Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

random explorer pop-up, please check


  • This topic is locked This topic is locked

#1
qwerty123

qwerty123

    Member

  • Member
  • PipPipPip
  • 142 posts
Hello, for some reason my computer has been opening up internet explorer on its own and would link to the address http://198.31.193.211:8008/clientStatus.!%5E however that address would never load. Could this be a malware? someone please check my computer, thanks.




OTL logfile created on: 9/27/2011 8:40:09 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Harry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 57.24% Memory free
11.96 Gb Paging File | 8.90 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.62 Gb Total Space | 166.93 Gb Free Space | 36.88% Space Free | Partition Type: NTFS

Computer Name: HARRY-VAIO | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 20:39:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2011/09/19 20:30:18 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2011/09/19 20:30:17 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/09/11 13:11:42 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/06 19:52:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/28 17:19:12 | 008,180,224 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2011/06/08 23:14:38 | 000,439,744 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/24 17:40:44 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/03/02 19:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/02/19 22:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010/02/19 22:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010/01/21 23:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/01/21 22:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/01/19 23:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/01/19 23:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/01/19 23:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/01/15 16:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/11/20 18:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/20 18:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/23 16:46:23 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/06 19:52:16 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/14 20:25:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/14 20:23:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/14 20:23:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/14 20:23:43 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/14 20:23:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/14 20:23:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/14 20:23:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/14 20:23:08 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/14 20:23:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/08 23:14:38 | 000,994,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/06/08 23:14:38 | 000,516,864 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2011/06/08 23:14:38 | 000,476,616 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\IEBrowser.dll
MOD - [2011/06/08 23:14:38 | 000,243,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/05/04 18:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/05/03 11:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/03/29 18:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 21:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 21:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/01/21 22:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/01/21 22:40:10 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/01/19 23:58:42 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/01/19 23:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/01/19 23:58:42 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/01/19 23:58:42 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/01/19 23:58:42 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/01/19 23:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/01/19 23:58:42 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/01/19 23:58:42 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/01/19 23:58:42 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/01/19 23:58:42 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/01/19 23:58:42 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2010/01/19 23:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/01/19 23:58:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/01/19 23:58:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/01/19 23:58:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/01/19 23:58:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/01/19 23:58:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2010/01/19 23:58:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2010/01/02 10:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 10:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/09/27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/12 20:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/19 22:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/02/19 22:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/02/19 22:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/01/20 18:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/19 20:30:17 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/08/27 00:58:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 17:38:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/24 17:40:44 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/20 18:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/06 09:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/12 03:48:01 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/11 10:39:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/07/15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/20 06:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/19 06:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/03/19 06:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/03/18 16:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/18 16:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/18 16:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/18 16:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/18 16:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/18 05:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/17 16:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/03 18:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/11 15:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/01/29 15:39:10 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2009/11/20 18:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/20 11:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010/12/12 03:48:01 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:7.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/11 13:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/11 13:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 20:17:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Harry\AppData\Roaming\IDM\idmmzcc3 [2010/12/11 16:47:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Harry\AppData\Roaming\IDM\idmmzcc3 [2010/12/11 16:47:44 | 000,000,000 | ---D | M]

[2010/08/14 00:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Extensions
[2010/09/08 10:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\gumsvz1d.default\extensions
[2011/02/23 03:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/17 13:34:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/14 00:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 00:47:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 20:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/11 13:11:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/09/06 19:52:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/01 00:13:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/04/07 18:32:41 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.230.1.49 128.230.12.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 128.230.1.49 128.230.12.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}: DhcpNameServer = 128.230.12.5 128.230.1.49
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 20:39:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2011/09/12 12:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/09/12 12:26:49 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\RIFT
[2011/09/12 12:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/09/12 12:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Game
[2011/09/11 13:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/09/11 13:11:44 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/09/11 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/09/11 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\TvB
[2011/09/11 12:46:31 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Real
[2011/09/11 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/09/11 12:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/09/10 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Apple
[2011/09/08 23:13:23 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Apple Computer
[2011/09/07 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Adobe
[2011/09/07 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\AOL
[2011/09/07 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\AIM
[2011/09/05 15:06:26 | 001,425,760 | ---- | C] (Impulse Point, LLC) -- C:\Users\Harry\Desktop\ServiceInstaller.exe
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 20:39:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2011/09/27 20:31:58 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/26 22:21:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 16:53:20 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 16:53:20 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 16:45:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 16:45:04 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/19 20:30:14 | 000,000,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
[2011/09/18 00:33:46 | 000,025,433 | ---- | M] () -- C:\Users\Harry\Desktop\Amtrak - Reservations - Confirmation.pdf
[2011/09/18 00:16:14 | 000,108,385 | ---- | M] () -- C:\Users\Harry\Desktop\JetBlue _ Itinerary _ Print.pdf
[2011/09/14 02:45:54 | 000,984,980 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 02:45:54 | 000,794,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/14 02:45:54 | 000,171,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/12 12:27:21 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/09/11 13:12:11 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/09/11 13:11:44 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/09/06 19:52:20 | 000,002,059 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/05 15:06:27 | 001,425,760 | ---- | M] (Impulse Point, LLC) -- C:\Users\Harry\Desktop\ServiceInstaller.exe
[2011/09/03 15:10:08 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/08/29 00:09:37 | 000,046,968 | ---- | M] () -- C:\Users\Harry\Desktop\Class Schedule.pdf
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/18 00:33:46 | 000,025,433 | ---- | C] () -- C:\Users\Harry\Desktop\Amtrak - Reservations - Confirmation.pdf
[2011/09/18 00:16:14 | 000,108,385 | ---- | C] () -- C:\Users\Harry\Desktop\JetBlue _ Itinerary _ Print.pdf
[2011/09/12 12:27:21 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/09/11 13:12:11 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/09/05 16:39:19 | 000,001,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk
[2011/08/29 00:09:37 | 000,046,968 | ---- | C] () -- C:\Users\Harry\Desktop\Class Schedule.pdf
[2011/08/14 14:05:17 | 000,000,032 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\coreavc.ini
[2011/06/08 23:15:02 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll
[2011/01/27 21:50:31 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/22 00:47:14 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/12/22 00:47:14 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/12/22 00:47:14 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/12/22 00:47:14 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/12/22 00:47:14 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/12/21 22:07:09 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2010/12/21 22:07:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2010/12/16 14:29:23 | 000,000,111 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\Èr
[2010/08/14 18:55:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/27 18:18:57 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2010/07/27 17:20:19 | 000,984,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\acccore
[2010/10/13 01:25:41 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Auslogics
[2010/08/24 00:03:59 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\com.AccuWeather.sony.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
[2010/12/21 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\DMCache
[2011/09/25 21:36:55 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2010/12/22 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\GetRightToGo
[2010/12/13 04:06:12 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\IDM
[2010/08/28 00:47:18 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ooVoo Details
[2011/07/10 21:37:05 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PlayFirst
[2010/11/06 17:27:49 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPLive
[2011/09/12 12:53:15 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\RIFT
[2010/10/12 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\SE_logs
[2010/08/24 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\SoftGrid Client
[2010/10/12 00:42:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\SogouExplorer
[2011/03/09 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\SURA
[2010/08/14 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\TP
[2011/07/10 13:57:56 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2C49569B

< End of report >





OTL Extras logfile created on: 9/27/2011 8:40:09 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Harry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 57.24% Memory free
11.96 Gb Paging File | 8.90 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.62 Gb Total Space | 166.93 Gb Free Space | 36.88% Space Free | Partition Type: NTFS

Computer Name: HARRY-VAIO | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7BF099BD-10EE-4B04-A195-CAE2742C943E}" = Setup_VEP_x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}" = VAIO Messenger
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{07182027-A63E-4E86-B96F-452EB9D61360}" = VAIO Help and Support
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{78C3DDD6-0303-4371-9CC1-163F07E87137}" = Remote Play with PlayStation 3
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{808625C0-412D-2343-CA00-9C19A9671101}" = AccuWeather.com Cirrus
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DD980D24-1240-4052-A5F7-411786C36AC8}" = Remote Keyboard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AIM_7" = AIM 7
"Application Manager for VAIO" = Application Manager for VAIO
"com.AccuWeather.sony.6AF67E59E785A9A644FCA43BED05A7731922EF40.1" = AccuWeather.com Cirrus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Dash of Fun Pack 4-in-1" = Dash of Fun Pack 4-in-1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Internet Download Manager" = Internet Download Manager
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PowerISO" = PowerISO
"PPGame" = PPGame V0.0.1.0009
"PPLive" = PPTV V2.7.3.0009
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"SafeConnect" = SafeConnect
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VAIO Messenger" = VAIO Messenger
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2011 9:00:47 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error - 3/20/2011 9:00:47 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error - 3/20/2011 9:00:47 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 3/21/2011 6:48:23 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/21/2011 6:48:23 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 3/21/2011 6:48:23 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 3/22/2011 1:25:11 AM | Computer Name = Harry-VAIO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/24/2011 9:23:30 AM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
too short

Error - 3/25/2011 6:17:01 PM | Computer Name = Harry-VAIO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/27/2011 7:38:20 PM | Computer Name = Harry-VAIO | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1813908189-QkxaMDAwMkMxLlhDMEQ2OUNqRTM5OUhDRTgyMTRJVQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ OSession Events ]
Error - 2/3/2011 1:20:41 PM | Computer Name = Harry-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/23/2011 4:45:22 PM | Computer Name = Harry-VAIO | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 9/23/2011 4:46:17 PM | Computer Name = Harry-VAIO | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 9/23/2011 4:46:17 PM | Computer Name = Harry-VAIO | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 9/24/2011 1:15:27 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 1:47:19 AM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 9:31:58 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 9:47:01 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 9:59:03 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 11:22:57 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =

Error - 9/26/2011 11:58:55 PM | Computer Name = Harry-VAIO | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello qwerty123 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV:64bit: - [2010/07/15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2010/07/15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    [2010/12/22 00:47:14 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2010/12/22 00:47:14 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2010/12/22 00:47:14 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2010/12/22 00:47:14 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2010/12/22 00:47:14 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2010/12/16 14:29:23 | 000,000,111 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\Èr

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c


    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Remove your old version of Combofix and

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Thank you so much for coming to help me, i noticed that the combofix deleted alot of weird name files, am i getting them from somewhere?



OTL
------------------------------------------------------------------------

All processes killed
========== OTL ==========
Service epmntdrv stopped successfully!
Service epmntdrv deleted successfully!
C:\Windows\SysNative\epmntdrv.sys moved successfully.
Service EuGdiDrv stopped successfully!
Service EuGdiDrv deleted successfully!
C:\Windows\SysNative\EuGdiDrv.sys moved successfully.
Error: No service named epmntdrv was found to stop!
Service\Driver key epmntdrv not found.
C:\Windows\SysWOW64\epmntdrv.sys moved successfully.
Error: No service named EuGdiDrv was found to stop!
Service\Driver key EuGdiDrv not found.
C:\Windows\SysWOW64\EuGdiDrv.sys moved successfully.
C:\Windows\SysWOW64\BootMan.exe moved successfully.
C:\Windows\SysWOW64\setupempdrv03.exe moved successfully.
C:\Windows\SysWOW64\EuEpmGdi.dll moved successfully.
File C:\Windows\SysWow64\epmntdrv.sys not found.
File C:\Windows\SysWow64\EuGdiDrv.sys not found.
C:\Users\Harry\AppData\Roaming\Èr moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Harry-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : syr.edu
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 62-DD-08-E6-D8-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : syr.edu
Description . . . . . . . . . . . : Atheros AR9287 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-DD-08-E6-D8-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : syr.edu
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 54-42-49-61-C8-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7056:dbdd:a8e8:90da%10(Preferred)
IPv4 Address. . . . . . . . . . . : 128.230.201.236(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 03, 2011 5:44:37 PM
Lease Expires . . . . . . . . . . : Tuesday, October 04, 2011 12:50:15 AM
Default Gateway . . . . . . . . . : 128.230.201.1
128.230.200.1
DHCP Server . . . . . . . . . . . : 128.230.98.20
DHCPv6 IAID . . . . . . . . . . . : 234890430
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E1-04-2B-54-42-49-61-C8-02
DNS Servers . . . . . . . . . . . : 128.230.1.49
128.230.12.5
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:417:e47:7f19:3613(Preferred)
Link-local IPv6 Address . . . . . : fe80::417:e47:7f19:3613%18(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{37643C88-06DA-4AFB-9C94-1DA345E441F5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.syr.edu:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : syr.edu
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . : syr.edu
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #15
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:80e6:c9ec::80e6:c9ec(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 128.230.1.49
128.230.12.5
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: icarus.syr.edu
Address: 128.230.1.49
Name: google.com
Addresses: 74.125.226.116
74.125.226.112
74.125.226.113
74.125.226.114
74.125.226.115
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: icarus.syr.edu
Address: 128.230.1.49
Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.226.115] with 32 bytes of data:
Reply from 74.125.226.115: bytes=32 time=7ms TTL=53
Reply from 74.125.226.115: bytes=32 time=7ms TTL=53
Ping statistics for 74.125.226.115:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 7ms, Average = 7ms
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=86ms TTL=50
Reply from 98.137.149.56: bytes=32 time=95ms TTL=50
Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 95ms, Average = 90ms
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
15...62 dd 08 e6 d8 5a ......Microsoft Virtual WiFi Miniport Adapter
11...78 dd 08 e6 d8 5a ......Atheros AR9287 Wireless Network Adapter
10...54 42 49 61 c8 02 ......Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 128.230.201.1 128.230.201.236 10
0.0.0.0 0.0.0.0 128.230.200.1 128.230.201.236 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.230.201.0 255.255.255.0 On-link 128.230.201.236 266
128.230.201.236 255.255.255.255 On-link 128.230.201.236 266
128.230.201.255 255.255.255.255 On-link 128.230.201.236 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 128.230.201.236 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 128.230.201.236 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:417:e47:7f19:3613/128
On-link
16 1010 2002::/16 On-link
16 266 2002:80e6:c9ec::80e6:c9ec/128
On-link
10 266 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::417:e47:7f19:3613/128
On-link
10 266 fe80::7056:dbdd:a8e8:90da/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Harry\Desktop\cmd.bat deleted successfully.
C:\Users\Harry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Harry
->Temp folder emptied: 76018 bytes
->Temporary Internet Files folder emptied: 2594209 bytes
->Java cache emptied: 3624944 bytes
->FireFox cache emptied: 132737905 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 53164 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 4071424 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9380 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 456004 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 185760 bytes

Total Files Cleaned = 137.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Harry
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_234019

Files\Folders moved on Reboot...
C:\Users\Harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...





COMBO FIX
------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 11-10-03.01 - Harry 10/03/2011 23:53:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.3941 [GMT -4:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110720221015_hushubao110701zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110720221233_hushubao110701cha15s.swf
c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110818141042_meilianyingyu110818zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110831184528_zunnihuojia110901zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110902141131_taobao110903houtie.swf
c:\favoritevideo\InvisibleFolder\20110902141315_taobao110903zanting.swf
c:\favoritevideo\InvisibleFolder\20110902141522_taobao110903cha15s.swf
c:\favoritevideo\InvisibleFolder\20110902141741_taobao110903qipao.swf
c:\favoritevideo\InvisibleFolder\20110902164352_1haodian110904cha15s.swf
c:\favoritevideo\InvisibleFolder\20110902164739_1haodian110904zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110902165031_1haodian110904zanting.swf
c:\favoritevideo\InvisibleFolder\20110902173153_fushijiaojuan110905kehuduanzhu15s.swf
c:\favoritevideo\InvisibleFolder\20110902175812_sanling110905zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110902183313_dongzhi110905kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110903152603_dazhong110903zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110903185357_shenxiandao110903kehuanduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110903185600_shenxiandao110903kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110905142051_beijingliantong110905zanting.jpg
c:\favoritevideo\InvisibleFolder\20110905152546_taobao110907kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110905152720_taobao110807kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110905152924_taobao110907kehuanduanyixingqipao.swf
c:\favoritevideo\InvisibleFolder\20110905153550_meiguaoduizhang110905zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110905153936_taobao110907kehuduanhoutie.swf
c:\favoritevideo\InvisibleFolder\20110905154057_dawusheng110905zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110906095652_tianjing110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110906095809_tianjing110907cha15s.swf
c:\favoritevideo\InvisibleFolder\20110906121210_fushi110906zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110906154806_jielian110906zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110906154933_jieling110906jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110906163217_niersen110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110906163342_niersen110907kuhuduanzanting.jpg
c:\favoritevideo\InvisibleFolder\20110906164330_wushen110908zanting.swf
c:\favoritevideo\InvisibleFolder\20110906170340_diguowenming110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110906170526_diguowenming110907kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110906170715_diguowenming110907kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110906185026_haier110906cha15s.swf
c:\favoritevideo\InvisibleFolder\20110906185146_haier110906zanting.swf
c:\favoritevideo\InvisibleFolder\20110906192913_quanqiudingfangwang110907chabo.swf
c:\favoritevideo\InvisibleFolder\20110907115039_fushi110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110907143241_wanwang3110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110907143539_wanwang110907zanting.swf
c:\favoritevideo\InvisibleFolder\20110907153810_zhengtuhuaijiu110909zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110907154109_zhengtuhuaijiu110909zanting.swf
c:\favoritevideo\InvisibleFolder\20110907171205_maibaobao110907cha15s.swf
c:\favoritevideo\InvisibleFolder\20110907171430_maibaobao110907zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110907171601_maibaobao110907zanting.swf
c:\favoritevideo\InvisibleFolder\20110907175612_taobao110908kehuduanhoutie.swf
c:\favoritevideo\InvisibleFolder\20110907175900_taoabao110908kuhuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110907180159_taobao110908kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110907180352_taobao110908qipao.swf
c:\favoritevideo\InvisibleFolder\20110908095425_guangqichuanqi110908chabo.swf
c:\favoritevideo\InvisibleFolder\20110908095852_guangqichuanqi110908zanting.swf
c:\favoritevideo\InvisibleFolder\20110908101711_guangqichuanqi110908zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110908141613_tianjing110908zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110908141727_tianjing110908cha15s.swf
c:\favoritevideo\InvisibleFolder\20110908164106_wushen110908zanting.swf
c:\favoritevideo\InvisibleFolder\20110908164404_dafuni110909kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110908171945_wanwang3110909zanting.swf
c:\favoritevideo\InvisibleFolder\20110908175539_hapi110913zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110908180742_zhengtu2110909zanting.swf
c:\favoritevideo\InvisibleFolder\20110908212259_dongfengrichan110909zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110908212509_dongfengrichan110908cha15s.swf
c:\favoritevideo\InvisibleFolder\20110908215417_baiyoumoka110909zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909114754_VOGUE110909cha15s.swf
c:\favoritevideo\InvisibleFolder\20110909115039_VOGUE110909zanting.swf
c:\favoritevideo\InvisibleFolder\20110909141203_mokajingling110910zanting.swf
c:\favoritevideo\InvisibleFolder\20110909150648_taobao110912kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110909150816_taobao110912kehuduanqipao.swf
c:\favoritevideo\InvisibleFolder\20110909151705_taobao110912kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110909151840_taobao110912kehuduanhoutie.swf
c:\favoritevideo\InvisibleFolder\20110909163506_aiqingshuixingle110910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909163622_aiqingshuixingle110910kehuduanzanting.jpg
c:\favoritevideo\InvisibleFolder\20110909164824_wushen110910zanting.swf
c:\favoritevideo\InvisibleFolder\20110909165038_wushen110910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909170030_liuqi110910zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110909172229_xiakexing110910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909180634_zhengtu2110910zanting.swf
c:\favoritevideo\InvisibleFolder\20110909182216_aokesi110912zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110909182329_aokesi110912cha15s.swf
c:\favoritevideo\InvisibleFolder\20110909182436_aokesi110912zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909182821_hanghaizhiwang110910kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110909183412_hanghaizhiwang110910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909183538_Hhanghaizhiwang110910kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110909184114_ludingji110910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110909184311_ludingji110910zanting.swf
c:\favoritevideo\InvisibleFolder\20110909235740_tiandiyingxiong110913kehuduanchabo.swf
c:\favoritevideo\InvisibleFolder\20110909235927_tiandiyingxiong110913zhzu15s.swf
c:\favoritevideo\InvisibleFolder\20110910000234_tiandiyingxiong110913kehuduanzanting.swf
c:\favoritevideo\InvisibleFolder\20110910000427_tiandiyingxiong110913qipao.swf
c:\favoritevideo\InvisibleFolder\20110910084902_yongbingtianxia110911zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110910085157_yongbingtianxia110912zanting.swf
c:\favoritevideo\InvisibleFolder\20110912214756_aiqingshuixingle110913kehuduanhoutie.swf
c:\favoritevideo\InvisibleFolder\20110912214940_aiqingshuixingle110913kehuduanzt.jpg
c:\favoritevideo\InvisibleFolder\20110912215044_aiqingshuixingle110913zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110913095625_ludingji110913zanting.swf
c:\favoritevideo\InvisibleFolder\20110913180758_songxiaxiyiji110915zanting.jpg
c:\favoritevideo\InvisibleFolder\20110913180926_songxiaxiyiji110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110913205202_dianhun110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110913220010_yiqizaixian110914zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110914114236_qiannvyouhun110918zanting.swf
c:\favoritevideo\InvisibleFolder\20110914114422_qiannvyouhun110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110914142641_wanmei110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110914142819_wanmei110915zanting.swf
c:\favoritevideo\InvisibleFolder\20110914153501_wozaizhaoni110914zanting.gif
c:\favoritevideo\InvisibleFolder\20110914155001_ludingji110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110914163837_taobao110915qipao.swf
c:\favoritevideo\InvisibleFolder\20110914164033_taobao110915zanting.swf
c:\favoritevideo\InvisibleFolder\20110914164211_taobao110915chabo.swf
c:\favoritevideo\InvisibleFolder\20110914164418_taobao110915kehuduanhoutie.swf
c:\favoritevideo\InvisibleFolder\20110914165803_yiqiuchengming110917zanting.swf
c:\favoritevideo\InvisibleFolder\20110914173934_yihaodian110914cha15s.swf
c:\favoritevideo\InvisibleFolder\20110914174315_1haodian110914zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110914174643_1haodian110914zanting.swf
c:\favoritevideo\InvisibleFolder\20110914175150_dianhun110914zanting.swf
c:\favoritevideo\InvisibleFolder\20110914183755_yongbingtianxia110915qipao.swf
c:\favoritevideo\InvisibleFolder\20110914184110_yongbingtianxia110915zanting.swf
c:\favoritevideo\InvisibleFolder\20110914190122_baiqueling110915chabo.swf
c:\favoritevideo\InvisibleFolder\20110914190402_baiqueling110915chabo.swf
c:\favoritevideo\InvisibleFolder\20110915100205_weipinhui110915cha15s.swf
c:\favoritevideo\InvisibleFolder\20110915113911_dell110915zanting.jpg
c:\favoritevideo\InvisibleFolder\20110915115642_dell110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915143340_ludingji110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915160523_ludingji110916zanting.swf
c:\favoritevideo\InvisibleFolder\20110915161821_yongbingtianxia110916zanting.swf
c:\favoritevideo\InvisibleFolder\20110915162010_yongbingtianxia110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915165232_zuixiaoyao110916zanting.swf
c:\favoritevideo\InvisibleFolder\20110915172908_dell110915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915174728_dell110915zanting.swf
c:\favoritevideo\InvisibleFolder\20110915182052_shengshisanguo110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915185929_shengshisanguo110916chabo.swf
c:\favoritevideo\InvisibleFolder\20110915190006_zhengtu2110916qipao.swf
c:\favoritevideo\InvisibleFolder\20110915190146_zhengtu2110916zanting.swf
c:\favoritevideo\InvisibleFolder\20110915191922_pingan110915zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110915192119_pingan110915cha15s.swf
c:\favoritevideo\InvisibleFolder\20110915234024_shengshisanguob110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915234402_shengshisanguoc110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110915235134_shengshisanguod110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916094148_shengshisanguo110916chabo.swf
c:\favoritevideo\InvisibleFolder\20110916094801_shengshisanguo110916morenqipao.swf
c:\favoritevideo\InvisibleFolder\20110916101859_pingan110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916104545_shengshisanguo110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916134558_taobao110919zanting.swf
c:\favoritevideo\InvisibleFolder\20110916134941_taobao110919chabo.swf
c:\favoritevideo\InvisibleFolder\20110916135034_taobao110919qipao.swf
c:\favoritevideo\InvisibleFolder\20110916135109_taobao110919houtie.swf
c:\favoritevideo\InvisibleFolder\20110916142016_kangzhan2110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916142403_kangzhan2110921zanting.swf
c:\favoritevideo\InvisibleFolder\20110916143402_kangzhan2110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110916152308_shengshisanguo110916fqipao.swf
c:\favoritevideo\InvisibleFolder\20110916164542_maibaobao110916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916164642_maibaobao110916zanting.swf
c:\favoritevideo\InvisibleFolder\20110916164752_maibaobao110916cha15s.swf
c:\favoritevideo\InvisibleFolder\20110916171135_quanjia110916zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110916181710_wushen110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916181859_ftzhongwenwang110919zanting.gif
c:\favoritevideo\InvisibleFolder\20110916182154_bomei110918zanting.swf
c:\favoritevideo\InvisibleFolder\20110916184044_zhengtu2110918qipao.swf
c:\favoritevideo\InvisibleFolder\20110916184659_zhengtu2110917zanting.swf
c:\favoritevideo\InvisibleFolder\20110916232216_ludingji110917zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916232404_ludingji110917zanting.swf
c:\favoritevideo\InvisibleFolder\20110916232626_ludingji110918zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916232744_ludingji110918zanting.swf
c:\favoritevideo\InvisibleFolder\20110916232942_ludingji110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110916233106_ludingji110919zanting.swf
c:\favoritevideo\InvisibleFolder\20110919093615_xinhaigemingmoren110919zhu15s.jpg
c:\favoritevideo\InvisibleFolder\20110919094208_xinhaigeming110919qipao.jpg
c:\favoritevideo\InvisibleFolder\20110919100014_xinhaigeming110919zhu15s5D.swf
c:\favoritevideo\InvisibleFolder\20110919102528_huabi110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919103609_gudaojinghun110919zanting.jpg
c:\favoritevideo\InvisibleFolder\20110919103809_gudaojinghun110919qipao.jpg
c:\favoritevideo\InvisibleFolder\20110919103856_gudaojinghun110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919105833_gangdeqin110919zanting.jpg
c:\favoritevideo\InvisibleFolder\20110919110030_gangdeqin110919qipao.jpg
c:\favoritevideo\InvisibleFolder\20110919110112_gangdeqin110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919113529_shengshisanguof110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919114529_shengshisanguo110919zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919120401_dongfengbiaozhi110919zanting.swf
c:\favoritevideo\InvisibleFolder\20110919170616_ludingji110920zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110919184518_taobaovas110920chabo.swf
c:\favoritevideo\InvisibleFolder\20110919184549_51com110920zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920102753_shenxiandao110920chabo.swf
c:\favoritevideo\InvisibleFolder\20110920103002_shenxiandao110920zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920103129_shenxiandao110920zanting.swf
c:\favoritevideo\InvisibleFolder\20110920105914_xinhaigeming110920qipao.swf
c:\favoritevideo\InvisibleFolder\20110920110002_gudaojinghun110920qipao.swf
c:\favoritevideo\InvisibleFolder\20110920110105_gangdeqin110920qipao.swf
c:\favoritevideo\InvisibleFolder\20110920151907_shengshisanguoe110920zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920165957_zhuxian110920zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920170235_zhuxian110921zanting.swf
c:\favoritevideo\InvisibleFolder\20110920173607_qianjinyaoye110920zhu15sa.swf
c:\favoritevideo\InvisibleFolder\20110920173953_qianjinyaoye110920zhu15sb.swf
c:\favoritevideo\InvisibleFolder\20110920174126_qianjinyaoye110920zhu15sc.swf
c:\favoritevideo\InvisibleFolder\20110920184025_yingxionglianmeng110921zanting.swf
c:\favoritevideo\InvisibleFolder\20110920191054_wushen110921zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920191227_wushen110921zanting.swf
c:\favoritevideo\InvisibleFolder\20110920193400_51com110921zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110920193524_51com110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110920205902_kuainvwenjuan110921zanting.jpg
c:\favoritevideo\InvisibleFolder\20110921132451_wenjuan110801houtie15s.swf
c:\favoritevideo\InvisibleFolder\20110921165026_huanxiangxiyou110922zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110921174320_yingxionglianmeng110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110921174451_yingxionglianmeng110922zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110921181116_wushen110922zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110921181355_wushen110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110921182713_zhuxian110922zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110921182835_zhuxian110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110921183201_taobao110922chabo.swf
c:\favoritevideo\InvisibleFolder\20110921183313_taobao110922houtie.swf
c:\favoritevideo\InvisibleFolder\20110921185350_taobao110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110921185459_taobao110922qipao.swf
c:\favoritevideo\InvisibleFolder\20110921192913_langangyongb110922zhu15snew.swf
c:\favoritevideo\InvisibleFolder\20110922114132_51com110922zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922155838_ludingji110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110922160440_dell110922zanting.swf
c:\favoritevideo\InvisibleFolder\20110922164953_qiannvyouhun110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922165310_qiannvyouhun110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922171335_moyu110925zanting.swf
c:\favoritevideo\InvisibleFolder\20110922173008_zuixiaoyao110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922175201_lvsezhengtu110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922175336_lvsezhengtu110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922180123_zhengtu2110923qipao.swf
c:\favoritevideo\InvisibleFolder\20110922180249_zhengtu2110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922181923_anerle110923jiaobiaozhuliu.swf
c:\favoritevideo\InvisibleFolder\20110922181935_tankeshijie110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922182119_tankeshijie110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922191637_huanxiangxiyou110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922191822_huanxiangxiyou110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922192422_yongbingtianxia110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922192543_yongbingtianxia110923zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110922193854_huoyingshijie110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922205606_huoyingshijie110923qipao.swf
c:\favoritevideo\InvisibleFolder\20110922205702_huoyingshijie110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922205740_huoyingshijie110923chabo.swf
c:\favoritevideo\InvisibleFolder\20110923094537_qiannvyouhun110923zhu15snew.swf
c:\favoritevideo\InvisibleFolder\20110923145253_lvsezhengtu110924zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923145828_lvsezhengtu110924zanting.swf
c:\favoritevideo\InvisibleFolder\20110923150014_lvsezhengtu110925zanting.swf
c:\favoritevideo\InvisibleFolder\20110923153957_jingdong110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923154914_taobao10924chabo.swf
c:\favoritevideo\InvisibleFolder\20110923155020_taobao110924houtie.swf
c:\favoritevideo\InvisibleFolder\20110923155141_taobao110924zanting.swf
c:\favoritevideo\InvisibleFolder\20110923155301_taobao110924qipao.swf
c:\favoritevideo\InvisibleFolder\20110923162308_maibaobao110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923163104_pingan110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923163718_pingan110923zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110923180519_taoabo110926houtie.swf
c:\favoritevideo\InvisibleFolder\20110923180817_taobao110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110923183227_yingxionglianmeng110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923183434_yingxionglianmeng110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110923184800_zhengtu2110924zanting.swf
c:\favoritevideo\InvisibleFolder\20110923190518_kangzhan2110924zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926104845_xiandaifs110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926105142_xiandaifs110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110926144233_dongnanqiche110926zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110926144352_dongnanqiche110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926160946_maibaobao110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926161126_maibaobao110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110926161635_pinganchuangye110926zating15s.swf
c:\favoritevideo\InvisibleFolder\20110926161800_pinganchuangye110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926161839_maibaobao110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926171725_quanqiushiming110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110926175852_zhuibu110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926180137_zhuibu110926zanting.jpg
c:\favoritevideo\InvisibleFolder\20110926182405_panpan110926jiaobiao1.swf
c:\favoritevideo\InvisibleFolder\20110926182601_panpan110926jiaobiao2.swf
c:\favoritevideo\InvisibleFolder\20110926182753_panpan110926jiaobiao3.swf
c:\favoritevideo\InvisibleFolder\20110926215518_shanhaichuangshilu110927chabo.swf
c:\favoritevideo\InvisibleFolder\20110926215656_shanhaichuangshilu110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926215940_shanhaichuangshilu110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927100546_bianfeng110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927100706_bianfeng110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927102553_chuanqi110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927103020_guangqichuanqi110927zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110927103243_guangqichuanqi110927cha15s.swf
c:\favoritevideo\InvisibleFolder\20110927103633_1haodian110927cha15s.swf
c:\favoritevideo\InvisibleFolder\20110927104005_1haodian110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927104204_nvwujijie110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927104247_1haodian110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927121627_kuainvwenjuan110927zanting.jpg
c:\favoritevideo\InvisibleFolder\20110927135607_shenguishijie110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927135744_shenguishijie110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110927151210_zhengtumianfei110929zanting.swf
c:\favoritevideo\InvisibleFolder\20110927151425_zhengtumianfie110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110927151614_zhengtumianfei111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110927161042_taohuayuanji111002zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927161150_guangzhoujinye110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927170254_yitiantulong110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927170507_yitiantulong110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110927173940_qiannvyouhun110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110927174121_qiba110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927181748_xunxian110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928122430_37wan110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928135536_oulaiya110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928135708_oulaiya110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110928155510_shijitiancheng111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928164546_yongbing110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928175156_moyu111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928175337_moyu111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928181438_qiannvyouhun111003zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928181624_qiannvyouhun111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928182536_kuainvwenjuan110928jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110929112311_yingxionglianmeng111004zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929115505_lieguo110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929115628_lieguo110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110929140819_saishiti111001azhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929141026_aitishi111001azanting.jpg
c:\favoritevideo\InvisibleFolder\20110929141429_aishiti111001achabo.jpg
c:\favoritevideo\InvisibleFolder\20110929152449_xiandaifs110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929152611_xiandaifs110929zanting.swf
c:\favoritevideo\InvisibleFolder\20110929173139_17vee110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930105007_qqfeiche111003zanting.swf
c:\favoritevideo\InvisibleFolder\20110930121615_neibuguanggaomoren110930zhu15s.jpg
c:\favoritevideo\InvisibleFolder\20110930135908_chuanqi111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930140207_guangqichuanqi111001cha15s.swf
c:\favoritevideo\InvisibleFolder\20110930143739_taobao111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110930143903_taobao111001houtie.swf
c:\favoritevideo\InvisibleFolder\20110930144008_taobao111001qipao.swf
c:\favoritevideo\InvisibleFolder\20110930145107_taobao111001chabo.swf
c:\favoritevideo\InvisibleFolder\20110930151327_vasmoren110930zanting.jpg
c:\favoritevideo\InvisibleFolder\20110930164224_shengshishaguo111001chabo.swf
c:\favoritevideo\InvisibleFolder\20110930164357_shengshishanguo2fu111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930164531_shengshisanguo2fu111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110930215822_jintiannichuanyue111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930215939_jintiannichuanyue111001zanting.jpg
c:\favoritevideo\InvisibleFolder\20110930230148_zhuainannvshen111001zanting.jpg
c:\favoritevideo\InvisibleFolder\20111001020448_moren111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111001083240_shenxiandao8f111004chabo.swf
c:\favoritevideo\InvisibleFolder\20111001083327_shenxiandao8f111004houtie.swf
c:\favoritevideo\InvisibleFolder\20111001083424_shenxiandao8f111004zanting.swf
c:\favoritevideo\InvisibleFolder\20111003091620_haier111003zhu15s.swf
c:\favoritevideo\InvisibleFolder\pptvsetup_3.0.2.0011_s2.exe
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Harry\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 03:59 . 2011-10-04 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-04 03:43 . 2011-10-04 03:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6262A4D3-AF9A-439D-AB9A-850973F09776}\offreg.dll
2011-10-04 03:40 . 2011-10-04 03:40 -------- d-----w- C:\_OTL
2011-10-04 02:30 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6262A4D3-AF9A-439D-AB9A-850973F09776}\mpengine.dll
2011-09-29 03:52 . 2011-09-29 03:52 -------- d-----w- c:\users\Harry\AppData\Roaming\Microsoft Corporation
2011-09-21 13:35 . 2011-09-21 13:35 4566176 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-09-18 17:07 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-09-12 16:30 . 2006-07-28 13:31 83736 ----a-w- c:\windows\system32\xinput1_2.dll
2011-09-12 16:26 . 2011-09-12 16:53 -------- d-----w- c:\users\Harry\AppData\Roaming\RIFT
2011-09-12 16:26 . 2011-09-13 00:34 -------- d-----w- c:\program files (x86)\RIFT Game
2011-09-11 17:12 . 2011-09-11 17:12 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-09-11 17:12 . 2011-09-11 17:12 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-09-11 17:11 . 2011-09-11 17:11 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-09-11 17:11 . 2011-09-11 17:11 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-09-11 17:11 . 2011-09-11 17:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-09-11 16:46 . 2011-09-11 17:12 -------- d-----w- c:\program files (x86)\Real
2011-09-11 02:20 . 2011-09-11 02:20 -------- d-----w- c:\users\Harry\AppData\Local\Apple
2011-09-09 03:23 . 2011-01-27 01:41 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9423E957-0B5E-4253-9CDC-F8085EED6F36}\gapaengine.dll
2011-09-09 03:13 . 2011-09-09 03:13 -------- d-----w- c:\users\Harry\AppData\Local\Apple Computer
2011-09-07 22:35 . 2011-09-18 04:16 -------- d-----w- c:\users\Harry\AppData\Local\Adobe
2011-09-07 21:26 . 2011-09-07 21:26 -------- d-----w- c:\users\Harry\AppData\Local\AOL
2011-09-07 21:26 . 2011-09-07 21:26 -------- d-----w- c:\users\Harry\AppData\Local\AIM
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 20:46 . 2011-05-16 03:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 00:26 . 2011-06-14 01:48 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-22 05:42 . 2011-08-13 04:28 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-13 04:28 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-13 04:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-13 04:28 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-13 04:28 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-13 04:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-13 00:48 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-13 00:48 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-13 00:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-13 00:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-13 00:48 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-13 00:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-13 00:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-13 00:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-13 00:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-13 00:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-13 00:48 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-13 00:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-13 00:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-13 00:48 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-13 00:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-13 00:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-13 00:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-08-03 03:39 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-09 05:26 . 2011-08-25 01:16 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-25 01:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-13 00:48 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-27 39408]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" [2011-06-09 439744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-09-11 273528]
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 297240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 135664]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-13 49152]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 135664]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 21:46]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 21:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 128.230.1.49 128.230.12.5
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\gumsvz1d.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-04 00:02:11
ComboFix-quarantined-files.txt 2011-10-04 04:02
.
Pre-Run: 186,872,979,456 bytes free
Post-Run: 186,535,903,232 bytes free
.
- - End Of File - - A08BE65DBD3275B62A556B744875CE47
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi qwerty123,

How is your system now? Any problems?
  • 0

#5
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Theres really nothing wrong except the fact that that weird link is still showing up. It would open Internet Explorer with that link in the address box but it would never load and stay blank. Should i be worried?
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi qwerty123,

I don't see any malware related to this link but Internet Explorer shouldn't open by himself. This link is related to auto login script for firefox. That is the only info I have on it. Does it ring any bell to you?

Let's make sure your system is clean first.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#7
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
I was unable to do step 2. For some reason it says i don't have the permission to save it there and that i should contact the administrator. How do i go around this?


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-08 00:22:54
-----------------------------
00:22:54.366 OS Version: Windows x64 6.1.7601 Service Pack 1
00:22:54.366 Number of processors: 8 586 0x1E05
00:22:54.367 ComputerName: HARRY-VAIO UserName: Harry
00:22:56.224 Initialize success
00:23:23.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:23:23.344 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
00:23:23.351 Disk 0 MBR read successfully
00:23:23.354 Disk 0 MBR scan
00:23:23.356 Disk 0 Windows 7 default MBR code
00:23:23.359 Service scanning
00:23:23.998 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:23:24.718 Modules scanning
00:23:24.726 Disk 0 trace - called modules:
00:23:24.767 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:23:24.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062c4790]
00:23:24.785 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005cc3e40]
00:23:24.794 5 ACPI.sys[fffff88000ee77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005cc6050]
00:23:24.802 Scan finished successfully
00:24:17.023 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"
00:24:17.031 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"

Edited by qwerty123, 07 October 2011 - 10:27 PM.

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi qwerty123

Let's try Rootkit UnHooker instead GMER.

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  • 0

#9
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Hello, i encountered another error, i'm kind of getting worried, could it be malware that is stopping me from using these tools? I get the following error doing the scan


Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you try to run GMER in safe mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#11
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Hey, i was able to get GMER running by saving it to my desktop then moving it to the C: root which i got the permission. I just couldn't directly save it to the C root. Would that be the same?

**UPDATE**: Ah, sorry i didn't see that you posted a response, do you still want me to try running it in safe mode if i couldn't directly save it to the C root?


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-10 03:15:41
Windows 6.1.7601 Service Pack 1
Running: 9go2oc94.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbf0e830
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbf0e830 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Edited by qwerty123, 10 October 2011 - 01:20 AM.

  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You don't need to run it in safe mode because we have log. And it's clean. Maybe some of your applications is lunching IE with explorer.

Lets see what you have in your startup

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If you don't get IE with this address lunching after this then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results
  • 0

#13
qwerty123

qwerty123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
hey, i waited a couple days to see if it anything is popping up and it seems for now it has stopped. it happened after i uninstalled something, so i think everything should be fine if my computer is clean :)
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi qwerty123,

Glad to hear that! Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP