Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Restore window "PC Performance & Stability analysis rep


  • This topic is locked This topic is locked

#1
maezhou

maezhou

    Member

  • Member
  • PipPipPip
  • 152 posts
Windows Edition:
Windows Vista Home Premium edition
Service Pack 1

System:
Processor: Intel® Pentium® Dual CPU T2330 @1.60GHz
Memory RAM: 2.0GB
System type:32-bit Operating System


I clicked on a bad link while browsing using Firefox7.0.1 and started to get a number of "Windows Delayed Write Failed"pop-up alerts saying like "Failed to save all the components for the file \\Systems32100001366. The file is corrupted or unreadable. This error maybe caused by PC hardware problem" and with choice buttons of Cancel - Try Again - Continue.
-- where the systems32 file (\\Systems32100001366 on my sample pop-up message) changes on each of the pop-up alerts.

I tried to close all the pop-up alerts and then I got the "System Restore" window with "PC Performance & Stability analysis report" header which lists all the possible damaged files and systems on my machine. I think I clicked on a "Resolve" or "Restore" or "Fix" button. Once I clicked the button, the System Restore starts scanning and indicated a couple of errors that were fixed and I got this error report:
- Hard drive rotational speed decreasedd by 20%
- Drive C initializing error
- Disk drive c:\ is unreadable
- System files are damaged. System is unstable
- GPU RAM temperature is critically high. Urgent RAM memory optimization...
- The problem may cause errors while loading your operating system
- RAM memory speed decreased significantly and may cause a system...

And then at there's 2 links at the end of the "System Restore" window
- Click here to activate full-functional version
- Continue with limited resolutions

I clicked on the second option, but the window didn't go away. So I clicked on the other link, which of course goes to this secured system-restore dot com page (i can't place the link here cause it might cause also cause you trouble). I ignored the form, did not buy their product. And my laptop restarted.

Took a while for the laptop to restart and when it did, my desktop files and folders were gone. And then I got the "System Restore" window again. And also got the "Files indexation process failed" window on top of that.

The Files indexation process failed window got this message --
"Indexation process failure may cause:
- File may became unreadable
- Files and documents can be lost
- Operation System may slow down dramatically
To prevent possible damage to this PC follow the recommendations.
Recommendations:
It's highly recommended to run integrity checker now and resolve this issue."
-- and a "Resolve this issue" button after the above message.

i'm not clicking any buttons and link because it may further damage my laptop. So those 2 windows are still on my desktop, Obviously, I can still work on my machine, but with these 2 windows on top of everything, so I can just work on a minimized browser and applications.

And from time to time, those "Windows Delayed Write Failed"pop-up alerts goes up. So I have to close them one by one each time.

What do I need to do to restore my previous working conditions?
I'm using WEBROOT ANTI-VIRUS WITH SPY SWEEPER. Do I need to have another type of spyware system/programs to avoid this from happening again?

Below are my OTL log contents. Thank you so much for looking into this. Really gladly appreciate your help.

Here's the OTL.txt log:

OTL logfile created on: 10/22/2011 12:44:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 27.80% Memory free
4.21 Gb Paging File | 2.61 Gb Available in Paging File | 61.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 15.34 Gb Free Space | 8.60% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 00:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
PRC - [2011/10/21 23:06:10 | 000,399,360 | -H-- | M] (Mozilla Foundation) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011/10/21 23:02:21 | 000,518,144 | -H-- | M] (Mozilla Foundation) -- C:\ProgramData\WDDuFxuCIM.exe
PRC - [2011/10/03 20:01:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 18:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 18:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/04/26 00:40:08 | 000,140,952 | -H-- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | -H-- | M] (Google) -- C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/03 03:45:06 | 002,088,584 | ---- | M] () -- C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
PRC - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/01/19 00:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/06/08 05:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 21:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/02 02:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 20:01:31 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 14:32:20 | 000,076,800 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko7.dll
MOD - [2011/09/08 18:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/08/13 10:15:46 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/20 03:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/19 05:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 10:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 10:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 10:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 05:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 05:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 20:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 18:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 05:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 05:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 17:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 04:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1750559&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 20:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 23:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 15:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 21:32:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/10/15 20:00:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 22:17:18 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 19:27:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 19:59:25 | 000,000,000 | -H-D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 14:46:43 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/01 20:11:33 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 20:00:20 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 22:33:32 | 000,000,000 | -H-D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 06:53:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 09:08:37 | 000,000,000 | -H-D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 21:29:44 | 000,000,000 | -H-D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/28 05:29:32 | 000,000,000 | -H-D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011/05/07 00:32:05 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2010/11/15 09:37:36 | 000,000,000 | -H-D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 15:28:02 | 000,000,921 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 15:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 21:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 05:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 06:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 06:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 20:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 06:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 21:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 20:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/21 23:24:15 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [WDDuFxuCIM.exe] C:\ProgramData\WDDuFxuCIM.exe (Mozilla Foundation)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (NowStarter Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.35.28.28,10.71.20.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a741a0a-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = G:\winlog.exe
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 00:43:22 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/22 00:39:10 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/21 23:07:31 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/21 23:06:10 | 000,399,360 | -H-- | C] (Mozilla Foundation) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/21 23:02:55 | 000,518,144 | -H-- | C] (Mozilla Foundation) -- C:\ProgramData\WDDuFxuCIM.exe
[2011/10/12 20:51:01 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 19:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011/09/30 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Software Token
[2011/09/30 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\RSA Security
[2011/09/29 16:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nortel VPN Client
[2011/09/29 16:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\Nortel
[2011/09/29 16:12:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nortel
[2011/09/29 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nortel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 01:10:08 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/10/22 01:07:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 00:45:02 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/10/22 00:45:02 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/10/22 00:43:34 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/22 00:40:01 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 00:32:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 00:32:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 00:23:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 00:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/22 00:23:25 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 00:21:56 | 000,000,633 | -H-- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 23:07:32 | 000,000,609 | -H-- | M] () -- C:\Users\Owner\Desktop\System Restore.lnk
[2011/10/21 23:05:25 | 000,061,314 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:19 | 000,051,735 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:59 | 000,061,936 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:01:01 | 000,020,992 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 22:30:34 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/21 22:30:34 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/16 20:09:55 | 002,853,398 | -H-- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:07:37 | 016,594,174 | -H-- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/13 19:42:18 | 000,875,022 | -H-- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/03 20:11:56 | 000,001,768 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/09/30 16:38:01 | 000,001,928 | -H-- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/09/29 16:37:02 | 000,001,597 | -H-- | M] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 00:21:56 | 000,000,633 | -H-- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 23:07:32 | 000,000,609 | -H-- | C] () -- C:\Users\Owner\Desktop\System Restore.lnk
[2011/10/21 23:05:24 | 000,061,314 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:17 | 000,051,735 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:54 | 000,061,936 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 22:39:33 | 002,853,398 | -H-- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:04:02 | 016,594,174 | -H-- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/13 21:48:46 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/10/13 19:42:15 | 000,875,022 | -H-- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/09/30 19:26:23 | 000,001,928 | -H-- | C] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/09/29 16:37:02 | 000,001,597 | -H-- | C] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2011/07/27 00:11:21 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 06:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 06:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 03:14:23 | 000,017,451 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 20:03:34 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/19 00:43:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 21:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 21:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 22:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 09:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 11:45:29 | 000,006,324 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 20:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 17:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 14:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 14:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 14:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 14:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 14:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 20:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 20:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 22:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/17 00:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/17 00:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/17 00:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/17 00:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/17 00:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/17 00:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/17 00:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 17:12:52 | 000,020,992 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 03:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 03:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 11:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 10:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 20:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 20:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 20:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/20 21:29:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2008/02/21 15:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 14:02:08 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 22:14:33 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 22:40:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 10:31:49 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 21:41:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 20:17:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 16:55:32 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 19:16:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 22:12:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 20:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 16:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/10/22 00:22:40 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/22 01:10:08 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\video1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\myboxtv.org_-_isdalang_1017.avi:TOC.WMV

< End of report >

=========================================


AND HERE'S THE Extras.Txt content:


OTL Extras logfile created on: 10/22/2011 12:44:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 27.80% Memory free
4.21 Gb Paging File | 2.61 Gb Available in Paging File | 61.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 15.34 Gb Free Space | 8.60% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2528014064-590018410-3601204245-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026D0C38-3088-4C19-A9E2-0247052B7A9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{091CCA61-6F0B-4B05-877B-494DF175DE33}" = lport=19026 | protocol=17 | dir=in | name=bitcomet 19026 udp |
"{0E739031-F003-4FDE-AC73-0BB3EF3BE5E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26860C20-91C4-45FE-8FFF-D9686E5E6EF2}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A32BAC6-C8B6-4ED7-9201-9F6807987977}" = lport=19026 | protocol=6 | dir=in | name=bitcomet 19026 tcp |
"{2F7298B9-6CEE-4359-9742-EA3544653F94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C301C79-A9F6-4CD0-B703-97D9C6DA7C30}" = rport=137 | protocol=17 | dir=out | app=system |
"{46F7C667-3BAE-4838-A570-DF8C8B5EFE4A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{495A39FD-151D-483F-9BCD-1F306E8A9EBE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{54862E68-1D8A-44BD-9A2F-28092027D48E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74561816-1C1D-4D66-86ED-21AE6B8AD5F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{823FD5A2-1EDB-4E78-808D-DA0907729819}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B080AAC-E674-43FC-8A2A-D79991EFE301}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CBE2D14-68C7-48C7-8448-A63B16B3D869}" = rport=1701 | protocol=17 | dir=out | app=system |
"{8D8BA66E-BCF5-49C3-A6A9-B36446F19D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{964F67D9-1702-456E-AA16-92B0E6962DE5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{97F19170-E704-483D-AF5F-7D151A16D5A9}" = rport=1723 | protocol=6 | dir=out | app=system |
"{AEF09A4F-74FE-4BE4-8119-D58C03CF4188}" = lport=19026 | protocol=17 | dir=in | name=bitcomet 19026 udp |
"{BAD6D1A9-16DF-4BAE-8A76-5C70861F6E1E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB7B0E2E-A677-49F8-9D2A-0257A7272418}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D14AD161-68F8-4D28-85B2-E6E96ECB9FE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA7578E6-2295-4B4B-BF7D-3676B2ECFE6B}" = lport=1723 | protocol=6 | dir=in | app=system |
"{E47D7B09-A4FF-4BC0-AD80-114B8D7E504D}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5578045-4C0F-4DAB-B4A0-0F1DBC8D56FF}" = lport=56135 | protocol=6 | dir=in | name=pandorest listening port |
"{E9FE9BAB-F81D-4807-B368-E994FF4877A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F19714E7-CF82-45CE-A341-B3CC12E74043}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6865D8B-F389-42D1-86B9-6D872BC20C34}" = lport=1701 | protocol=17 | dir=in | app=system |
"{F8B2B906-B113-40A7-A3EA-AA51D1786E04}" = lport=19026 | protocol=6 | dir=in | name=bitcomet 19026 tcp |
"{FC9C58AF-A96F-4E41-9DBC-6422C4A46FEC}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051BA763-1AEC-4036-9F1A-D701E0E2748D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{07DADB51-5128-4279-9A2E-52C2B7458682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{093C586B-39D0-473B-895C-334F8A7C7058}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{1256EDDA-E18C-4A51-9079-2B95B3E12154}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{2817311E-8752-4521-94B1-187D50B36929}" = protocol=1 | dir=out | [email protected],-28544 |
"{2B391304-82CD-49DE-9B9B-279F1CEF759E}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{3134F5FD-892D-4F90-BD4C-185AB5D53692}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BDABA60-4E3B-4A7D-AA19-8376022CBB38}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{414F31D4-AF88-4DA2-B79F-37E698B4C097}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51F8B363-EC88-40C2-80D3-BE9FB66B701A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7148FE27-0EF1-4010-862A-55F6A89D38ED}" = protocol=58 | dir=in | [email protected],-28545 |
"{764ADA41-5A7F-411D-8585-0F67C4B2A77D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{906D2499-C151-4517-A6DA-5C89A10F701F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{972A0038-1468-4229-82AC-3BD12470B560}" = protocol=58 | dir=out | [email protected],-28546 |
"{9C0D640C-2E36-44F4-A5B6-5AAC78FBD94C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9C3EC3BB-2074-4055-B7AB-CEACD5E2E44E}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{AD5926DA-D583-4B40-BCB2-66B08B7A2112}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B0F48E48-84E1-4029-80D6-DF965B5E6E25}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B340889C-6409-4915-8433-6047DD45E05A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9971F15-53DA-4B47-9AD6-429C38A03775}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{C3A1B472-91C3-42A1-9550-128E32CFC8B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0084280-56EA-4AD7-8A92-09A7C4FC9C90}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{DAFD8A91-0496-4374-8BF7-7E832C7B1E45}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DD4897E3-0AFB-47F8-8939-FEE9D425810D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1190967-C345-41A3-BF47-61FC48201C34}" = protocol=1 | dir=in | [email protected],-28543 |
"{EBA5B007-D020-4161-A53E-3FA384043BDC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{EE8CCB2E-B10C-4C3D-8F6B-BED7BD5BF250}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FEBFB6A8-BD6F-4A9E-B5E0-C645EC03BD24}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{01682B03-53AE-4401-87E9-C78EB50B5458}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{0A7D2B16-6489-4D99-97B2-6D6DC2139D70}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{6C0E96C0-AB0F-4C2D-8E41-4210C84388B3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{711720FC-F270-42AF-9027-1CCDCB24ECB0}C:\windows\system32\fscagent.exe" = protocol=6 | dir=in | app=c:\windows\system32\fscagent.exe |
"TCP Query User{A0E94C00-2B58-4180-8D66-441CB9DDF6AE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{FC761C90-3FDE-401F-9E78-F78196815F16}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{4A4681C4-123B-4A3E-9326-A1883EF5A308}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{79E31D13-820F-4614-AA2C-2E046C619727}C:\windows\system32\fscagent.exe" = protocol=17 | dir=in | app=c:\windows\system32\fscagent.exe |
"UDP Query User{A17A977E-6172-4873-9ED1-31C7A46278E0}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{A85D568D-BAA9-4253-AFDB-5206B5720142}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{BA1275D2-7D69-4D6E-B9A1-3FA0E961BA15}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E2B0A629-5170-45B1-AA11-872020AF44E7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{432DDCA6-5CF6-4F02-93D3-BD78E327DA66}" = RSA SecurID Software Token
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EC5CF64-2E59-411D-0301-120101004016}" = Nortel VPN Client
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{7A647B7A-9FE7-44A2-9041-C04528D44EB9}" = NBC Direct Beta
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8E3A5A56-14DE-45D4-B7B0-AD39A64F685F}" = Click to Disc
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AOL Toolbar 4.0" = AOL Toolbar 4.0
"APU" = CANON iMAGE GATEWAY Album Plugin Utility
"AskSBar Uninstall" = Ask Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitComet" = BitComet 1.29
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chikka Messenger V4" = Chikka Messenger V4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Core FTP LE 2.1" = Core FTP LE 2.1
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"DPP" = Canon Utilities Digital Photo Professional 3.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ExamDiff_is1" = ExamDiff 1.8 (Build 1.8.0.3)
"FLV Player" = FLV Player 2.0 (build 25)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{432DDCA6-5CF6-4F02-93D3-BD78E327DA66}" = RSA SecurID Software Token
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Interwise Participant" = Interwise Participant
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Full
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Notepad++" = Notepad++
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Opera 11.51.1087" = Opera 11.51
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"VAIO Service Utility" = VAIO Service Utility
"Webroot Software" = Webroot Software
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets restore the desktop and icons - remove the main elements and then go from there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKCU..\Run: [WDDuFxuCIM.exe] C:\ProgramData\WDDuFxuCIM.exe (Mozilla Foundation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    [2011/10/21 23:07:31 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    [2011/10/21 23:06:10 | 000,399,360 | -H-- | C] (Mozilla Foundation) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/21 23:02:55 | 000,518,144 | -H-- | C] (Mozilla Foundation) -- C:\ProgramData\WDDuFxuCIM.exe
    [2011/10/22 00:21:56 | 000,000,633 | -H-- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/21 23:07:32 | 000,000,609 | -H-- | C] () -- C:\Users\Owner\Desktop\System Restore.lnk
    [2011/10/13 21:48:46 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and run Unhide.exe

FINALLY

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#3
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Hi, thank you so much for a prompt action on this ticket.
As instructed, I pasted the copy in the quote and do Run Fix.

Here's the content of OTL.Txt:

OTL logfile created on: 10/22/2011 9:45:19 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.35% Memory free
4.21 Gb Paging File | 3.07 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 14.00 Gb Free Space | 7.85% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 18:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 18:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/05/27 21:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/04/26 00:40:08 | 000,140,952 | -H-- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/03 03:45:06 | 002,088,584 | ---- | M] () -- C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
PRC - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/08 05:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 21:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 18:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/19 05:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 10:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 10:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 10:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 05:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 05:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 20:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 18:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 05:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 05:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 17:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 04:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1750559&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 20:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 23:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 15:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 21:32:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/10/15 20:00:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 22:17:18 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 19:27:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 19:59:25 | 000,000,000 | -H-D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 14:46:43 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/01 20:11:33 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 20:00:20 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 22:33:32 | 000,000,000 | -H-D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 06:53:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 09:08:37 | 000,000,000 | -H-D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 21:29:44 | 000,000,000 | -H-D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/28 05:29:32 | 000,000,000 | -H-D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011/05/07 00:32:05 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2010/11/15 09:37:36 | 000,000,000 | -H-D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 15:28:02 | 000,000,921 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 15:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 21:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 05:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 06:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 06:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 20:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 06:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 21:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 20:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/22 09:38:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (NowStarter Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.35.28.28,10.71.20.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a741a0a-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = G:\winlog.exe
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 09:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 02:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/22 00:43:22 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/22 00:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 20:51:01 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 19:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011/09/30 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Software Token
[2011/09/30 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\RSA Security
[2011/09/29 16:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nortel VPN Client
[2011/09/29 16:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\Nortel
[2011/09/29 16:12:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nortel
[2011/09/29 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nortel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 10:00:44 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/10/22 09:45:07 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/10/22 09:40:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 09:40:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 09:40:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 09:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/22 09:40:16 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 09:38:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 09:27:29 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/22 09:27:29 | 000,000,120 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/22 02:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/22 02:07:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 00:45:02 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/10/22 00:43:34 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/21 23:05:25 | 000,061,314 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:19 | 000,051,735 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:59 | 000,061,936 | -H-- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:01:01 | 000,020,992 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 22:30:34 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/21 22:30:34 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/16 20:09:55 | 002,853,398 | -H-- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:07:37 | 016,594,174 | -H-- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/13 19:42:18 | 000,875,022 | -H-- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/03 20:11:56 | 000,001,768 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/09/30 16:38:01 | 000,001,928 | -H-- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/09/29 16:37:02 | 000,001,597 | -H-- | M] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 02:51:33 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/22 02:51:33 | 000,000,120 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/22 02:23:47 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/21 23:05:24 | 000,061,314 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:17 | 000,051,735 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:54 | 000,061,936 | -H-- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 22:39:33 | 002,853,398 | -H-- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:04:02 | 016,594,174 | -H-- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/13 19:42:15 | 000,875,022 | -H-- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/09/30 19:26:23 | 000,001,928 | -H-- | C] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/09/29 16:37:02 | 000,001,597 | -H-- | C] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2011/07/27 00:11:21 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 06:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 06:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 03:14:23 | 000,017,451 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 20:03:34 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/19 00:43:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 21:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 21:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 22:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 09:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 11:45:29 | 000,006,324 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 20:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 17:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 14:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 14:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 14:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 14:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 14:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 20:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 20:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 22:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/17 00:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/17 00:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/17 00:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/17 00:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/17 00:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/17 00:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/17 00:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 17:12:52 | 000,020,992 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 03:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 03:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 11:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 10:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 20:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 20:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 20:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/20 21:29:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2008/02/21 15:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 14:02:08 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 22:14:33 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 22:40:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 10:31:49 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 21:41:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 20:17:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 16:55:32 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 19:16:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 22:12:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 20:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 16:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/10/22 09:39:33 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/22 10:00:44 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\video1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\myboxtv.org_-_isdalang_1017.avi:TOC.WMV

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run Unhide and roguekiller ?

Have the icons and desktop returned ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
    [2011/10/22 09:27:29 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/22 09:27:29 | 000,000,120 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I tried to run Unhide.exe and after a couple of minutes, I got the blue screen and system reboot. After rebooting, my desktop icons are back. They are grayed out, but are still accessible. I'm trying to run Unhide.exe again. Not sure if the desktop items are grayed out because Unhide.exe was not executed completely.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run Roguekiller option 6 and post that log please
  • 0

#7
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I was running RoqueKiller when I got the blue screen again. Do I run it again?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you run it from safe mode ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Reg

    :Files
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I tried to run RoqueKiller again, but on normal mode, not safe mode. It's currently running now, keeping my fingers crossed.
If successful, I'll post the log.

Do I have to do your instruction on the earlier post at 11:19 AM? Or your most recent post instruction?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No if roguekiller complets ignore that step and post the roguekiller log please plus any further problems that you have
  • 0

Advertisements


#11
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I got the blue screen again while RogueKiller is running :)
I'll try to run it again on safe mode.
  • 0

#12
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
RoqueKiller finally finished its execution after 3 failed tries.

Here's the log:

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User: Owner [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/22/2011 12:52:31

Bad processes: 0

Driver: [NOT LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 104 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 18 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 111 / Fail 0
Backup: [FOUND] Success 0 / Fail 37

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Backup: [FOUND] Success 0 / Fail 37

Based on this could you run the OTL script that I posted previously to try and recover them - then once run let me know of any remaining problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    ::Files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Thanks.
I run OTL again, did the Run Fix and the Quick Scan.

Here's the OTL.txt log report:

OTL logfile created on: 10/22/2011 1:23:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.10% Memory free
4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 14.37 Gb Free Space | 8.05% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 18:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 18:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/04/26 00:40:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/03 03:45:06 | 002,088,584 | ---- | M] () -- C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
PRC - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 00:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2007/06/08 05:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 21:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 18:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/19 05:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 18:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 11:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 03:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 10:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/10/22 12:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 10:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 10:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/28 05:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 05:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 20:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 18:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 05:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 05:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 17:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 04:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1750559&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 20:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 23:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 15:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 21:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/10/15 20:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 22:17:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 19:27:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 19:59:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 14:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/01 20:11:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 20:00:20 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 22:33:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 06:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 09:08:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 21:29:44 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/28 05:29:32 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011/05/07 00:32:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2010/11/15 09:37:36 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 15:28:02 | 000,000,921 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/07/02 15:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 21:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 05:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 06:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 06:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/10/03 20:01:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 06:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 21:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 20:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/22 13:17:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (NowStarter Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.71.20.53,10.71.20.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a741a0a-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = G:\winlog.exe
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{1a741a0d-e35f-11de-84ab-001a8025b278}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell - "" = AutoRun
O33 - MountPoints2\{b13bca94-e2bc-11de-bb45-001a8025b278}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2011/10/22 09:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 02:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/22 00:43:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/22 00:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Training Lessons
[2011/10/10 19:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011/09/30 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Software Token
[2011/09/30 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\RSA Security
[2011/09/29 16:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nortel VPN Client
[2011/09/29 16:12:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nortel
[2011/09/29 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nortel
[2011/09/29 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nortel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 13:40:43 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/10/22 13:19:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 13:19:35 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:19:35 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/22 13:19:16 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 13:17:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/22 13:15:19 | 000,001,768 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/10/22 13:12:11 | 000,002,557 | ---- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/10/22 13:07:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 12:54:16 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 12:50:20 | 000,006,324 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/10/22 12:41:39 | 281,487,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/22 11:45:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/10/22 10:47:05 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 10:46:14 | 000,718,336 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2011/10/22 10:32:32 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/22 10:32:32 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/22 09:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 09:27:29 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/22 09:27:29 | 000,000,120 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/22 02:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/22 00:45:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/10/22 00:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/10/21 23:07:32 | 000,000,633 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 23:05:25 | 000,061,314 | ---- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:19 | 000,051,735 | ---- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:59 | 000,061,936 | ---- | M] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:01:01 | 000,020,992 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 20:09:55 | 002,853,398 | ---- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:07:37 | 016,594,174 | ---- | M] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/15 01:50:49 | 000,001,614 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/13 19:42:18 | 000,875,022 | ---- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/10/10 20:38:32 | 000,000,804 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/09/29 16:37:02 | 000,001,597 | ---- | M] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2011/09/29 16:12:42 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 12:55:02 | 2137,427,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/22 11:20:35 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2011/10/22 11:20:35 | 000,001,081 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoomBrowser EX.lnk
[2011/10/22 11:20:34 | 000,002,821 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero BurnLite 10.lnk
[2011/10/22 11:20:34 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/22 11:20:34 | 000,001,854 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari 4.lnk
[2011/10/22 11:20:34 | 000,001,844 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator EX - MP210 Solution Menu.lnk
[2011/10/22 11:20:34 | 000,001,814 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/22 11:20:34 | 000,001,790 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk
[2011/10/22 11:20:34 | 000,001,726 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/10/22 11:20:34 | 000,001,724 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/22 11:20:34 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/10/22 11:20:34 | 000,001,643 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2011/10/22 11:20:34 | 000,001,614 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/22 11:20:34 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/22 11:20:34 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro AntiVirus.lnk
[2011/10/22 11:20:34 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 11:20:34 | 000,000,871 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TMPGEnc.exe - Shortcut.lnk
[2011/10/22 11:20:34 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/10/22 11:20:34 | 000,000,823 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2011/10/22 11:20:34 | 000,000,796 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TextPad.lnk
[2011/10/22 11:20:34 | 000,000,633 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/22 11:20:34 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/22 11:20:34 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/22 11:20:33 | 000,002,305 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 11:20:33 | 000,002,221 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2011/10/22 11:20:33 | 000,001,883 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Chikka Messenger v.4.lnk
[2011/10/22 11:20:33 | 000,000,967 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 6.0.lnk
[2011/10/22 11:20:33 | 000,000,930 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/10/22 11:20:33 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\bsplay.exe - Shortcut.lnk
[2011/10/22 11:20:33 | 000,000,804 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/10/22 11:20:33 | 000,000,798 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ExamDiff.lnk
[2011/10/22 11:20:33 | 000,000,778 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Core FTP Lite.lnk
[2011/10/22 11:20:33 | 000,000,765 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.exe - Shortcut.lnk
[2011/10/22 11:20:33 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CASETOOL.EXE - Shortcut.lnk
[2011/10/22 11:19:39 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 10:46:56 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 10:45:56 | 000,718,336 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2011/10/22 02:51:33 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/22 02:51:33 | 000,000,120 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/22 02:23:47 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/21 23:05:24 | 000,061,314 | ---- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E26.KOR.110111.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:05:17 | 000,051,735 | ---- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E27.KOR.110117.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 23:04:54 | 000,061,936 | ---- | C] () -- C:\Users\Owner\Desktop\Queen.of.Reversal.E28.KOR.110118.HDTV.XviD-HANrel.Haru2subS.V2.srt
[2011/10/21 22:39:33 | 002,853,398 | ---- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.MP3
[2011/10/16 20:04:02 | 016,594,174 | ---- | C] () -- C:\Users\Owner\Desktop\110910 Piggy Dolls() - Hakuna Matata Live - YouTube.mp4
[2011/10/13 19:42:15 | 000,875,022 | ---- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/09/30 19:26:23 | 000,002,557 | ---- | C] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/09/29 16:37:02 | 000,001,597 | ---- | C] () -- C:\Users\Owner\Desktop\Remote Desktop Connection.lnk
[2011/07/27 00:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 06:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 06:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 03:14:23 | 000,017,451 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 20:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/19 00:43:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 21:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 21:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 22:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 09:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 11:45:29 | 000,006,324 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 20:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 17:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 14:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 14:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 14:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 14:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 14:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 20:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 20:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 22:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/17 00:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/17 00:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/17 00:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/17 00:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/17 00:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/17 00:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/17 00:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 17:12:52 | 000,020,992 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 03:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 03:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 11:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 10:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 20:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 20:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 20:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/20 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2008/02/21 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 10:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 21:41:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 20:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 20:03:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/10/22 13:17:54 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/22 13:40:43 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\video1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\myboxtv.org_-_isdalang_1017.avi:TOC.WMV

< End of report >
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP