Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32:adloader-AC,& decompression bombs


  • Please log in to reply

#1
rjd159

rjd159

    New Member

  • Member
  • Pip
  • 5 posts
I am here after 8 weeks of trying to resolve my problems through micro-soft answer ask pages and searching the net for answers. It started with our laptop out of nowhere would freeze after 3 to 5 minutes of use, forcing a hard shutdown. I would then start up normal mode and it would freeze progressively quicker each time. So i booted in safe mode, then safe mode with networking everything seemed fine. so i tried the normal boot again with task manager engaged asap. i had more time i noticed system resources going crazy using up more and more memory and resources. Norton was my biggest problem it had a critical error and it seamed to be the one freezing the system. i started by shutting Norton down then unnecessary processes like the camera service media player Sony media, things that were not needed. that bought me some time i got onto the internet to begin searching for an answer then froze.
from there i created a new user this bought me a few hours, to speed things up here i had created and flipped back and forth between each new user several times having to remove cricket broadband each time and reload to buy as much time so i could research problems. i also tried to connect with a live free tech at Microsoft and Norton their interaction third party approval programs could not connect us it turned out to be the same software for both, i gave up on them and continued on ( that was after Norton tech said down load the upgrade of Norton newest product. That made no difference it would freeze laptop when it began installation. from there removed Norton and some old Microsoft anti spyware. ran malwarebytes, then found a process on Microsoft where i ran their removal tool for anti spyware and then loaded essentials protection. I thought great problem solved, OK then found a process on "tweaking computers" (apologize can not remember the name of the site) blog, i down loaded tddskiller and an intensive process that probed every where checking the disk the registers began a clean up process and reloading drivers and register keys to default, that i thought fixed the problem.
OK, then discovered i had no internet after leaving laptop running (i feel asleep while researching woke up to a frozen lap top and cricket would no longer load. I gave up my partner took laptop and cricket USB connect to cricket ( i found that cricket was missing a key file for loading). They decided, with partners permission to wipe the c drive and reload all the basics. exchanged the USB connect and have us load upon start up avast anti spyware from c-net download. that was a week ago ran it and had it go to our external back up drive. it found a Trojan that was hiding from a year ago in an e-mail (bogus from USPS)told it to remove. it then said we had decompression bombs in there as well. told it to place in chest wasn't sure or heard of a decompression bomb. it failed had to ignore/skip.
next as if i did not learn from first time falling asleep while researching woke up to system near full failure barley able to engage avast to see if it could root the "problem" some how it did i have no idea what it changed or how it corrected system. things are a bit foggy i have been at this day and night between work and every day life, i can only tell you things are better. At this point you will all think i have lost my mind computers just don't right themselves. i swear that is all i was able to do in a panic, thinking this is it the computer is fried and it is all my fault.
since then have engaged "SUPERantispyware" it found 315 cookies (removed those) 4 PUP (removed those) and Yes another Trojan we picked up the moment we loaded avast "win32 ad loader" (removed that). at least i hope so. so here I am paranoid frustrated and believe its only a matter of minutes hours before i am knee deep in another catastrophic system failure. so here goes I am loading the OTL log, it created two of them. Also the log from kasperskys root-killer. I am going to run TDSSKiller again and upload on my return a file that asks what to do with some items that i am just not sure if they should be deleted or not. I thank any and everyone that takes the time to read this rather lengthy situation.

Sincerely,
Robert Dunn,

Attached Files


  • 0

Advertisements


#2
rjd159

rjd159

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Attached File  TDSSKiller.2.7.28.0_13.04.2012_19.41.27_log.txt   129.27KB   33 downloads


This is the TDSSKiller file i wanted to add earlier, thank you again for taking the time to help.
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
rjd159

rjd159

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for replying, i am (we my partner and I) are extremely grateful that you are taking the time to help us. My name is Robert and I am the primary contact for these issues.

I have copied the extras file that i ran from the original OTL download when i first posted all subsequent attempts at the download process have not yielded another extras file but i am adding the new OTL file. Basically it appears that i have successively eliminated the majority of the threat from the laptop. But there are 5 files in our external (H:) drive that are extremely bad. one of is the Trojan and all are listed by AVAST as decompression bombs. i have not been able to find a report on our laptop that avast supposedly creates containing the information so tomorrow morning i will hand copy the location and file names and then type them into this post. i am concerned that there are still registry key files and some miscellaneous clean up that this lap top needs in order to be completely healed from the events i mention in my first post. again thank you this has been a definite challenge but i do "see the light at the end of the tunnel" so to speak.

Sincerely,

Robert Dunn,



OTL Extras logfile created on: 4/13/2012 4:10:40 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\me\Downloads\Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 38.83% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.80 Gb Total Space | 160.08 Gb Free Space | 71.53% Space Free | Partition Type: NTFS
Drive G: | 1.84 Gb Total Space | 1.79 Gb Free Space | 97.24% Space Free | Partition Type: FAT

Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {CA87883F-324A-4A7C-893E-CC1F3FB87DEE},{244EED3D-6D0B-4CB7-963D-3D0D75B6186F},{A9CD3AB6-EE37-4E61-8A69-574AD2CB06BC},{74457E7A-5D83-4E61-B8B3-01A37A3DB66B}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F084D2E-4C1F-4D7D-B64D-AF67D3919496}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AB0CBCE-3498-4399-B888-2F2FF68366B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{33E2DA74-B792-43E5-96D5-C3D1E06716E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{853A7E2E-2303-4EB8-A42E-3256D79E9132}" = lport=139 | protocol=6 | dir=in | app=system |
"{A888355C-AA07-41BB-9781-3079F504D8D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{B55D4B3B-75B1-42FB-96F0-99B88ADB52D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9CE35F2-FE62-43DC-BA47-C4F41920ACAA}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB535339-B220-46C6-80BC-D1142032F4D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E24C22E3-B10A-4E80-89FA-C0DBE4CFBF64}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7771B4D-84F0-47A5-B61D-2D47FF3A93C5}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EB5F7D8-DB7F-4596-9E91-B3D08CFD898E}" = protocol=58 | dir=in | [email protected],-28545 |
"{C853931A-051E-4E11-9283-4E7D3C79DA40}" = protocol=58 | dir=out | [email protected],-28546 |
"{CB533440-979D-4A99-9EFB-631E268D3EE6}" = protocol=1 | dir=out | [email protected],-28544 |
"{EC9968E6-AA57-4245-B470-6FFE700150FE}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{12FEC6F1-F695-4618-A6D2-521EE92F2CB8}" = Cricket Broadband A605
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{971DF98F-61EA-4802-8A1B-A4B040A11E84}" = ACTScom Modem
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DD489855-748D-446D-81C1-2FFA18130C70}" = Cricket Broadband 1.0
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 10:06:11 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/7/2012 10:06:11 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/7/2012 10:09:05 AM | Computer Name = me-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2012 10:14:41 AM | Computer Name = me-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2012 10:19:48 AM | Computer Name = me-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2012 10:33:06 AM | Computer Name = me-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2012 10:33:17 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/7/2012 10:33:17 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/7/2012 10:33:17 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/7/2012 10:33:17 AM | Computer Name = me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/7/2012 12:02:53 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3580.1128)

Error - 4/7/2012 12:02:53 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3580.1129)

Error - 4/7/2012 1:02:58 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3364.1128)

Error - 4/7/2012 1:02:58 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3364.1129)

Error - 4/7/2012 1:03:03 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3364.1128)

Error - 4/7/2012 1:03:03 AM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3364.1129)

Error - 4/7/2012 10:35:51 PM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5216.1128)

Error - 4/7/2012 10:35:51 PM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5216.1129)

Error - 4/7/2012 10:35:58 PM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5216.1128)

Error - 4/7/2012 10:35:58 PM | Computer Name = me-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5216.1129)

[ System Events ]
Error - 4/2/2012 3:41:36 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/2/2012 3:41:36 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/2/2012 3:41:36 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/2/2012 3:41:36 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/2/2012 3:42:58 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/2/2012 3:42:58 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/2/2012 3:45:47 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/2/2012 3:45:47 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/2/2012 4:18:49 PM | Computer Name = me-PC | Source = HTTP | ID = 15016
Description =

Error - 4/2/2012 4:19:00 PM | Computer Name = me-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL logfile created on: 4/17/2012 11:14:35 PM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\me\Downloads\Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 61.82% Memory free
5.94 Gb Paging File | 4.77 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.80 Gb Total Space | 158.47 Gb Free Space | 70.81% Space Free | Partition Type: NTFS
Drive G: | 1.84 Gb Total Space | 1.79 Gb Free Space | 97.24% Space Free | Partition Type: FAT
Drive H: | 465.76 Gb Total Space | 413.62 Gb Free Space | 88.81% Space Free | Partition Type: NTFS

Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 23:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\me\Downloads\Programs\OTL_3.exe
PRC - [2012/04/02 02:55:52 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/16 05:07:14 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/03/07 15:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/08/30 11:06:04 | 019,829,248 | ---- | M] () -- C:\Program Files\Cricket Broadband\A605\Cricket Broadband.exe
PRC - [2010/05/25 06:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/17 10:06:48 | 000,618,800 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/17 23:04:01 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/17 23:03:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/12 01:37:34 | 000,444,400 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 01:37:33 | 003,915,248 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 01:36:08 | 000,122,880 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 01:36:06 | 000,220,672 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 01:36:05 | 001,747,456 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 14:09:35 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/11 14:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/04/11 10:47:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/11 10:47:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/03 14:29:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/04/03 14:29:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012/04/02 02:55:52 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010/08/30 11:06:04 | 019,829,248 | ---- | M] () -- C:\Program Files\Cricket Broadband\A605\Cricket Broadband.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/04/02 02:55:53 | 000,918,880 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/04/01 16:44:30 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/08/27 13:15:26 | 001,605,632 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Cricket Broadband\A605\Mobile Broadband Experience Client\MBBEClient.exe -- (Mobile Broadband Experience Client)
SRV - [2008/10/21 11:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 11:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 11:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 19:21:46 | 000,203,616 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 19:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/10/17 04:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/09 13:58:02 | 000,122,880 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2008/09/08 10:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 10:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 10:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 18:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/01 15:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/12 00:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 00:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/20 02:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 02:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 02:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/07 19:13:32 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/16 09:52:16 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSVsp.sys -- (ACTSVsp)
DRV - [2010/07/16 09:52:12 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSNVsp.sys -- (ACTSNVsp)
DRV - [2010/07/16 09:52:12 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSMdm.sys -- (ACTSMdm)
DRV - [2010/07/16 09:52:12 | 000,106,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSNET.sys -- (ACTSNET)
DRV - [2010/07/16 09:52:08 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSCVsp.sys -- (ACTSCVsp)
DRV - [2010/07/16 09:52:08 | 000,029,384 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACTSFLT.sys -- (ACTSFLT)
DRV - [2010/07/16 09:52:04 | 000,057,160 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSBUS.sys -- (ACTSBUS)
DRV - [2008/10/06 19:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/02 18:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/29 00:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/22 17:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 18:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/27 18:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/09 18:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 18:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 20:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNYR&bmod=SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-02 02:55:54&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/02 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\me\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 00:32:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.1.8_0\
CHR - Extension: Gmail = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA87883F-324A-4A7C-893E-CC1F3FB87DEE}: NameServer = 10.133.20.11 10.132.20.11
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/25 22:18:08 | 000,000,151 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ded098c4-7c52-11e1-a93a-00215dee85c4}\Shell - "" = AutoRun
O33 - MountPoints2\{ded098c4-7c52-11e1-a93a-00215dee85c4}\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 19:48:48 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\kdsskiller
[2012/04/13 04:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/04/11 10:47:40 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/11 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/11 10:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/11 10:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/11 10:30:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/11 10:27:25 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\me\Desktop\tdsskiller.exe
[2012/04/10 08:13:55 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/04/09 06:17:55 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\ElevatedDiagnostics
[2012/04/09 01:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/04/09 01:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/04/09 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\IDM
[2012/04/09 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\DMCache
[2012/04/09 00:31:55 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 00:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 00:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/04/08 10:22:14 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSVsp.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSNVsp.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSMdm.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSCVsp.sys
[2012/04/07 08:26:14 | 000,106,056 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSNET.sys
[2012/04/07 08:26:14 | 000,057,160 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSBUS.sys
[2012/04/07 08:26:14 | 000,029,384 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSFLT.sys
[2012/04/07 08:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ACTScom
[2012/04/07 08:25:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cricket Broadband
[2012/04/07 08:23:00 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2012/04/07 08:23:00 | 000,312,448 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2012/04/07 08:23:00 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2012/04/07 08:23:00 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2012/04/07 08:23:00 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2012/04/07 08:22:53 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cricket
[2012/04/07 08:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Cricket
[2012/04/06 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Intel
[2012/04/06 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Adobe
[2012/04/06 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Auslogics
[2012/04/06 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Cricket
[2012/04/03 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Games
[2012/04/03 14:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/04/03 10:52:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/03 05:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/03 05:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/02 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\InterVideo
[2012/04/02 17:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/04/02 17:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/04/02 17:36:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/04/02 16:32:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/04/02 12:38:54 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\OneNote Notebooks
[2012/04/02 12:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/02 07:27:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/04/02 04:30:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Help
[2012/04/02 03:05:51 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/04/02 03:05:51 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/04/02 03:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/02 03:05:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/04/02 03:05:48 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/04/02 03:05:48 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/04/02 03:05:46 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/04/02 03:04:54 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/04/02 03:04:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/02 03:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/02 03:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/02 02:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/04/02 02:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/02 02:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/04/01 17:30:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/04/01 17:18:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/04/01 17:18:21 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/04/01 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/04/01 17:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/04/01 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/01 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/04/01 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD
[2012/04/01 17:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2012/04/01 17:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2012/04/01 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 2
[2012/04/01 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update 4
[2012/04/01 17:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2012/04/01 17:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2012/04/01 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2012/04/01 17:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Easy Media Creator 10 LJ
[2012/04/01 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2012/04/01 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/04/01 17:06:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2012/04/01 17:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
[2012/04/01 17:06:56 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\ArcSoftKsUFilter.dll
[2012/04/01 17:06:56 | 000,017,920 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
[2012/04/01 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/01 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/01 17:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
[2012/04/01 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/01 17:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Wireless Wizard
[2012/04/01 16:59:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Video & Photo Suite
[2012/04/01 16:58:35 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Google
[2012/04/01 16:57:49 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Apps
[2012/04/01 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Deployment
[2012/04/01 16:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012/04/01 16:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\OCA Marker
[2012/04/01 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Macromedia
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Adobe
[2012/04/01 16:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2012/04/01 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/04/01 16:53:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/04/01 16:52:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/01 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/01 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Cricket Broadband
[2012/04/01 16:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/04/01 16:51:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/01 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/04/01 16:50:09 | 003,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf300.dll
[2012/04/01 16:50:09 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\acXMLParser.dll
[2012/04/01 16:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/01 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 10
[2012/04/01 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2012/04/01 16:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/01 16:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/04/01 16:46:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/01 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/01 16:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012/04/01 16:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Recovery Center
[2012/04/01 16:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/01 16:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys
[2012/04/01 16:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Cricket Broadband
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\Searches
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/01 16:39:18 | 000,000,000 | R--D | C] -- C:\Users\me\Contacts
[2012/04/01 16:39:07 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\VirtualStore
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Temporary Internet Files
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Templates
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Start Menu
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\SendTo
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Recent
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\PrintHood
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\NetHood
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Videos
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Pictures
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Music
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\My Documents
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Local Settings
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\History
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Cookies
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Application Data
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Application Data
[2012/04/01 16:39:05 | 000,000,000 | --SD | C] -- C:\Users\me\AppData\Roaming\Microsoft
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Videos
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Saved Games
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Pictures
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Music
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Links
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Favorites
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Downloads
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Documents
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Desktop
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/01 16:39:05 | 000,000,000 | -H-D | C] -- C:\Users\me\AppData
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Temp
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\Roaming
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft
[2012/04/01 16:34:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/04/17 23:09:43 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/17 23:09:43 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/17 23:03:25 | 000,002,567 | ---- | M] () -- C:\Users\me\Desktop\Cricket Broadband A605.lnk
[2012/04/17 23:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 23:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 23:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/17 23:02:48 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 19:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000UA.job
[2012/04/17 17:03:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000Core.job
[2012/04/16 19:04:32 | 000,002,027 | ---- | M] () -- C:\Users\me\Desktop\Google Chrome.lnk
[2012/04/16 19:04:32 | 000,001,989 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/12 14:23:20 | 000,003,036 | ---- | M] () -- C:\Windows\.a605sms.db
[2012/04/12 14:17:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/11 10:47:08 | 000,001,800 | ---- | M] () -- C:\Users\me\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/11 10:27:45 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\me\Desktop\tdsskiller.exe
[2012/04/11 04:31:19 | 000,002,604 | ---- | M] () -- C:\Windows\.a605sms.bak
[2012/04/10 14:07:00 | 000,003,584 | ---- | M] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/08 10:50:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/06 20:14:00 | 000,001,061 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/04/06 19:51:10 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/04/03 14:41:15 | 000,000,943 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/03 14:27:49 | 000,344,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/03 14:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/03 11:57:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/04/03 11:57:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/04/03 11:57:16 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/02 22:49:59 | 000,000,938 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/02 12:56:50 | 000,003,656 | -HS- | M] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/04/02 03:05:51 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/01 17:33:16 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/04/01 17:28:35 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2012/04/01 17:25:41 | 042,926,080 | ---- | M] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012/04/01 17:25:40 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf
[2012/04/01 17:25:40 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
[2012/04/01 17:13:38 | 000,000,000 | ---- | M] () -- C:\Windows\VAIOUpdt.INI
[2012/04/01 16:55:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:25 | 000,000,000 | RH-- | M] () -- C:\Windows\System32\drivers\Sony_VGN-NS240E.mrk
[2012/04/01 16:50:11 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini

========== Files Created - No Company Name ==========

[2012/04/12 14:17:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/12 08:56:33 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/11 10:47:08 | 000,001,800 | ---- | C] () -- C:\Users\me\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/10 14:07:00 | 000,003,584 | ---- | C] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 01:34:27 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/07 08:25:36 | 000,002,567 | ---- | C] () -- C:\Users\me\Desktop\Cricket Broadband A605.lnk
[2012/04/06 20:14:00 | 000,001,061 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/04/06 18:21:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/04/03 14:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/03 11:57:16 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/02 22:49:59 | 000,000,938 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/02 16:30:03 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/04/02 16:29:59 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/04/02 16:29:45 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/04/02 16:29:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/02 16:29:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/02 16:29:38 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/04/02 16:29:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/04/02 16:29:07 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/04/02 16:29:03 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/04/02 16:27:58 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/04/02 12:56:50 | 000,004,960 | -HS- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2
[2012/04/02 12:56:50 | 000,003,656 | -HS- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/04/02 04:03:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/04/02 04:03:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/04/02 04:03:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/04/02 03:43:30 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/04/02 03:05:51 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/01 17:28:34 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2012/04/01 17:21:42 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf
[2012/04/01 17:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
[2012/04/01 17:21:41 | 042,926,080 | ---- | C] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012/04/01 17:21:24 | 000,000,230 | ---- | C] () -- C:\Users\Public\Desktop\VAIO Help and Registration.lnk
[2012/04/01 17:13:38 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2012/04/01 17:12:40 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012/04/01 17:11:27 | 000,002,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/04/01 17:06:45 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc Editor.lnk
[2012/04/01 17:05:20 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc.lnk
[2012/04/01 17:05:20 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Content Exporter.lnk
[2012/04/01 17:05:01 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012/04/01 17:03:22 | 000,002,027 | ---- | C] () -- C:\Users\me\Desktop\Google Chrome.lnk
[2012/04/01 17:03:22 | 000,001,989 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/01 17:02:17 | 000,001,579 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Startup Assistant.lnk
[2012/04/01 17:00:48 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO MusicBox.lnk
[2012/04/01 16:59:27 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Movie Story.lnk
[2012/04/01 16:58:38 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000UA.job
[2012/04/01 16:58:38 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000Core.job
[2012/04/01 16:57:52 | 000,001,809 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2012/04/01 16:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:25 | 000,000,000 | RH-- | C] () -- C:\Windows\System32\drivers\Sony_VGN-NS240E.mrk
[2012/04/01 16:54:05 | 000,000,943 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/01 16:51:19 | 000,003,036 | ---- | C] () -- C:\Windows\.a605sms.db
[2012/04/01 16:51:19 | 000,002,604 | ---- | C] () -- C:\Windows\.a605sms.bak
[2012/04/01 16:50:16 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks Simple Start 2009.lnk
[2012/04/01 16:48:37 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/01 16:47:00 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/04/01 16:46:43 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/04/01 16:39:30 | 000,000,949 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/01 16:39:28 | 000,000,944 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/01 16:39:17 | 000,000,915 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/04/01 16:39:05 | 000,000,258 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/01 16:39:05 | 000,000,240 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== LOP Check ==========

[2012/04/06 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Auslogics
[2012/04/06 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Cricket
[2012/04/01 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Cricket Broadband
[2012/04/17 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\DMCache
[2012/04/09 12:40:39 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\IDM
[2012/04/17 19:35:02 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL logfile created on: 4/17/2012 11:14:35 PM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\me\Downloads\Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 61.82% Memory free
5.94 Gb Paging File | 4.77 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.80 Gb Total Space | 158.47 Gb Free Space | 70.81% Space Free | Partition Type: NTFS
Drive G: | 1.84 Gb Total Space | 1.79 Gb Free Space | 97.24% Space Free | Partition Type: FAT
Drive H: | 465.76 Gb Total Space | 413.62 Gb Free Space | 88.81% Space Free | Partition Type: NTFS

Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 23:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\me\Downloads\Programs\OTL_3.exe
PRC - [2012/04/02 02:55:52 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/16 05:07:14 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/03/07 15:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/08/30 11:06:04 | 019,829,248 | ---- | M] () -- C:\Program Files\Cricket Broadband\A605\Cricket Broadband.exe
PRC - [2010/05/25 06:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/17 10:06:48 | 000,618,800 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/17 23:04:01 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/17 23:03:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/12 01:37:34 | 000,444,400 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 01:37:33 | 003,915,248 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 01:36:08 | 000,122,880 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 01:36:06 | 000,220,672 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 01:36:05 | 001,747,456 | ---- | M] () -- C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 14:09:35 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/11 14:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/04/11 10:47:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/11 10:47:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/03 14:29:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/04/03 14:29:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012/04/02 02:55:52 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010/08/30 11:06:04 | 019,829,248 | ---- | M] () -- C:\Program Files\Cricket Broadband\A605\Cricket Broadband.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/04/02 02:55:53 | 000,918,880 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/04/01 16:44:30 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/08/27 13:15:26 | 001,605,632 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Cricket Broadband\A605\Mobile Broadband Experience Client\MBBEClient.exe -- (Mobile Broadband Experience Client)
SRV - [2008/10/21 11:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 11:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 11:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 19:21:46 | 000,203,616 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 19:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/10/17 04:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/09 13:58:02 | 000,122,880 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2008/09/08 10:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 10:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 10:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 18:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/01 15:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/12 00:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 00:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/20 02:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 02:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 02:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/07 19:13:32 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/16 09:52:16 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSVsp.sys -- (ACTSVsp)
DRV - [2010/07/16 09:52:12 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSNVsp.sys -- (ACTSNVsp)
DRV - [2010/07/16 09:52:12 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSMdm.sys -- (ACTSMdm)
DRV - [2010/07/16 09:52:12 | 000,106,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSNET.sys -- (ACTSNET)
DRV - [2010/07/16 09:52:08 | 000,168,008 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSCVsp.sys -- (ACTSCVsp)
DRV - [2010/07/16 09:52:08 | 000,029,384 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACTSFLT.sys -- (ACTSFLT)
DRV - [2010/07/16 09:52:04 | 000,057,160 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ACTSBUS.sys -- (ACTSBUS)
DRV - [2008/10/06 19:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/02 18:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/29 00:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/22 17:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 18:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/27 18:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/09 18:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 18:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 20:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNYR&bmod=SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-02 02:55:54&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/02 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\me\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 00:32:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\me\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\me\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.1.8_0\
CHR - Extension: Gmail = C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1578479312-3177138092-2985492627-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA87883F-324A-4A7C-893E-CC1F3FB87DEE}: NameServer = 10.133.20.11 10.132.20.11
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/25 22:18:08 | 000,000,151 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ded098c4-7c52-11e1-a93a-00215dee85c4}\Shell - "" = AutoRun
O33 - MountPoints2\{ded098c4-7c52-11e1-a93a-00215dee85c4}\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 19:48:48 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\kdsskiller
[2012/04/13 04:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/04/11 10:47:40 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/11 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/11 10:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/11 10:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/11 10:30:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/11 10:27:25 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\me\Desktop\tdsskiller.exe
[2012/04/10 08:13:55 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/04/09 06:17:55 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\ElevatedDiagnostics
[2012/04/09 01:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/04/09 01:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/04/09 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\IDM
[2012/04/09 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\DMCache
[2012/04/09 00:31:55 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 00:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 00:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/04/08 10:22:14 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSVsp.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSNVsp.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSMdm.sys
[2012/04/07 08:26:14 | 000,168,008 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ACTSCVsp.sys
[2012/04/07 08:26:14 | 000,106,056 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSNET.sys
[2012/04/07 08:26:14 | 000,057,160 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSBUS.sys
[2012/04/07 08:26:14 | 000,029,384 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\ACTSFLT.sys
[2012/04/07 08:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ACTScom
[2012/04/07 08:25:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cricket Broadband
[2012/04/07 08:23:00 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2012/04/07 08:23:00 | 000,312,448 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2012/04/07 08:23:00 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2012/04/07 08:23:00 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2012/04/07 08:23:00 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2012/04/07 08:22:53 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cricket
[2012/04/07 08:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Cricket
[2012/04/06 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Intel
[2012/04/06 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Adobe
[2012/04/06 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Auslogics
[2012/04/06 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Cricket
[2012/04/03 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Games
[2012/04/03 14:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/04/03 10:52:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/03 05:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/03 05:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/02 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\InterVideo
[2012/04/02 17:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/04/02 17:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/04/02 17:36:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/04/02 16:32:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/04/02 12:38:54 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\OneNote Notebooks
[2012/04/02 12:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/02 07:27:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/04/02 04:30:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Help
[2012/04/02 03:05:51 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/04/02 03:05:51 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/04/02 03:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/02 03:05:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/04/02 03:05:48 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/04/02 03:05:48 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/04/02 03:05:46 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/04/02 03:04:54 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/04/02 03:04:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/02 03:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/02 03:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/02 02:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/04/02 02:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/02 02:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/04/01 17:30:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/04/01 17:18:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/04/01 17:18:21 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/04/01 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/04/01 17:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/04/01 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/01 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/04/01 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD
[2012/04/01 17:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2012/04/01 17:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2012/04/01 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 2
[2012/04/01 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update 4
[2012/04/01 17:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2012/04/01 17:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2012/04/01 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2012/04/01 17:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Easy Media Creator 10 LJ
[2012/04/01 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2012/04/01 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/04/01 17:06:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2012/04/01 17:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
[2012/04/01 17:06:56 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\ArcSoftKsUFilter.dll
[2012/04/01 17:06:56 | 000,017,920 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
[2012/04/01 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/01 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/01 17:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
[2012/04/01 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/01 17:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Wireless Wizard
[2012/04/01 16:59:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Video & Photo Suite
[2012/04/01 16:58:35 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Google
[2012/04/01 16:57:49 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Apps
[2012/04/01 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Deployment
[2012/04/01 16:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012/04/01 16:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\OCA Marker
[2012/04/01 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Macromedia
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/04/01 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Adobe
[2012/04/01 16:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2012/04/01 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/04/01 16:53:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/04/01 16:52:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/01 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/01 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Cricket Broadband
[2012/04/01 16:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/04/01 16:51:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/01 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/04/01 16:50:09 | 003,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf300.dll
[2012/04/01 16:50:09 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\acXMLParser.dll
[2012/04/01 16:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2012/04/01 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/01 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 10
[2012/04/01 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2012/04/01 16:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/01 16:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/04/01 16:46:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/01 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/01 16:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012/04/01 16:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Recovery Center
[2012/04/01 16:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/01 16:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys
[2012/04/01 16:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Cricket Broadband
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\Searches
[2012/04/01 16:39:29 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/01 16:39:18 | 000,000,000 | R--D | C] -- C:\Users\me\Contacts
[2012/04/01 16:39:07 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\VirtualStore
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Temporary Internet Files
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Templates
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Start Menu
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\SendTo
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Recent
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\PrintHood
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\NetHood
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Videos
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Pictures
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Music
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\My Documents
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Local Settings
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\History
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Cookies
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\Application Data
[2012/04/01 16:39:06 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Application Data
[2012/04/01 16:39:05 | 000,000,000 | --SD | C] -- C:\Users\me\AppData\Roaming\Microsoft
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Videos
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Saved Games
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Pictures
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Music
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Links
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Favorites
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Downloads
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Documents
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\Desktop
[2012/04/01 16:39:05 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/01 16:39:05 | 000,000,000 | -H-D | C] -- C:\Users\me\AppData
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Temp
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\Roaming
[2012/04/01 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft
[2012/04/01 16:34:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/04/17 23:09:43 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/17 23:09:43 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/17 23:03:25 | 000,002,567 | ---- | M] () -- C:\Users\me\Desktop\Cricket Broadband A605.lnk
[2012/04/17 23:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 23:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 23:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/17 23:02:48 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 19:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000UA.job
[2012/04/17 17:03:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000Core.job
[2012/04/16 19:04:32 | 000,002,027 | ---- | M] () -- C:\Users\me\Desktop\Google Chrome.lnk
[2012/04/16 19:04:32 | 000,001,989 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/12 14:23:20 | 000,003,036 | ---- | M] () -- C:\Windows\.a605sms.db
[2012/04/12 14:17:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/11 10:47:08 | 000,001,800 | ---- | M] () -- C:\Users\me\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/11 10:27:45 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\me\Desktop\tdsskiller.exe
[2012/04/11 04:31:19 | 000,002,604 | ---- | M] () -- C:\Windows\.a605sms.bak
[2012/04/10 14:07:00 | 000,003,584 | ---- | M] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/08 10:50:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/06 20:14:00 | 000,001,061 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/04/06 19:51:10 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/04/03 14:41:15 | 000,000,943 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/03 14:27:49 | 000,344,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/03 14:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/03 11:57:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/04/03 11:57:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/04/03 11:57:16 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/02 22:49:59 | 000,000,938 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/02 12:56:50 | 000,003,656 | -HS- | M] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/04/02 03:05:51 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/01 17:33:16 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/04/01 17:28:35 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2012/04/01 17:25:41 | 042,926,080 | ---- | M] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012/04/01 17:25:40 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf
[2012/04/01 17:25:40 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
[2012/04/01 17:13:38 | 000,000,000 | ---- | M] () -- C:\Windows\VAIOUpdt.INI
[2012/04/01 16:55:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:25 | 000,000,000 | RH-- | M] () -- C:\Windows\System32\drivers\Sony_VGN-NS240E.mrk
[2012/04/01 16:50:11 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini

========== Files Created - No Company Name ==========

[2012/04/12 14:17:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/12 08:56:33 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/11 10:47:08 | 000,001,800 | ---- | C] () -- C:\Users\me\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/10 14:07:00 | 000,003,584 | ---- | C] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 01:34:27 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/07 08:25:36 | 000,002,567 | ---- | C] () -- C:\Users\me\Desktop\Cricket Broadband A605.lnk
[2012/04/06 20:14:00 | 000,001,061 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/04/06 18:21:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/04/03 14:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/03 11:57:16 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/02 22:49:59 | 000,000,938 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/02 16:30:03 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/04/02 16:29:59 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/04/02 16:29:45 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/04/02 16:29:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/02 16:29:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/02 16:29:38 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/04/02 16:29:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/04/02 16:29:07 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/04/02 16:29:03 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/04/02 16:27:58 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/04/02 12:56:50 | 000,004,960 | -HS- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2
[2012/04/02 12:56:50 | 000,003,656 | -HS- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/04/02 04:03:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/04/02 04:03:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/04/02 04:03:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/04/02 03:43:30 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/04/02 03:05:51 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/01 17:28:34 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2012/04/01 17:21:42 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf
[2012/04/01 17:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
[2012/04/01 17:21:41 | 042,926,080 | ---- | C] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012/04/01 17:21:24 | 000,000,230 | ---- | C] () -- C:\Users\Public\Desktop\VAIO Help and Registration.lnk
[2012/04/01 17:13:38 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2012/04/01 17:12:40 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012/04/01 17:11:27 | 000,002,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/04/01 17:06:45 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc Editor.lnk
[2012/04/01 17:05:20 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc.lnk
[2012/04/01 17:05:20 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Content Exporter.lnk
[2012/04/01 17:05:01 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012/04/01 17:03:22 | 000,002,027 | ---- | C] () -- C:\Users\me\Desktop\Google Chrome.lnk
[2012/04/01 17:03:22 | 000,001,989 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/01 17:02:17 | 000,001,579 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Startup Assistant.lnk
[2012/04/01 17:00:48 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO MusicBox.lnk
[2012/04/01 16:59:27 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Movie Story.lnk
[2012/04/01 16:58:38 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000UA.job
[2012/04/01 16:58:38 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578479312-3177138092-2985492627-1000Core.job
[2012/04/01 16:57:52 | 000,001,809 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2012/04/01 16:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\104D_SONY_VGN-NS240E.mrk
[2012/04/01 16:55:25 | 000,000,000 | RH-- | C] () -- C:\Windows\System32\drivers\Sony_VGN-NS240E.mrk
[2012/04/01 16:54:05 | 000,000,943 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/01 16:51:19 | 000,003,036 | ---- | C] () -- C:\Windows\.a605sms.db
[2012/04/01 16:51:19 | 000,002,604 | ---- | C] () -- C:\Windows\.a605sms.bak
[2012/04/01 16:50:16 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks Simple Start 2009.lnk
[2012/04/01 16:48:37 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/01 16:47:00 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/04/01 16:46:43 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/04/01 16:39:30 | 000,000,949 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/01 16:39:28 | 000,000,944 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/01 16:39:17 | 000,000,915 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/04/01 16:39:05 | 000,000,258 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/01 16:39:05 | 000,000,240 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== LOP Check ==========

[2012/04/06 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Auslogics
[2012/04/06 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Cricket
[2012/04/01 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Cricket Broadband
[2012/04/17 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\DMCache
[2012/04/09 12:40:39 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\IDM
[2012/04/17 19:35:02 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
The most dangerous of the "decompression bombs" is the name. It just means that it will extract to a very large file. It's not necessarily malware, most of the times it isn't.

I don't see any malicious items in your OTL log. Are you still experiencing any symptoms that you think are caused by malware? :)
  • 0

#6
rjd159

rjd159

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
My apologies for not getting back here sooner, it has been a hectic week. This is the report by avast on the 18th that has me worried and i do not know where to begin or how to fix please advise. Our laptop is running well for the most part but it does seem to become sluggish after a relatively slow period of time. I hope i am not overreacting but this report has me worried.
Thank you for taking the time to review. We appreciate it very much.

Sincerely,
Robert,



04/02/2012 17:55
Scan of all local drives

File H:\DEF-PC\Backup Set 2009-08-03 071921\Backup Files 2009-08-03 071921\Backup files 7.zip|>C\Program Files\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab|>tx12_pdf.dll Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOEPLG.DLL] is infected by Win32:Mywebsearch-R [PUP], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOESTB.DLL] is infected by Win32:Mywebsearch-R [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SKIN.DLL] is infected by Win32:Mywebsearch-S [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3PLUGIN.DLL] is infected by Win32:Mywebsearch-X [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3POPSWT.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HTMLMU.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3REPROX.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCRCTR.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCHMON.EXE] is infected by Win32:FunWeb-B [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SLSRCH.EXE] is infected by Win32:PUP-gen [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SRCHMN.EXE] is infected by Win32:PUP-gen [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HKSTUB.DLL] is infected by Win32:Mywebsearch-Q [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3AUXSTB.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#NPMYWEBS.DLL] is infected by Win32:Mywebsearch-Q [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe|>mwsSetup.CommonCodebase.exe is infected by Win32:Mywebsearch-Q [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts\Installr\Cache\000AE3E8.exe is infected by Win32:Mywebsearch-X [PUP], Moved to chest
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\120220012411867.rsc|>120220012411867-000722.file|>.\.\.\NDP40-KB2600217.msp Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab|>110 Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-009698.file|>Setup.exe Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-012054.file|>mpasbase.vdm Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-003728.file is infected by Win32:Adloader-AC [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-004711.file|>f3EzSetp.Kazulah.dll is infected by Win32:FunWeb [PUP], Move to chest: Error 42110 {The file is a decompression bomb.}, Repair: Error 42060 {The file was not repaired.}, Delete: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Move to chest: Error 42110 {The file is a decompression bomb.}, Delete: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-004711.file is infected by Win32:Adware-gen [Adw], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-011510.file|>f3EzSetp.Kazulah.dll is infected by Win32:FunWeb [PUP], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-011510.file is infected by Win32:Adware-gen [Adw], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100319032208786.rsc|>100319032208786-004641.file|>mso.msp Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab|>110 Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu Error 42127 {CAB archive is corrupted.}
File H:\WHATSTHATSMELLL\Backup Set 2009-06-28 224955\Backup Files 2009-06-28 224955\Backup files 24.zip|>C\Program Files\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab|>tx12_pdf.dll Error 42127 {CAB archive is corrupted.}
Number of searched folders: 28244
Number of tested files: 923515
Number of infected files: 21

----------------------------------------
04/10/2012 06:12
Scan of all local drives

Number of searched folders: 19520
Number of tested files: 412416
Number of infected files: 0

----------------------------------------
04/11/2012 05:47
Scan of all local drives


Scanning aborted
Number of searched folders: 3
Number of tested files: 28
Number of infected files: 0

----------------------------------------
04/12/2012 08:59
Scan of all local drives

File C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 19931
Number of tested files: 1066658
Number of infected files: 0

----------------------------------------
04/14/2012 03:55
Scan of all local drives

Number of searched folders: 20008
Number of tested files: 1065141
Number of infected files: 0

----------------------------------------
04/17/2012 13:10
Scan of all local drives


Scanning aborted
Number of searched folders: 3
Number of tested files: 10
Number of infected files: 0

----------------------------------------
04/18/2012 13:17
Scan of all local drives

File H:\DEF-PC\Backup Set 2009-08-03 071921\Backup Files 2009-08-03 071921\Backup files 7.zip|>C\Program Files\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab|>tx12_pdf.dll Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\120220012411867.rsc|>120220012411867-000722.file|>.\.\.\NDP40-KB2600217.msp Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab|>110 Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-009698.file|>Setup.exe Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-012054.file|>mpasbase.vdm Error 42127 {CAB archive is corrupted.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-004711.file|>f3EzSetp.Kazulah.dll is infected by Win32:FunWeb [PUP], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-004711.file is infected by Win32:Adware-gen [Adw], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-011510.file|>f3EzSetp.Kazulah.dll is infected by Win32:FunWeb [PUP], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc|>100205192214069-011510.file is infected by Win32:Adware-gen [Adw], Move to chest: Error 42110 {The file is a decompression bomb.}
File H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100319032208786.rsc|>100319032208786-004641.file|>mso.msp Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab|>110 Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu|>Windows6.0-KB944036-x86.cab Error 42127 {CAB archive is corrupted.}
File H:\Seagate Sync\VOL\Personal folder\Downloads\IE8-WindowsVista-x86-ENU.exe|>ie8.msu Error 42127 {CAB archive is corrupted.}
File H:\WHATSTHATSMELLL\Backup Set 2009-06-28 224955\Backup Files 2009-06-28 224955\Backup files 24.zip|>C\Program Files\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab|>tx12_pdf.dll Error 42127 {CAB archive is corrupted.}
Number of searched folders: 25579
Number of tested files: 1592688
Number of infected files: 4

  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
The files avast detected are all present in back-up files. They're not active infections.

This should delete them:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    H:\Seagate Backup\DEF-PC (1)\C\Users\DEF\AppData\LocalLow\FunWebProducts
    H:\Seagate Backup\DEF-PC (1)\History\Level2\C\Users\DEF\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\100205192214069.rsc
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Once you've done the above, we're done as far as I'm concerned.

The following tools clean-ups some of the tools we used:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

  • 0

#8
rjd159

rjd159

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
i barely made it here after executing exactly as you typed.. all i did was copy and paste run the fix . laptop rebooted . then had avast do a full system scan and on reboot. my computer lost control windows and many more programs just began shutting down. task manager showed 99% comp usage first couple of minutes then the shut down ends up at zero use and a mouse cursor that can do nothing to a useless screen with left over hazed out programs trying to execute.,


I understand that you said in your last communication " as far as you were concerned you were done." please rethink that or ( if such options exist) re - direct me to another person , site or resource that may consider a different approach.



Again thank you in advance for your time effort and consideration\





Robert Dunn

Attached Files


Edited by rjd159, 22 April 2012 - 06:45 AM.

  • 0

#9
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
You can start a new topic here if you want. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP