 | 553,825,331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/17 09:32:02 | 000,042,628 | ---- | M] () -- C:\Users\Smash\Desktop\Untitled 1.odt
[2011/09/16 09:18:16 | 000,001,412 | -HS- | M] () -- C:\Windows\1585609drv.spi
[2011/09/16 00:05:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/15 17:06:04 | 000,001,264 | -HS- | M] () -- C:\Users\Smash\AppData\Local\5b5s8f0nhi1
[2011/09/15 17:06:04 | 000,001,264 | -HS- | M] () -- C:\ProgramData\5b5s8f0nhi1
[2011/09/13 12:11:48 | 000,000,278 | ---- | M] () -- C:\Users\Smash\AppData\Local\ipublish.ini
[2011/09/13 10:49:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/07 09:40:07 | 000,002,118 | ---- | M] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/06 19:29:27 | 000,325,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/06 19:04:12 | 000,000,268 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/09/06 18:42:04 | 000,010,153 | ---- | M] () -- C:\Users\Smash\Desktop\Tuai_VehicleSummary.odt
[2011/09/06 14:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 14:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 14:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 14:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 14:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 14:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 14:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 14:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 14:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/02 10:25:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/02 10:22:09 | 000,001,007 | ---- | M] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/09/02 00:23:40 | 000,001,035 | ---- | M] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2011/09/02 00:20:24 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/09/02 00:18:47 | 000,001,933 | ---- | M] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\FeedDemon.lnk
[2011/09/01 14:27:42 | 000,001,441 | ---- | M] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 13:34:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/09/01 13:34:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/31 19:44:57 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/08/31 19:44:57 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/08/31 18:48:27 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCSC1AFM.mrk
[2011/08/31 18:48:27 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCSC1AFM.mrk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/20 01:33:16 | 000,002,975 | ---- | C] () -- C:\Users\Smash\Desktop\HiJackThis.lnk
[2011/09/19 19:01:45 | 000,005,632 | -HS- | C] () -- C:\Users\Smash\wevtapi.dll
[2011/09/17 18:30:27 | 553,825,331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/17 09:32:01 | 000,042,628 | ---- | C] () -- C:\Users\Smash\Desktop\Untitled 1.odt
[2011/09/16 01:32:27 | 000,001,412 | -HS- | C] () -- C:\Windows\1585609drv.spi
[2011/09/15 17:06:04 | 000,001,264 | -HS- | C] () -- C:\Users\Smash\AppData\Local\5b5s8f0nhi1
[2011/09/15 17:06:04 | 000,001,264 | -HS- | C] () -- C:\ProgramData\5b5s8f0nhi1
[2011/09/13 12:11:47 | 000,000,278 | ---- | C] () -- C:\Users\Smash\AppData\Local\ipublish.ini
[2011/09/13 10:49:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/09 15:13:55 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
[2011/09/06 22:46:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/09/06 19:04:12 | 000,000,268 | ---- | C] () -- C:\WirelessDiagLog.csv
[2011/09/06 18:42:02 | 000,010,153 | ---- | C] () -- C:\Users\Smash\Desktop\Tuai_VehicleSummary.odt
[2011/09/02 10:39:31 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/02 10:25:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/02 10:22:09 | 000,001,007 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/09/02 10:16:16 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/09/02 00:23:54 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/09/02 00:23:40 | 000,001,035 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2011/09/02 00:18:47 | 000,001,933 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\FeedDemon.lnk
[2011/09/01 22:06:28 | 000,002,118 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/01 22:06:28 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/09/01 21:55:50 | 000,001,025 | ---- | C] () -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/09/01 16:48:22 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\AxMJPGDec.dll
[2011/09/01 16:48:22 | 000,143,398 | ---- | C] () -- C:\Windows\SysWow64\TelenorCom.dll
[2011/09/01 16:48:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\LrxYV12.dll
[2011/09/01 16:48:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\TJPEGCodec.dll
[2011/09/01 16:48:22 | 000,006,754 | ---- | C] () -- C:\Windows\SysWow64\AxisMediaViewer.tlh
[2011/09/01 16:23:33 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/01 15:11:29 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933669382-2066110312-4194297450-1001UA.job
[2011/09/01 15:11:29 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933669382-2066110312-4194297450-1001Core.job
[2011/09/01 15:02:18 | 000,001,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot.lnk
[2011/09/01 14:45:03 | 000,001,504 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic.lnk
[2011/09/01 13:34:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/09/01 13:34:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/09/01 12:32:35 | 3155,054,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/01 08:19:11 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/09/01 08:18:03 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/09/01 08:17:57 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/09/01 08:17:57 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/09/01 08:17:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/08/31 21:37:30 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2011/08/31 18:54:50 | 000,001,441 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/31 18:48:44 | 000,001,413 | ---- | C] () -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/31 18:48:41 | 000,001,447 | ---- | C] () -- C:\Users\Smash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/31 18:48:27 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCSC1AFM.mrk
[2011/08/31 18:48:27 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCSC1AFM.mrk
[2011/08/31 18:46:37 | 000,000,290 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/31 18:46:37 | 000,000,272 | ---- | C] () -- C:\Users\Smash\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/03/28 06:42:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/28 06:37:01 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/01/14 02:20:50 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/01/14 02:20:50 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/01/14 02:20:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/01/14 02:20:50 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/13 12:16:49 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\IPublish
[2011/09/09 13:54:46 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\Leadertech
[2011/09/02 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\OpenOffice.org
[2011/09/01 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\Panda Security
[2011/09/02 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\PCToolsFirewallPlus
[2011/09/11 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\Spotify
[2011/09/01 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\Thunderbird
[2011/09/01 07:45:24 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\Tific
[2011/09/02 01:00:13 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\TrueCrypt
[2011/09/16 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Smash\AppData\Roaming\WinFF
[2009/07/13 23:08:49 | 000,011,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:C31F31E6

< End of report >
  • 0

Advertisements

#2
blues71
Posted 20 September 2011 - 11:45 AM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I just realized OTL also produced this extras.txt file:

OTL Extras logfile created on: 9/20/2011 11:20:55 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Smash\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.78% Memory free
7.83 Gb Paging File | 5.37 Gb Available in Paging File | 68.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.75 Gb Total Space | 323.46 Gb Free Space | 71.13% Space Free | Partition Type: NTFS

Computer Name: SIDEKICK | User Name: Smash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{124C73A8-5C1B-EF26-867B-5B77F9BC4D07}" = ATI Catalyst Install Manager
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{AF0BE024-8A51-E33A-D9A9-A4B8C8C71DD3}" = ccc-utility64
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel® PROSet/Wireless WiFi Software
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CFFA71A3-B098-31B4-94F7-07EA2A717418}" = WMV9/VC-1 Video Playback
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PCSI" = Prevx
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}" = VAIO Messenger
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09535813-6A3C-7954-96A6-6C3CB279D269}" = CCC Help German
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{118EFF90-3852-918E-1792-44912800232D}" = CCC Help Japanese
"{146FEF7F-4761-3239-2B5C-AB97D021E8BC}" = Catalyst Control Center Profiles Mobile
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{280E31FF-90A9-2CE5-4877-4147A5844266}" = CCC Help Dutch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B7C3552-72EA-E925-7024-D18F32BCBD06}" = CCC Help Italian
"{2F2CE655-BB00-BE89-6932-75B915963284}" = Catalyst Control Center Graphics Previews Common
"{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BA7E8F-7E1D-1B0B-E5C2-A9A1296091D2}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3845BDF0-8A2C-BF4C-11F3-8882075B9E26}" = CCC Help Greek
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464BA630-A5F5-5047-6DEB-01ED8F98BFB8}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53E913F1-9D04-B864-CF80-E0CAFCB3F38C}" = CCC Help Hungarian
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{670F35CC-ADFC-2260-B863-E18E588BC087}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712D5D1D-E668-C2A1-A508-81661F735B18}" = CCC Help Russian
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{753152B8-456A-6D6C-4050-1C740049DAF7}" = ccc-core-static
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Wireless Wizard
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884A242B-BE5C-4F9F-9177-F44156A5D081}" = VAIO Help and Support
"{89AC9DCA-EB77-9B54-C109-9EE497C70A38}" = Catalyst Control Center Localization All
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C678F94-F511-443E-B543-F26EA1471DE6}" = PCTDServiceActivation
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{995845A2-5767-429D-8986-694050AE1F34}" = Remote Keyboard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0361AD3-CA02-90FD-6617-B8CAE4827F2B}" = CCC Help Norwegian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A720A7F6-389B-2E93-7BDA-69D0A12F33CB}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A84F2351-A421-6A58-626F-5792820D40B7}" = CCC Help Danish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B46CA1A1-680B-6161-5312-A4FF0AFD518D}" = CCC Help English
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B79242FF-8ACC-0525-85FD-6B99215198AE}" = CCC Help Portuguese
"{BE18FDC3-7E2E-4DE5-B471-DB74491768F2}" = Nextiva Codec
"{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" =
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1B83E1A-0AF9-C416-F511-3AEDEC6EC6DD}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{DA5B3193-C386-E20C-3865-AAE363D7B863}" = CCC Help Finnish
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D10A51-7F06-015F-F5A6-A5FCF64FF54C}" = CCC Help Korean
"{E48CCB7E-63AF-43CC-B5D1-5E1A829BBD98}" = Catalyst Control Center - Branding
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5F25637-12A3-2ECE-BA56-4FD64411C5E1}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC2276B3-81C6-8FBD-358D-619B255F5ABA}" = CCC Help Spanish
"{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5678E75-7569-A976-96FA-FF03F5651A30}" = CCC Help Chinese Standard
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE9A6C6C-0A21-0439-6D7B-00B9BD06A74F}" = CCC Help Chinese Traditional
"{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Application Manager for VAIO" = Application Manager for VAIO
"avast" = avast! Free Antivirus
"Celtx (2.9.1)" = Celtx (2.9.1)
"FeedDemon_is1" = FeedDemon
"Freemake Video Converter_is1" = Freemake Video Converter version 2.3.4
"Inkscape" = Inkscape 0.48.1
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"Scribe" = Express Scribe
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Spotify" = Spotify
"TrueCrypt" = TrueCrypt
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2011 1:48:19 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/7/2011 1:48:19 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/7/2011 10:42:59 PM | Computer Name = Sidekick | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

[ System Events ]
Error - 9/6/2011 9:13:48 PM | Computer Name = Sidekick | Source = DCOM | ID = 10016
Description =

Error - 9/6/2011 9:17:39 PM | Computer Name = Sidekick | Source = DCOM | ID = 10016
Description =

Error - 9/6/2011 9:23:13 PM | Computer Name = Sidekick | Source = DCOM | ID = 10016
Description =

Error - 9/7/2011 2:45:09 AM | Computer Name = Sidekick | Source = Service Control Manager | ID = 7034
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/9/2011 4:12:57 PM | Computer Name = Sidekick | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/9/2011 4:47:50 PM | Computer Name = Sidekick | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/9/2011 4:49:22 PM | Computer Name = Sidekick | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume T: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 9/11/2011 9:04:57 PM | Computer Name = Sidekick | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/11/2011 11:01:54 PM | Computer Name = Sidekick | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/12/2011 8:46:14 AM | Computer Name = Sidekick | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.


< End of report >
  • 0

#3
blues71
Posted 23 September 2011 - 11:27 AM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Never mind. Found help at EMSISOFT support forum.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP